Skip to content

[Certora] canForceDeallocateZero#894

Open
bhargavbh wants to merge 52 commits intomainfrom
certora/forceDeallocate
Open

[Certora] canForceDeallocateZero#894
bhargavbh wants to merge 52 commits intomainfrom
certora/forceDeallocate

Conversation

@bhargavbh
Copy link
Contributor

@bhargavbh bhargavbh commented Feb 11, 2026
edited
Loading

assume the adapter's deallocate does not revert and show forceDeallocate with assets=0 does not revert.

@bhargavbh bhargavbh changed the title new rule: canForceDeallocate [certora] canForceDeallocate Feb 16, 2026
@bhargavbh bhargavbh self-assigned this Feb 18, 2026
@bhargavbh bhargavbh changed the title [certora] canForceDeallocate [certora] canForceDeallocateZero Feb 20, 2026
@bhargavbh bhargavbh marked this pull request as ready for review February 20, 2026 14:17
QGarchery
QGarchery reviewed Feb 20, 2026
View reviewed changes
QGarchery
QGarchery reviewed Mar 10, 2026
View reviewed changes
@bhargavbh bhargavbh requested a review from lilCertora March 11, 2026 14:12
lilCertora
lilCertora reviewed Mar 11, 2026
View reviewed changes
lilCertora
lilCertora reviewed Mar 11, 2026
View reviewed changes
lilCertora
lilCertora reviewed Mar 11, 2026
View reviewed changes
@bhargavbh bhargavbh changed the title [certora] canForceDeallocateZero [Certora] canForceDeallocateZero Mar 12, 2026
@bhargavbh bhargavbh force-pushed the certora/forceDeallocate branch from 39fe08a to 98940a5 Compare March 12, 2026 09:09
QGarchery
QGarchery approved these changes Mar 12, 2026
View reviewed changes
certora/specs/ForceDeallocate.spec Outdated

// Post-conditions on the returned ids and change that ensures forceDeallocate with Zero does not revert:
require forall uint256 i. i < ids.length => currentContract.caps[ids[i]].allocation > 0;
require forall uint256 i. i < ids.length => currentContract.caps[ids[i]].allocation <= max_int256();
Copy link
Collaborator

@QGarchery QGarchery Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this last one required ?

Copy link
Contributor Author

@bhargavbh bhargavbh Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, its required. prover link when you remove it. its similar to the requirement of the deallocate revert condition in AllocateDeallocateReverts.spec

Copy link
Collaborator

@QGarchery QGarchery Mar 12, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry I meant the last one in the code highlighted, so the second one of the block:
require forall uint256 i. i < ids.length => currentContract.caps[ids[i]].allocation <= max_int256();

Copy link
Contributor Author

@bhargavbh bhargavbh Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this condition is also necessary: prover link.
forceDeallocate calls deallocateInternal, so any condition on the adapter's deallocate which makes deallocateInternal revert would also be required here. Calling with assets=0 does not reduce the assumptions.

jhoenicke
jhoenicke reviewed Mar 12, 2026
View reviewed changes
@bhargavbh bhargavbh requested a review from MathisGD March 12, 2026 16:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jhoenicke jhoenicke jhoenicke left review comments

@QGarchery QGarchery QGarchery approved these changes

@lilCertora lilCertora lilCertora left review comments

@MathisGD MathisGD Awaiting requested review from MathisGD

At least 2 approving reviews are required to merge this pull request.

Assignees

@bhargavbh bhargavbh

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bhargavbh @jhoenicke @QGarchery @lilCertora