Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Certora] Reentrancy #396

Merged
merged 9 commits into from
Feb 2, 2024
Merged

[Certora] Reentrancy #396

merged 9 commits into from
Feb 2, 2024

Conversation

QGarchery
Copy link
Contributor

@QGarchery QGarchery commented Jan 19, 2024
edited
Loading

This PR's goals is to prove that there is no possibility of a reentrancy attacks, assuming that:

  • Tokens are trusted. This assumption could potentially be relaxed, based on the fact that the accounting does not depend on reentrant calls. In fact, MetaMorpho has been built with this concern in mind, notably to take into account ERC777 tokens. To simplify the verification though, tokens are assumed to not reenter the contract.
  • Morpho Blue and Morpho Blue markets are trusted. Morpho Blue is an immutable contract, and thoroughly verified.

Note also that both assumption make sense in the context of timelocked markets: a market (and its corresponding collateral and loan token) can only be added after going through a timelock phase. After a proper analysis during this period, a market could be considered safe

@QGarchery QGarchery self-assigned this Jan 19, 2024
@QGarchery QGarchery marked this pull request as ready for review January 22, 2024 14:58
@QGarchery QGarchery requested review from a team, adhusson, Rubilmax, MerlinEgalite, MathisGD and Jean-Grimal and removed request for a team January 22, 2024 15:27
This was referenced Jan 22, 2024
Merged
Open
@QGarchery QGarchery merged commit 32d5ae7 into main Feb 2, 2024
11 checks passed
@QGarchery QGarchery deleted the certora/reentrancy branch February 2, 2024 10:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MathisGD MathisGD MathisGD approved these changes

@MerlinEgalite MerlinEgalite MerlinEgalite approved these changes

@adhusson adhusson Awaiting requested review from adhusson adhusson was automatically assigned from morpho-org/onchain-reviewers

@Rubilmax Rubilmax Awaiting requested review from Rubilmax Rubilmax was automatically assigned from morpho-org/onchain-reviewers

@Jean-Grimal Jean-Grimal Awaiting requested review from Jean-Grimal Jean-Grimal was automatically assigned from morpho-org/onchain-reviewers

Assignees

@QGarchery QGarchery

Labels
verif
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@QGarchery @MerlinEgalite @MathisGD