feat: slashing audit fixes

.github/workflows/certora-prover.yml

@@ -50,7 +50,7 @@ jobs:
       - name: Install solc
         run: |
           pip install solc-select
-          solc-select use 0.8.12 --always-install
+          solc-select use 0.8.27 --always-install
       - name: Verify rule ${{ matrix.params }}
         run: |
           bash ${{ matrix.params }}

.github/workflows/coverage.yml

@@ -26,19 +26,20 @@ jobs:
       id: get_issue_number
       with:
         script: |
-          if (context.issue && context.issue.number) {
-            // Return issue number if present
-            return context.issue.number;
+          let issue_number;
+          // Attempt to find a pull request associated with the commit
+          const pullRequests = await github.rest.repos.listPullRequestsAssociatedWithCommit({
+            commit_sha: context.sha,
+            owner: context.repo.owner,
+            repo: context.repo.repo,
+          });
+
+          if (pullRequests.data.length > 0) {
+            issue_number = pullRequests.data[0].number;
           } else {
-            // Otherwise return issue number from commit
-            return (
-              await github.rest.repos.listPullRequestsAssociatedWithCommit({
-                commit_sha: context.sha,
-                owner: context.repo.owner,
-                repo: context.repo.repo,
-              })
-            ).data[0].number;
+            throw new Error('No associated issue or pull request found.');
           }
+          return issue_number;
         result-encoding: string
     - name: Checkout code
       uses: actions/checkout@v2
@@ -52,6 +53,9 @@ jobs:
         version: nightly
     - name: Run coverage
       run: forge coverage --report lcov
+      env:
+        RPC_MAINNET: ${{ secrets.RPC_MAINNET }}
+        RPC_HOLESKY: ${{ secrets.RPC_HOLESKY }}
     - name: Prune coverage report
       run: lcov --remove ./lcov.info -o ./lcov.info.pruned 'src/test/*' 'script/*' '*Storage.sol' --ignore-errors inconsistent
     - name: Generate reports

.github/workflows/testinparallel.yml

@@ -39,7 +39,7 @@ jobs:
     - name: Run Forge build
       run: |
         forge --version
-        forge build --sizes
+        forge build
       id: build
 
     - name: Run unit tests
@@ -57,9 +57,9 @@ jobs:
         CHAIN_ID: ${{ secrets.CHAIN_ID }}
 
     - name: Run integration mainnet fork tests
-      run: forge test --match-contract Integration
+      run: forge test --match-contract Integration 
       env:
         FOUNDRY_PROFILE: "forktest"
         RPC_MAINNET: ${{ secrets.RPC_MAINNET }}
         RPC_HOLESKY: ${{ secrets.RPC_HOLESKY }}
-        CHAIN_ID: ${{ secrets.CHAIN_ID }}
+        CHAIN_ID: ${{ secrets.CHAIN_ID }}

.gitignore

@@ -47,3 +47,7 @@ InheritanceGraph.png
 surya_report.md
 
 .idea
+
+*state.json
+deployed_strategies.json
+populate_src*

.gitmodules

@@ -1,15 +1,9 @@
-[submodule "lib/openzeppelin-contracts-upgradeable"]
-	path = lib/openzeppelin-contracts-upgradeable
-	url = https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
 [submodule "lib/ds-test"]
 	path = lib/ds-test
 	url = https://github.com/dapphub/ds-test
 [submodule "lib/forge-std"]
 	path = lib/forge-std
 	url = https://github.com/foundry-rs/forge-std
-[submodule "lib/openzeppelin-contracts"]
-	path = lib/openzeppelin-contracts
-	url = https://github.com/OpenZeppelin/openzeppelin-contracts
 [submodule "lib/openzeppelin-contracts-v4.9.0"]
 	path = lib/openzeppelin-contracts-v4.9.0
 	url = https://github.com/OpenZeppelin/openzeppelin-contracts

.solhint.json

@@ -16,6 +16,8 @@
     "compiler-version": "off",
     "custom-errors": "off",
     "no-global-import": "off",
-    "immutable-vars-naming": "off"
+    "immutable-vars-naming": "off",
+    "no-console": "off"
+
   }
 }

