Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Find one core invariant and apply FREI-PI #146

Open
smol-ninja opened this issue May 30, 2024 · 5 comments
Open

Find one core invariant and apply FREI-PI #146

smol-ninja opened this issue May 30, 2024 · 5 comments
Assignees
@smol-ninja @andreivladbrg
Labels
effort: medium Default level of effort. priority: 1 This is important. It should be dealt with shortly. type: feature New feature or request. work: complex Probe-sense-respond. The relationship between cause and effect can only be perceived in retrospect.

Comments

@smol-ninja
Copy link
Member

Find "one" core invariant that can be verified at the end of every execution.

Reading

  1. https://www.nascent.xyz/idea/youre-writing-require-statements-wrong for ideas
  2. https://github.com/orgs/sablier-labs/discussions/7
@smol-ninja smol-ninja added priority: 1 This is important. It should be dealt with shortly. work: complex Probe-sense-respond. The relationship between cause and effect can only be perceived in retrospect. effort: medium Default level of effort. type: feature New feature or request. labels May 30, 2024
@smol-ninja smol-ninja changed the title Find one core invariant and apply FREI-PI approach to every function Find one core invariant and apply FREI-PI May 30, 2024
@smol-ninja
Copy link
Member Author

smol-ninja commented Sep 12, 2024
edited
Loading

I think I found the core invariant for Flow.

At the end of every execution, the following must hold true.

assert(previousTotalDebt - _totalDebtOf(streamId) == previousBalance - _streams[streamId].balance);

It also ensures that if no change in balance is observed, there should be no change in total debt as well. This also ensures that snapshotTime is correctly updated which is also crucial for the health of Flow streams.

i.e. the change in total debt must be equal to the change in the stream balance. cc @sablier-labs/solidity thoughts?

Re. gas: the storage is already loaded, so it won't impact gas so much.

@PaulRBerg
Copy link
Member

Nice one @smol-ninja.

Basically, what goes out must be precisely recorded.

@smol-ninja
Copy link
Member Author

what goes out must be precisely recorded.

Yes true for non-incoming payments. But it would fail for deposits so I am thinking how we can extend it to apply for deposits as well.

@smol-ninja smol-ninja mentioned this issue Sep 13, 2024
Merged
@smol-ninja
Copy link
Member Author

Closing this with the following comments:

  • There does not exist a single invariant that can be checked at the end of every function call without increasing the gas cost significantly.
  • As a start, we've added a protocol invariant in withdraw function.

@PaulRBerg
Copy link
Member

A gas cost increase is not a good reason to eschew FREI-PI.

A good reason is invariants being superfluous.

Could you share an example of a costly invariant to see if it's superfluous or not?

@smol-ninja smol-ninja reopened this Oct 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@smol-ninja smol-ninja

@andreivladbrg andreivladbrg

Labels
effort: medium Default level of effort. priority: 1 This is important. It should be dealt with shortly. type: feature New feature or request. work: complex Probe-sense-respond. The relationship between cause and effect can only be perceived in retrospect.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@smol-ninja @PaulRBerg @andreivladbrg