Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Formal verification #926

Open
Tracked by #928
rndquu opened this issue Apr 16, 2024 · 25 comments
Open
Tracked by #928

Formal verification #926

rndquu opened this issue Apr 16, 2024 · 25 comments

Comments

@rndquu
Copy link
Member

rndquu commented Apr 16, 2024

We should implement formal verification for LibUbiquityPool.

So collaborator who's going to take this issue should carefully study the LibUbiquityPool and think of the invariants that should be tested.

Invariants could be:

  • user can not mint more Dollars in USD than provided collateral
  • user can not redeem more collateral in USD than provided Dollar tokens

Possible solutions for formal verification:

We already had a try with formal verification, you may find related scripts here.

What should be done:

  1. Impelent formal verification for the LibUbiquityPool contract (you may create tests in a separate test file like UbiquityPoolFacet.formal.t.sol so we could distinguish unit, fuzz, invariant and formal verification tests)
  2. Setup testing CI to run formal verification tests on merge to the development branch (keep in mind that github action runnners can run for 6 hours). We don't need to run formal verification tests on eash PR since they're really time consuming.
@0x4007
Copy link
Member

0x4007 commented Apr 16, 2024

I heard great things about Certora. If you search the ubiquity org for me writing the term "Certora" you can see that I listed a security checklist with a lot of what you filed issues for.

@rndquu
Copy link
Member Author

rndquu commented Apr 17, 2024

I heard great things about Certora. If you search the ubiquity org for me writing the term "Certora" you can see that I listed a security checklist with a lot of what you filed issues for.

I guess you mean this topic: #197

This issue doesn't include only 2 topics you mentioned at #197:

  • bug bounty program
  • incident handling

Regarding the bug bounty program, we have an implicit rule (which we applied at least 2 times) to reward 10% of the funds at risk. So I think a simple mention of bug bounty program somewhere at https://ubq.fi/ is enough, without going into details of severity, possibility, etc...

Regarding the incident handling, all of the tutorials that I read goes simply to:

  1. Pause contracts
  2. Find the root cause
  3. Fix the root cause

The most important is step 1 which pauses contracts. If it is not on time then all other mitigation steps don't make sense. So a separate incident response tutorial seems to be a low priority issue right now.

@rndquu
Copy link
Member Author

rndquu commented May 30, 2024

I heard great things about Certora. If you search the ubiquity org for me writing the term "Certora" you can see that I listed a security checklist with a lot of what you filed issues for.

Certora is closed sourced and has a pretty steep learning curve. I've had great experience using https://github.com/a16z/halmos which seems to be the most user friendly out of all of the tools.

@0x4007
Copy link
Member

0x4007 commented Jun 1, 2024

They asked me to schedule a call with them. I am under the impression that we can bring on one of their engineers to implement things.

If you're interested I can consider your availability before booking

https://calendly.com/d/444-zpr-54m/30-minute-meeting

@rndquu
Copy link
Member Author

rndquu commented Jun 3, 2024

They asked me to schedule a call with them. I am under the impression that we can bring on one of their engineers to implement things.

If you're interested I can consider your availability before booking

https://calendly.com/d/444-zpr-54m/30-minute-meeting

Of course they asked for a call since they need to sell the product. Certora is a proprietary paid "formal verification as a service" company. They bring on one of the engineers since the product is really complicated. I'd rather use one of the open-sourced solutions and have one of the core team members to solve this issue in order to keep the context/knowledge in Ubiquity DAO instead of outsourcing solving this issue.

@FibrinLab
Copy link
Contributor

Still an active issue?

@rndquu
Copy link
Member Author

rndquu commented Sep 1, 2024

Still an active issue?

Yes

@sushant-rumsan
Copy link

/start @Keyrxng

@0x4007
Copy link
Member

0x4007 commented Sep 17, 2024

/start @Keyrxng

@gentlementlegen like I suggested please revert the code since start is broken

@gentlementlegen
Copy link
Member

/start

Copy link

ubiquity-os bot commented Sep 17, 2024

! This issue is already assigned. Please choose another unassigned task.

@gentlementlegen
Copy link
Member

@0x4007 should be good to go for now hopefully.

Copy link

ubiquity-os bot commented Sep 21, 2024

@sushant-rumsan, @Keyrxng, this task has been idle for a while. Please provide an update.

@alexandr-masl
Copy link
Contributor

/start

Copy link

ubiquity-os bot commented Oct 1, 2024

Warning! This task was created over 168 days ago. Please confirm that this issue specification is accurate before starting.
Deadline Wed, Oct 2, 3:11 PM UTC
Beneficiary 0x01Ae8d6d0F137CF946e354eA707B698E8CaE6485

Tip

  • Use /wallet 0x0000...0000 if you want to update your registered payment wallet address.
  • Be sure to open a draft pull request as soon as possible to communicate updates on your progress.
  • Be sure to provide timely updates to us when requested, or you will be automatically unassigned from the task.

@rndquu
Copy link
Member Author

rndquu commented Oct 3, 2024

@alexandr-masl

Basically we have 2 invariants that should be proved (one, two). In some cases formal verification is not possible if there're too many code paths to prove. Not sure if https://github.com/a16z/halmos or https://docs.runtimeverification.com/kontrol are able to prove that invariants.

@alexandr-masl
Copy link
Contributor

@alexandr-masl

Basically we have 2 invariants that should be proved (one, two). In some cases formal verification is not possible if there're too many code paths to prove. Not sure if https://github.com/a16z/halmos or https://docs.runtimeverification.com/kontrol are able to prove that invariants.

Hey, thanks for pointing this out. I'm currently researching all the presented solutions to find the one that fits best. I'll keep you updated on my progress

@Sitominyanco
Copy link

start

@rndquu
Copy link
Member Author

rndquu commented Oct 28, 2024

start

/start

@surafeldev
Copy link

/help

Copy link

ubiquity-os bot commented Nov 4, 2024

Available Commands

Command Description Example
/help List all available commands. /help
/allow Allows the user to modify the given label. /allow @user1 label
/query Returns the user's wallet, access, and multiplier information. /query @ubiquibot
/start Assign yourself to the issue. /start
/stop Unassign yourself from the issue. /stop
/wallet Register your wallet address for payments. /wallet ubq.eth

@surafeldev
Copy link

/wallet 0x0013f4217f6a8B48A92f7EA5d811A5F8D8364B93

Copy link

ubiquity-os bot commented Nov 4, 2024

+ Successfully registered wallet address

@surafeldev
Copy link

/start

Copy link

ubiquity-os bot commented Nov 4, 2024

Warning! This task was created over 201 days ago. Please confirm that this issue specification is accurate before starting.
Deadline Tue, Nov 5, 11:10 AM UTC
Beneficiary 0x0013f4217f6a8B48A92f7EA5d811A5F8D8364B93

Tip

  • Use /wallet 0x0000...0000 if you want to update your registered payment wallet address.
  • Be sure to open a draft pull request as soon as possible to communicate updates on your progress.
  • Be sure to provide timely updates to us when requested, or you will be automatically unassigned from the task.

@surafeldev surafeldev removed their assignment Nov 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

9 participants