Variable State Change Tracking

​

Status

• Supported
• Partially Supported
• Not Supported Yet

​

Implementation Details

​

Required Cheatcodes

• getStateChanges(address aa, bytes32 slot)

​

Example Implementation

Protocol:

// Example contract code if needed
contract MonotonicallyIncreasingValue {
    uint256 public value;

    function setValue(uint256 value_) external {
        value = value_;
    }
}

Assertion:

contract StateChangesAssertion is Assertion {
    MonotonicallyIncreasingValue public protocol;

    constructor(MonotonicallyIncreasingValue protocol_) {
        protocol = protocol_;
    }

    function triggers() public view override {
        registerCallTrigger(this.assertionStateChanges.selector);
    }

    function assertionStateChanges() public view {
        uint256[] memory changes = getStateChangesUint(address(protocol), 0x0);
        for (uint256 i = 0; i < changes.length - 1; i++) {
            require(changes[i] < changes[i + 1], "Value is not monotonically increasing");
        }
    }
}

​

Implementation Notes

• Storage access helpers:

  • The getStateChangesTYPE() helper functions return the changes for the given slot cast to the respective type
  • Storage layout packing has to be handled by the user

• State change ordering:

  • The getStateChanges() function returns the changes in order of changes being made
  • To access values of a mapping, the slot has to be calculated manually
  • The pre-execution value is not included in the state changes

​

Example Use Cases

• Make sure that a variable never changes its value:

  • Implementation slot of a proxy
  • Owner of a contract

• Make sure assigned values meet certain criteria:

  • Price oracle increases/decreases max by x%
  • Address changed to a whitelisted value

​

Known Limitations

1. Slot granularity

   • User can only request on a slot level, not on a variable level
   • User has to know the storage layout of the contract
   • User has to potentially shift/mask for the correct bits of the slot

2. Slot Coupling

   • Arrays of state changes of different slots don’t give you timing guarantees
     • i.e. There is no guarantee that changes1[1] and changes2[1] held the value at the same time
     • Unless the user knows exactly when state changes occur, it is not recommended to assume timing guarantees

​

Future Improvements

• Provide variable level access
• Allow masking/shifting for correct bits of the slot in helper functions
• Allow coupling of variables
  • stateChanges provide snapshots of the requested slots