Skip to content

Certora Formal Verification#32

Open
kel-certora wants to merge 79 commits intosuilend:mainfrom
kel-certora:certora
Open

Certora Formal Verification#32
kel-certora wants to merge 79 commits intosuilend:mainfrom
kel-certora:certora

Conversation

@kel-certora
Copy link
Collaborator

@kel-certora kel-certora commented Mar 4, 2026

Add Certora formal verification specs and CI

This PR introduces Certora's formal verification of the Suilend liquid staking protocol, along with a GitHub Actions workflow to run verification automatically on PRs against main.

What's included

Formal Specification

Verification rules under certora/spec/ covering 10 property groups:

  • Solvency and exchange rate monotonicity
  • Total SUI supply accounting
  • Token supply initialization invariants
  • Value conservation (mint/redeem)
  • Fee accounting integrity
  • Supply control authorization
  • No-arbitrage guarantee
  • Validator registry consistency and integrity
  • Assumption validation

For details on individual rules, assumptions, and running instructions, see certora/README.md file.

CI Integration

Contains a workflow file .github/workflows/certora.yml thats runs the full Certora verification suite on PRs targeting the main (and the certora branch), using the Certora/certora-run-action. Verification jobs are run in the Certora cloud and results are posted back to the PR via GITHUB_TOKEN. Requires a CERTORAKEY repository secret to be set to a valid Certora key.

Note on munges

Verification requires patching the source code before running, mainly to widen the visibility of internal functions. These patches live in certora/munges/ and must be kept in sync with the source. If the patched files change, verification will fail to apply and CI will break. See the README for instructions on maintaining regenerating patches.

ericeil and others added 30 commits November 5, 2025 10:15
@ericeil
Initial sanity checks
59216e6
@ericeil
WIP
1524fde
@ericeil
get_sui_amount equlivalence
28cb32d
@ericeil
WIP
eec9a68
@ericeil
WIP
9b0cd48
@kel-certora
fix: duplicate summary for system state
02f5e19
@kel-certora
Create dummy implementation for parametric rules
049204e
@kel-certora
wip: solvency
b78d4b0
@kel-certora
Disable system summaries
5c72cbe
@kel-certora
Solvency: Assume only one validator
8e27545
@kel-certora
Summarize exchange rate
e5c6af9
@kel-certora
Update patches
4126f9d
@kel-certora
Verify correct accounting of total sui supply
912f642
@kel-certora
Remove invalid rule declaration
29b71a3
@kel-certora
Fix solvency rules
5683bf8
@kel-certora
Add basic integrity rules
87cf97a
@kel-certora
Add integrity rules
4907a65
@kel-certora
Add rules for validator info consistency
a6db8aa
@kel-certora
Initial CI setup
0ad0794
@kel-certora
Restructure rules
5b5b0b9
@kel-certora
Remove invalid summary
7f4f7c2
@kel-certora
Fix no sui iff no lst rule
fd5ab55
@kel-certora
Fix spurious cex in solvency rules
dfdd5d3
@kel-certora
Value conservation rules
f2edd4e
@kel-certora
Merge branch 'kel/specs' into kel/ci
8bfbd27
@kel-certora
ci: Update conf files
663974d
@kel-certora
ci: print sui version
a699628
@kel-certora
ci: Fix sui version 1.53.2
76d71ad
@kel-certora
Fix timeouts
720310c
@kel-certora
Fix timeouts
6f7841b
kel-certora and others added 30 commits January 26, 2026 15:47
@kel-certora
fix: bad module name
84ff6d8
@kel-certora
fix: increase smt timeouts
9a10cde
@kel-certora
fix: validator consistency soundness and missing rule
59bf0ff
@kel-certora
chore: add comments
70e2493
@kel-certora
chore: polishing
d8048d0
@kel-certora
fix: invalid configurations
91386c2
@kel-certora
chore: Split CI steps to not hit resource limits
24b4039
@kel-certora
chore: Update CI job names
fbfccf4
@kel-certora
Merge pull request suilend#2 from Certora/kel/specs
a5a265d 
Verification
@kel-certora
Merge branch 'main' into kel/fixes-bump
54d1eb6
@kel-certora
fix: Sui supply reconciles only in next epoch
6ec5789
@kel-certora
fix: validator consistency invariant only holds across epoch boundary
e426e1e
@kel-certora
chore: disable vacuity checks to mitigate timeout
d7000de
@kel-certora
chore: more accurate rule messages
3cf05a4
@ericeil @kel-certora
Move CI test to Sui v1.62.1 and update certora dependencies to match
067cb0a
@kel-certora
chore: update comments
aa3728f
@kel-certora
fix: Adjust patches
973e338
@kel-certora
chore: add package_summaries to gitignore
a3b5c25
@kel-certora
chore: force Sui dependencies to match the versions in cvlm/certora_s…
4acfdfd 
…ui_summaries
@kel-certora
chore[ci]: bump sui version
6b62b73
@kel-certora
fix: method matching in confs
73ca29b
@kel-certora
chore[ci]: trigger on PR against main
e6c4577
@kel-certora
Merge pull request suilend#5 from Certora/kel/fixes-bump
99a7502 
Reruns for fixes
@kel-certora
chore:
58c304b
@kel-certora
chore: add readme
a36c8e6
@kel-certora
Merge pull request suilend#7 from Certora/kel/cleanup
e625195 
Kel/cleanup
@kel-certora
Bump to sui 1.65.2
97e28f6
@kel-certora
Pin cli version in CI
fa2f924
@kel-certora
Merge pull request suilend#8 from Certora/kel/sui-1.65.2
f9eb076 
Bump to sui 1.65.2
@kel-certora
fix[ci]: missing conf
d32b2de
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kel-certora @ericeil