hifi icon indicating copy to clipboard operation
hifi copied to clipboard

Published 20 hours ago verified publisher icon hifi-finance

[amm] Prove construction safety for "hTokenOutForUnderlyingIn" and "underlyingOutForHTokenIn"

Open PaulRBerg opened this issue 3 years ago • 2 comments

Problem Statement

In the hTokenOutForUnderlyingIn and the underlyingOutForHTokenIn functions, the last operation is a subtraction:

hTokenOut = hTokenReserves - newHTokenReserves;

And:

normalizedUnderlyingOut = normalizedUnderlyingReserves - newNormalizedUnderlyingReserves;

The task is to derive a mathematical proof that it is not possible for this subtraction to revert.

Suggestions

  • Hack around with Mathematica. Build on top of my set of inequalities.
  • Use Echidna to fuzz the inputs and see if the fuzzer can find anything. Add an "assert" statement to let Echidna know that "hTokenReserves" must be greater than or equal to "newHTokenReserves", ditto for the other two vars.

PaulRBerg avatar May 20 '21 17:05 PaulRBerg

Note that since this hasn't been proved mathematically yet, I added a require statement right before the last operation of both "hTokenOutForUnderlyingIn" and "underlyingOutForHTokenIn". But I didn't write tests that cover this require branch because I don't know any inputs which can trigger it.

PaulRBerg avatar May 20 '21 17:05 PaulRBerg

Benson worked on this and came up with a beautiful explanation for why this construction is safe in the realm of pure mathematics. Now the question is to prove whether Solidity’s inevitable rounding errors don’t break the purely mathematical logic.

Construction_Safety_for_OutForIn_Functions.pdf

PaulRBerg avatar Jan 31 '22 20:01 PaulRBerg