FV based on audit of Passkey module (#496)

Based on #495 This PR was made based on Certora's `safe-modules` repo with the FV specifications. The author was manually changed to avoid the CLA requirement. Steps: ``` git remote add Certora https://github.com/Certora/safe-modules/ git fetch Certora git checkout -b fv-passkey git merge --squash certora // Git commit with GUI to add details of all squashed commits git commit --amend --author="Shebin John <[email protected]>" --no-edit git push -u origin fv-passkey ``` Some other changes includes: - Moving FV to `modules/passkey` - Formatting changes - Path update - Using `solc8.26` for FV
safe-global · Oct 14, 2024 · 0b9ea28 · 0b9ea28
1 parent 3e0aa77
commit 0b9ea28
Show file tree

Hide file tree

Showing 35 changed files with 2,820 additions and 0 deletions.
diff --git a/.github/workflows/certora_passkey.yml b/.github/workflows/certora_passkey.yml
@@ -0,0 +1,66 @@
+name: certora
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - modules/passkey/**
+  pull_request:
+    branches:
+      - main
+    paths:
+      - modules/passkey/**
+
+  workflow_dispatch:
+
+jobs:
+  verify:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        rule:
+          [
+            'GetConfigurationConf',
+            'GetSigner',
+            'ProxySimulator',
+            'SafeWebAuthnSignerFactory',
+            'SafeWebAuthnSignerProxy',
+            'SafeWebAuthnSignerSingleton',
+            'SignerCreationCantOverride',
+            'SingletonIsValidSignatureRevertingConditions',
+            'ValidSignatureForSignerIntegrity',
+            'VerifyEQtoIsValidSignatureForSigner',
+            'WebAuthn',
+          ]
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 9
+
+      - name: Install python
+        uses: actions/setup-python@v4
+        with: { python-version: 3.11 }
+
+      - name: Install certora cli
+        run: pip install -r modules/passkey/certora/requirements.txt
+
+      - name: Install solc
+        run: |
+          wget https://github.com/ethereum/solidity/releases/download/v0.8.26/solc-static-linux
+          chmod +x solc-static-linux
+          sudo mv solc-static-linux /usr/local/bin/solc8.26
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - name: Verify rule ${{ matrix.rule }}
+        working-directory: ./modules/passkey
+        run: |
+          echo "Certora key length" ${#CERTORAKEY}
+          certoraRun certora/conf/${{ matrix.rule }}.conf --wait_for_results=all
+        env:
+          CERTORAKEY: ${{ secrets.CERTORA_KEY }}
diff --git a/modules/passkey/certora/conf/GetConfigurationConf.conf b/modules/passkey/certora/conf/GetConfigurationConf.conf
@@ -0,0 +1,25 @@
+{
+	"assert_autofinder_success": true,
+	"files": [
+		"certora/munged/SafeWebAuthnSignerSingleton.sol",
+		"certora/harnesses/GetConfigurationProxyHarness.sol",
+		"contracts/SafeWebAuthnSignerFactory.sol"
+	],
+	"link": [
+		"GetConfigurationProxyHarness:_SINGLETON=SafeWebAuthnSignerSingleton"
+	],
+	"loop_iter": "6",
+	"optimistic_hashing": true,
+	"optimistic_loop": true,
+	"packages": [
+		"@safe-global=node_modules/@safe-global",
+		"@account-abstraction=node_modules/@account-abstraction"
+	],
+	"process": "emv",
+	"prover_args": [
+		" -split false"
+	],
+	"rule_sanity": "basic",
+	"solc": "solc8.26",
+	"verify": "GetConfigurationProxyHarness:certora/specs/GetConfigurationSpec.spec"
+}
diff --git a/modules/passkey/certora/conf/GetSigner.conf b/modules/passkey/certora/conf/GetSigner.conf
@@ -0,0 +1,23 @@
+{
+    "assert_autofinder_success": true,
+    "files": [
+        "certora/harnesses/GetSignerHarness.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/SafeWebAuthnSignerProxy.sol"