.solhintignore

@@ -1 +0,0 @@
-Slasher.sol

README.md

@@ -102,6 +102,14 @@ surya mdreport surya_report.md ./src/contracts/**/*.sol
 make bindings
 ```
 
+### Generate updated Storage Report
+
+To update the storage reports in `/docs/storage-report` run:
+
+```bash
+make storage-report
+```
+
 ## Deployments
 
 ### Current Mainnet Deployment

certora/harnesses/DelegationManagerHarness.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: BUSL-1.1
-pragma solidity ^0.8.12;
+pragma solidity ^0.8.27;
 
 import "../../src/contracts/core/DelegationManager.sol";
 

certora/harnesses/EigenPodHarness.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: BUSL-1.1
-pragma solidity ^0.8.12;
+pragma solidity ^0.8.27;
 
 import "../../src/contracts/pods/EigenPod.sol";
 

certora/harnesses/EigenPodManagerHarness.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: BUSL-1.1
-pragma solidity ^0.8.12;
+pragma solidity ^0.8.27;
 
 import "../../src/contracts/pods/EigenPodManager.sol";
 

certora/harnesses/PausableHarness.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: BUSL-1.1
-pragma solidity ^0.8.12;
+pragma solidity ^0.8.27;
 
 import "../../src/contracts/permissions/Pausable.sol";
 

certora/harnesses/StrategyManagerHarness.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: BUSL-1.1
-pragma solidity ^0.8.12;
+pragma solidity ^0.8.27;
 
 import "../../src/contracts/core/StrategyManager.sol";
 

certora/scripts/core/verifyDelegationManager.sh

@@ -3,12 +3,12 @@ then
     RULE="--rule $2"
 fi
 
-solc-select use 0.8.12
+solc-select use 0.8.27
 
 certoraRun certora/harnesses/DelegationManagerHarness.sol \
     lib/openzeppelin-contracts/contracts/token/ERC20/ERC20.sol lib/openzeppelin-contracts/contracts/mocks/ERC1271WalletMock.sol \
     src/contracts/pods/EigenPodManager.sol src/contracts/pods/EigenPod.sol src/contracts/strategies/StrategyBase.sol src/contracts/core/StrategyManager.sol \
-    src/contracts/core/Slasher.sol src/contracts/permissions/PauserRegistry.sol \
+    src/contracts/permissions/PauserRegistry.sol \
     --verify DelegationManagerHarness:certora/specs/core/DelegationManager.spec \
     --solc_via_ir \
     --solc_optimize 1 \

certora/scripts/core/verifyStrategyManager.sh

@@ -3,13 +3,13 @@ then
     RULE="--rule $2"
 fi
 
-solc-select use 0.8.12
+solc-select use 0.8.27
 
 certoraRun certora/harnesses/StrategyManagerHarness.sol \
     lib/openzeppelin-contracts/contracts/token/ERC20/ERC20.sol lib/openzeppelin-contracts/contracts/mocks/ERC1271WalletMock.sol \
     src/contracts/pods/EigenPodManager.sol src/contracts/pods/EigenPod.sol \
     src/contracts/strategies/StrategyBase.sol src/contracts/core/DelegationManager.sol \
-    src/contracts/core/Slasher.sol src/contracts/permissions/PauserRegistry.sol \
+    src/contracts/permissions/PauserRegistry.sol \
     --verify StrategyManagerHarness:certora/specs/core/StrategyManager.spec \
     --solc_via_ir \
     --solc_optimize 1 \

certora/scripts/permissions/verifyPausable.sh

@@ -3,7 +3,7 @@ then
     RULE="--rule $2"
 fi
 
-solc-select use 0.8.12
+solc-select use 0.8.27
 
 certoraRun certora/harnesses/PausableHarness.sol \
     src/contracts/permissions/PauserRegistry.sol \

certora/scripts/pods/verifyEigenPod.sh

@@ -3,11 +3,11 @@ then
     RULE="--rule $2"
 fi
 
-# solc-select use 0.8.12
+# solc-select use 0.8.27
 
 # certoraRun certora/harnesses/EigenPodHarness.sol \
 #     src/contracts/core/DelegationManager.sol src/contracts/pods/EigenPodManager.sol \
-#     src/contracts/core/Slasher.sol src/contracts/permissions/PauserRegistry.sol \
