refactor: implement review suggestions

morpho-org · Feb 4, 2025 · 619435e · 619435e
1 parent 0874bf3
commit 619435e
Showing 1 changed file with 7 additions and 10 deletions.
diff --git a/certora/specs/Delegation.spec b/certora/specs/Delegation.spec
@@ -222,28 +222,25 @@ rule updatedDelegatedVPLTEqTotalSupply(address from, address to) {
     uint256 totalSupplyBefore = totalSupply();
     env e;
 
-    require e.msg.value == 0;
-    require e.msg.sender == from;
+    requireInvariant sumOfTwoDelegatedVPLTEqTotalVP();
+    assert isTotalSupplyGTEqSumOfVotingPower();
 
+    // Safe require-statements that introduce the premises of the goal formula, from != 0 => delegatee(to) != delegatee(from) => delegatedVotingPower(delegateee(to)) + balanceOf(from) <= totalSupply().
     require from != 0;
     require delegatee(to) != delegatee(from);
 
-    requireInvariant sumOfTwoDelegatedVPLTEqTotalVP();
-    assert isTotalSupplyGTEqSumOfVotingPower();
 
     // This require avoids an impossible revert as zeroVirtualVotingPower operations comme from munging.
     require delegatee(from) == 0 => currentContract._zeroVirtualVotingPower >=  balanceOfFromBefore;
 
-
-    // This invariant can't be required as it's using a parameterized variable.
-    // But it is proven by delegatedLTEqDelegateeVP.
     require delegatee(from) != 0 => delegatedVotingPower(delegatee(from)) >= balanceOfFromBefore;
 
+    // Safe require-statements to perform a ghost call to delegate(from).
+    require e.msg.value == 0;
+    require e.msg.sender == from;
     delegate@withrevert(e, from);
 
-    assert(!lastReverted);
-
-    assert delegatee(from) == from;
+    assert !lastReverted;
 
     assert delegatedVotingPowerDelegateeToBefore + balanceOfFromBefore <= totalSupplyBefore;
 }