+    ],
+    "hashing_length_bound": "4694",
+    "link": [
+        "GetSignerHarness:SINGLETON=SafeWebAuthnSignerSingleton"
+    ],
+    "loop_iter": "144",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "GetSignerHarness:certora/specs/GetSigner.spec"
+}
diff --git a/modules/passkey/certora/conf/ProxySimulator.conf b/modules/passkey/certora/conf/ProxySimulator.conf
@@ -0,0 +1,27 @@
+{
+    "assert_autofinder_success": true,
+    "files": [
+        "certora/harnesses/ProxySimulator.sol",
+        "contracts/SafeWebAuthnSignerProxy.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/libraries/P256.sol",
+        "certora/harnesses/WebAuthnHarnessWithMunge.sol"
+    ],
+    "hashing_length_bound": "2048",
+    "link": [
+        "ProxySimulator:_proxy=SafeWebAuthnSignerProxy",
+        "SafeWebAuthnSignerProxy:_VERIFIERS=P256",
+        "SafeWebAuthnSignerProxy:_SINGLETON=SafeWebAuthnSignerSingleton"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "ProxySimulator:certora/specs/ProxySimulator.spec"
+}
diff --git a/modules/passkey/certora/conf/SafeWebAuthnSignerFactory.conf b/modules/passkey/certora/conf/SafeWebAuthnSignerFactory.conf
@@ -0,0 +1,30 @@
+{
+    "assert_autofinder_success": true,
+    "files": [
+        "certora/harnesses/FactoryHarnessForSignerConsistency.sol",
+        "certora/harnesses/WebAuthnHarnessWithMunge.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/SafeWebAuthnSignerProxy.sol"
+    ],
+    "link": [
+        "FactoryHarnessForSignerConsistency:SINGLETON=SafeWebAuthnSignerSingleton"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "rule": [
+        "createAndGetSignerEquivalence",
+        "getSignerRevertingConditions",
+        "hasNoCodeIntegrity",
+        "isValidSignatureForSignerConsistency",
+        "singletonNeverChanges"
+    ],
+    "process": "emv",
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "FactoryHarnessForSignerConsistency:certora/specs/SafeWebAuthnSignerFactoryWithMunge.spec"
+}
diff --git a/modules/passkey/certora/conf/SafeWebAuthnSignerProxy.conf b/modules/passkey/certora/conf/SafeWebAuthnSignerProxy.conf
@@ -0,0 +1,23 @@
+{
+    "assert_autofinder_success": true,
+    "files": [
+        "contracts/SafeWebAuthnSignerProxy.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/libraries/P256.sol"
+    ],
+    "link": [
+        "SafeWebAuthnSignerProxy:_VERIFIERS=P256",
+        "SafeWebAuthnSignerProxy:_SINGLETON=SafeWebAuthnSignerSingleton"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "SafeWebAuthnSignerProxy:certora/specs/SafeWebAuthnSignerProxy.spec"
+}
diff --git a/modules/passkey/certora/conf/SafeWebAuthnSignerSingleton.conf b/modules/passkey/certora/conf/SafeWebAuthnSignerSingleton.conf
@@ -0,0 +1,23 @@
+{
+    "assert_autofinder_success": true,
+    "files": [
+        "contracts/SafeWebAuthnSignerFactory.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/libraries/P256.sol",
+        "certora/harnesses/WebAuthnHarnessWithMunge.sol"
+    ],
+    "link": [
+        "SafeWebAuthnSignerFactory:SINGLETON=SafeWebAuthnSignerSingleton"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "SafeWebAuthnSignerSingleton:certora/specs/SafeWebAuthnSignerSingleton.spec"
+}
diff --git a/modules/passkey/certora/conf/SignerCreationCantOverride.conf b/modules/passkey/certora/conf/SignerCreationCantOverride.conf
@@ -0,0 +1,31 @@
+{
+    "assert_autofinder_success": true,
+    "exclude_rule": [
+        "createAndVerifyEQtoIsValidSignatureForSigner"
+    ],
+    "files": [
+        "certora/harnesses/SafeWebAuthnSignerFactoryHarness.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/SafeWebAuthnSignerProxy.sol",
