Skip to content

Commit e4aca4c

Browse files
QGarcheryQGarchery
committed
docs: certora documentation of protection against common attack vectors
1 parent 35de6cf commit e4aca4c

File tree

1 file changed

+23
-1
lines changed

1 file changed

+23
-1
lines changed

certora/README.md

+23-1
Original file line numberDiff line numberDiff line change
@@ -210,10 +210,32 @@ The `canWithdrawCollateralAll` rule ensures that in the case where the account h
210210

211211
## Protection against common attack vectors
212212

213+
Other common and known attack vectors are verified to not be possible on the Morpho Blue protocol.
214+
213215
### Reentrancy
214216

217+
Reentrancy is a common attack vector that happen when a call to a contract allows, when in a temporary state, to call the same contract again.
218+
The state of the contract usually refers to the storage variables, which can typically hold values that are meant to be used only after the full execution of the current function.
219+
The Morpho Blue contract is verified to not be vulnerable to this kind of reentrancy attack thanks to the rule `reentrancySafe`.
220+
215221
### Extraction of value
216222

223+
The Morpho Blue protocol uses a conservative approach to handle arithmetic operations.
224+
Rounding is done such that potential (small) errors are in favor of the protocol, which ensures that it is not possible to extract value from other users.
225+
226+
The rule `supplyWithdraw` handles the simple scenario of a supply followed by a withdraw, and has the following check.
227+
228+
```solidity
229+
assert withdrawnAssets <= suppliedAssets;
230+
```
231+
232+
The rule `withdrawLiquidity` is more general and defines `owedAssets` as the assets that are owed to the user, rounding in favor of the protocol.
233+
This rule has the following check to ensure that no more than the owed assets can be withdrawn.
234+
235+
```solidity
236+
assert withdrawnAssets <= owedAssets;
237+
```
238+
217239
# Folder and file structure
218240

219241
The [`certora/specs`](./specs) folder contains the following files:
@@ -249,5 +271,5 @@ It requires having set the `CERTORAKEY` environment variable to a valid Certora
249271
You can pass arguments to the script, which allows you to verify specific properties. For example, at the root of the repository:
250272

251273
```
252-
./certora/scripts/verifyConsistentState.sh --rule borrowLessSupply
274+
./certora/scripts/verifyConsistentState.sh --rule borrowLessThanSupply
253275
```

0 commit comments

Comments
 (0)