Formal verification of Account (7702+7579)

Author: Amxx

certora/harnesses/AccountHarness.sol

@@ -0,0 +1,13 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.26;
+
+import {AccountERC7702WithModulesMock} from "../patched/mocks/account/AccountMock.sol";
+import {EIP712} from "../patched/utils/cryptography/EIP712.sol";
+
+contract AccountHarness is AccountERC7702WithModulesMock {
+    constructor(string memory name, string memory version) EIP712(name, version) {}
+
+    function getFallbackHandler(uint32 selector) external view returns (address) {
+        return _fallbackHandler(bytes4(selector));
+    }
+}

certora/run.js

@@ -14,7 +14,7 @@ import path from 'path';
 import yargs from 'yargs';
 import { hideBin } from 'yargs/helpers';
 import pLimit from 'p-limit';
-import fs from 'fs/promises';
+import fs from 'fs';
 
 const argv = yargs(hideBin(process.argv))
   .env('')

certora/specs.json

@@ -106,5 +106,11 @@
     "spec": "Nonces",
     "contract": "NoncesHarness",
     "files": ["certora/harnesses/NoncesHarness.sol"]
+  },
+  {
+    "spec": "Account",
+    "contract": "AccountHarness",
+    "files": ["certora/harnesses/AccountHarness.sol"],
+    "options": ["--optimistic_loop"]
   }
 ]

certora/specs/Account.spec

@@ -0,0 +1,109 @@
+import "helpers/helpers.spec";
+import "methods/IAccount.spec";
+
+/*
+┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
+│                                                  Module management                                                  │
+└─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
+*/
+rule moduleManagementRule(
+    env e,
+    method f,
+    calldataarg args,
+    uint256 moduleTypeId,
+    address module,
+    bytes additionalContext
+) {
+    bytes context;
+    require context.length == 0;
+
+    bool isEntryPoint = e.msg.sender == entryPoint();
+    bool isEntryPointOrSelf = e.msg.sender == entryPoint() || e.msg.sender == currentContract;
+    bool isExecutionModule = isModuleInstalled(2, e.msg.sender, context);
+
+    bool isModuleInstalledBefore = isModuleInstalled(moduleTypeId, module, additionalContext);
+    f(e, args);
+    bool isModuleInstalledAfter = isModuleInstalled(moduleTypeId, module, additionalContext);
+
+    assert (
+        isModuleInstalledBefore != isModuleInstalledAfter
+    ) => (
+        (
+            f.selector == sig:execute(bytes32,bytes).selector  &&
+            isEntryPointOrSelf
+        ) || (
+            f.selector == sig:executeFromExecutor(bytes32,bytes).selector &&
+            isExecutionModule
+        ) || (
+            f.selector == sig:installModule(uint256,address,bytes).selector &&
+            isEntryPointOrSelf
+        ) || (
+            f.selector == sig:uninstallModule(uint256,address,bytes).selector &&
+            isEntryPointOrSelf
+        )
+    );
+}
+
+/*
+┌─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┐
+│                                                     CALL OPCODE                                                     │
+└─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
+*/
+ghost bool    call;
+ghost address call_target;
+ghost uint256 call_value;
+ghost uint256 call_argsLength;
+
+hook CALL(uint256 gas, address target, uint256 value, uint256 argsOffset, uint256 argsLength, uint256 retOffset, uint256 retLength) uint256 rc {
+    call = true;
+    call_target = target;
+    call_value = value;
+    call_argsLength = argsLength;
+}
+
+rule callOpcodeRule(
+    env e,
+    method f,
+    calldataarg args
+) {
+    require !call;
+
+    bytes context;
+    require context.length == 0;
+
+    bool isEntryPoint = e.msg.sender == entryPoint();
+    bool isEntryPointOrSelf = e.msg.sender == entryPoint() || e.msg.sender == currentContract;
+    bool isExecutionModule = isModuleInstalled(2, e.msg.sender, context);
+    address fallbackHandler = getFallbackHandler(f.selector);
+
+    f(e, args);
+
+    assert call => (
+        (
+            f.selector == sig:execute(bytes32,bytes).selector &&
+            isEntryPointOrSelf
+        ) || (
+            f.selector == sig:executeFromExecutor(bytes32,bytes).selector &&
+            isExecutionModule
+        ) || (
+            f.selector == sig:installModule(uint256,address,bytes).selector &&
+            isEntryPointOrSelf
+        ) || (
+            f.selector == sig:uninstallModule(uint256,address,bytes).selector &&
+            isEntryPointOrSelf
+        ) || (
+            f.selector == sig:validateUserOp(Account.PackedUserOperation,bytes32,uint256).selector &&
+            isEntryPoint &&
+            (
+                // payPrefund (target is entryPoint and argsLength is 0)
+                (call_target == entryPoint() && call_argsLength == 0 && call_value > 0)
+                ||
+                // isValidSignatureWithSender (target is as validation module)
+                (isModuleInstalled(1, call_target, context))
+            )
+        ) || (
+            fallbackHandler != 0 &&
+            call_target == fallbackHandler
+        )
+    );
+}

certora/specs/methods/IAccount.spec

@@ -0,0 +1,37 @@
+methods {
+    // Account
+    function entryPoint()                                                      external returns (address) envfree;
+    function getNonce()                                                        external returns (uint256) envfree;
+    function getNonce(uint192)                                                 external returns (uint256) envfree;
+    function validateUserOp(Account.PackedUserOperation,bytes32,uint256)       external returns (uint256);
+
+    // IERC1271
+    function isValidSignature(bytes32,bytes)                                   external returns (bytes4);
+
+    // IERC7579AccountConfig
+    function accountId()                                                       external returns (string)  envfree;
+    function supportsExecutionMode(bytes32)                                    external returns (bool)    envfree;
+    function supportsModule(uint256)                                           external returns (bool)    envfree;
+
+    // IERC7579ModuleConfig
+    function installModule(uint256,address,bytes)                              external;
+    function uninstallModule(uint256,address,bytes)                            external;
+    function isModuleInstalled(uint256,address,bytes)                          external returns (bool)    envfree;
+
+    // IERC7579Execution
+    function execute(bytes32,bytes)                                            external;
+    function executeFromExecutor(bytes32,bytes)                                external returns (bytes[]);
+
+    // IERC721Receiver
+    function onERC721Received(address,address,uint256,bytes)                   external returns (bytes4)  envfree;
+
+    // IERC1155Receiver
+    function onERC1155Received(address,address,uint256,uint256,bytes)          external returns (bytes4)  envfree;
+    function onERC1155BatchReceived(address,address,uint256[],uint256[],bytes) external returns (bytes4)  envfree;
+
+    // IERC165
+    function supportsInterface(bytes4)                                         external returns (bool)    envfree;
+
+    // Harness
+    function getFallbackHandler(uint32)                                        external returns (address) envfree;
+}

fv-requirements.txt

@@ -1,4 +1,4 @@
-certora-cli==4.13.1
+certora-cli==7.31.0
 # File uses a custom name (fv-requirements.txt) so that it isn't picked by Netlify's build
 # whose latest Python version is 0.3.8, incompatible with most recent versions of Halmos
 halmos==0.3.0