+#     src/contracts/permissions/PauserRegistry.sol \
 #     src/contracts/core/StrategyManager.sol \
 #     src/contracts/strategies/StrategyBase.sol \
 #     lib/openzeppelin-contracts/contracts/token/ERC20/ERC20.sol \

certora/scripts/pods/verifyEigenPodManager.sh

@@ -3,11 +3,11 @@ then
     RULE="--rule $2"
 fi
 
-# solc-select use 0.8.12
+# solc-select use 0.8.27
 
 # certoraRun certora/harnesses/EigenPodManagerHarness.sol \
 #     src/contracts/core/DelegationManager.sol src/contracts/pods/EigenPod.sol src/contracts/strategies/StrategyBase.sol src/contracts/core/StrategyManager.sol \
-#     src/contracts/core/Slasher.sol src/contracts/permissions/PauserRegistry.sol \
+#     src/contracts/permissions/PauserRegistry.sol \
 #     --verify EigenPodManagerHarness:certora/specs/pods/EigenPodManager.spec \
 #     --optimistic_loop \
 #     --optimistic_fallback \

certora/scripts/strategies/verifyStrategyBase.sh

@@ -3,13 +3,12 @@ then
     RULE="--rule $2"
 fi
 
-solc-select use 0.8.12
+solc-select use 0.8.27
 
 certoraRun src/contracts/strategies/StrategyBase.sol \
     lib/openzeppelin-contracts/contracts/token/ERC20/ERC20.sol \
     src/contracts/core/StrategyManager.sol \
     src/contracts/permissions/PauserRegistry.sol \
-    src/contracts/core/Slasher.sol \
     --verify StrategyBase:certora/specs/strategies/StrategyBase.spec \
     --solc_via_ir \
     --solc_optimize 1 \

certora/specs/core/DelegationManager.spec

@@ -78,7 +78,7 @@ in this case, the end state is that:
 isOperator(staker) == false,
 delegatedTo(staker) != staker && delegatedTo(staker) != 0,
 and isDelegated(staker) == true (redundant with above)
--only allowed when calling `delegateTo` or `delegateToBySignature`
+-only allowed when calling `delegateTo`
 
 2)
 FROM not delegated AND not registered as an operator
@@ -172,7 +172,7 @@ rule cannotChangeDelegationWithoutUndelegating(address staker) {
     }
 }
 
-// verifies that an undelegated address can only delegate when calling `delegateTo`, `delegateToBySignature` or `registerAsOperator`
+// verifies that an undelegated address can only delegate when calling `delegateTo` or `registerAsOperator`
 rule canOnlyDelegateWithSpecificFunctions(address staker) {
     requireInvariant operatorsAlwaysDelegatedToSelf(staker);
     // assume the staker begins as undelegated
@@ -192,16 +192,6 @@ rule canOnlyDelegateWithSpecificFunctions(address staker) {
         } else {
             assert (!isDelegated(staker), "staker delegated to inappropriate address?");
         }
-    } else if (f.selector == sig:delegateToBySignature(address, address, ISignatureUtils.SignatureWithExpiry, ISignatureUtils.SignatureWithExpiry, bytes32).selector) {
-        address toDelegateFrom;
-        address operator;
-        require(operator != 0);
-        ISignatureUtils.SignatureWithExpiry stakerSignatureAndExpiry;
-        ISignatureUtils.SignatureWithExpiry approverSignatureAndExpiry;
-        bytes32 salt;
-        delegateToBySignature(e, toDelegateFrom, operator, stakerSignatureAndExpiry, approverSignatureAndExpiry, salt);
-        // TODO: this check could be stricter! need to filter when the block timestamp is appropriate for expiry and signature is valid
-        assert (!isDelegated(staker) || delegatedTo(staker) == operator, "delegateToBySignature bug?");
     } else if (f.selector == sig:registerAsOperator(IDelegationManager.OperatorDetails, string).selector) {
         IDelegationManager.OperatorDetails operatorDetails;
         string metadataURI;