+        "contracts/libraries/P256.sol",
+        "certora/harnesses/WebAuthnHarnessWithMunge.sol"
+    ],
+    "hashing_length_bound": "912",
+    "link": [
+        "SafeWebAuthnSignerFactoryHarness:SINGLETON=SafeWebAuthnSignerSingleton"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "rule": [
+        "SignerCreationCantOverride"
+    ],
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "SafeWebAuthnSignerFactoryHarness:certora/specs/SafeWebAuthnSignerFactory.spec"
+}
diff --git a/modules/passkey/certora/conf/SingletonIsValidSignatureRevertingConditions.conf b/modules/passkey/certora/conf/SingletonIsValidSignatureRevertingConditions.conf
@@ -0,0 +1,23 @@
+{
+    "assert_autofinder_success": true,
+    "files": [
+        "contracts/SafeWebAuthnSignerFactory.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/libraries/P256.sol",
+        "certora/harnesses/WebAuthnHarnessWithMunge.sol"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "rule": [
+        "isValidSignatureRevertingConditions"
+    ],
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "SafeWebAuthnSignerSingleton:certora/specs/SafeWebAuthnSignerSingleton.spec"
+}
diff --git a/modules/passkey/certora/conf/ValidSignatureForSignerIntegrity.conf b/modules/passkey/certora/conf/ValidSignatureForSignerIntegrity.conf
@@ -0,0 +1,26 @@
+{
+    "assert_autofinder_success": true,
+    "files": [
+        "certora/harnesses/SafeWebAuthnSignerFactoryHarness.sol",
+        "certora/harnesses/WebAuthnHarnessWithMunge.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "contracts/SafeWebAuthnSignerProxy.sol"
+    ],
+    "link": [
+        "SafeWebAuthnSignerFactoryHarness:SINGLETON=SafeWebAuthnSignerSingleton"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "rule": [
+        "isValidSignatureForSignerIntegrity"
+    ],
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "SafeWebAuthnSignerFactoryHarness:certora/specs/SafeWebAuthnSignerFactory.spec"
+}
diff --git a/modules/passkey/certora/conf/VerifyEQtoIsValidSignatureForSigner.conf b/modules/passkey/certora/conf/VerifyEQtoIsValidSignatureForSigner.conf
@@ -0,0 +1,33 @@
+{
+    "assert_autofinder_success": true,
+    "dynamic_bound": "1",
+    "files": [
+        "certora/harnesses/SafeWebAuthnSignerFactoryHarness.sol",
+        "contracts/SafeWebAuthnSignerSingleton.sol",
+        "certora/munged/SafeWebAuthnSignerProxy.sol",
+        "certora/munged/WebAuthn.sol",
+        "certora/harnesses/WebAuthnHarnessWithMunge.sol"
+    ],
+    "hashing_length_bound": "906",
+    "link": [
+        "SafeWebAuthnSignerFactoryHarness:SINGLETON=SafeWebAuthnSignerSingleton"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "prover_args": [
+        "-depth 12"
+    ],
+    "rule": [
+        "createAndVerifyEQtoIsValidSignatureForSigner"
+    ],
+    "rule_sanity": "basic",
+    "smt_timeout": "600",
+    "solc": "solc8.26",
+    "verify": "SafeWebAuthnSignerFactoryHarness:certora/specs/SafeWebAuthnSignerFactoryWithMunge.spec"
+}
diff --git a/modules/passkey/certora/conf/WebAuthn.conf b/modules/passkey/certora/conf/WebAuthn.conf
@@ -0,0 +1,17 @@
+{
+    "assert_autofinder_success": true,
+    "files": [
+        "certora/harnesses/WebAuthnHarnessWithMunge.sol"
+    ],
+    "loop_iter": "6",
+    "optimistic_hashing": true,
+    "optimistic_loop": true,
+    "packages": [
+        "@safe-global=node_modules/@safe-global",
+        "@account-abstraction=node_modules/@account-abstraction"
+    ],
+    "process": "emv",
+    "rule_sanity": "basic",
+    "solc": "solc8.26",
+    "verify": "WebAuthnHarnessWithMunge:certora/specs/WebAuthn.spec"
+}