Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

ERC4626PreviewAssertion

Git Source

Inherits: ERC4626BaseAssertion

Title: ERC4626PreviewAssertion

Author: Phylax Systems

Asserts that ERC-4626 preview functions are consistent with the actual results of the corresponding state-changing operations, and that rounding favors the vault. Invariants covered:

  • Preview consistency: for the same pre-state, previewDeposit(a) == shares minted by deposit(a) previewMint(s) == assets charged by mint(s) previewWithdraw(a) == shares burned by withdraw(a) previewRedeem(s) == assets returned by redeem(s)
  • Rounding direction (implicit in the inequality checks): previewDeposit rounds DOWN (returns fewer shares -> favors vault) previewMint rounds UP (returns more assets -> favors vault) previewWithdraw rounds UP (returns more shares -> favors vault) previewRedeem rounds DOWN (returns fewer assets -> favors vault)

Uses V2 registerFnCallTrigger + ph.context() for call-scoped triggers, ph.callinputAt() to read call arguments, and ph.callOutputAt() to read the actual return value — replacing the totalSupply/totalAssets delta inference from V1.

Functions

_registerPreviewTriggers

Register the default trigger set for preview-consistency invariants.

Each ERC-4626 operation gets its own assertion function via registerFnCallTrigger.

function _registerPreviewTriggers() internal view;

_maxPreviewDeviation

Maximum acceptable deviation between a preview result and the actual result.

Defaults to 1 (single-unit rounding). Override for vaults with wider rounding (e.g. multi-step rounding, fee chunking, or decimal normalization).

function _maxPreviewDeviation() internal view virtual returns (uint256);

assertDepositPreview

For the triggering deposit(assets, receiver) call, verifies: previewDeposit(assets) <= actualSharesMinted (ERC-4626 spec) actualSharesMinted - previewDeposit(assets) <= maxDeviation

function assertDepositPreview() external;

assertMintPreview

For the triggering mint(shares, receiver) call, verifies: previewMint(shares) >= actualAssetsCharged (ERC-4626 spec) previewMint(shares) - actualAssetsCharged <= maxDeviation

function assertMintPreview() external;

assertWithdrawPreview

For the triggering withdraw(assets, receiver, owner) call, verifies: previewWithdraw(assets) >= actualSharesBurned (ERC-4626 spec) previewWithdraw(assets) - actualSharesBurned <= maxDeviation

function assertWithdrawPreview() external;

assertRedeemPreview

For the triggering redeem(shares, receiver, owner) call, verifies: previewRedeem(shares) <= actualAssetsReturned (ERC-4626 spec) actualAssetsReturned - previewRedeem(shares) <= maxDeviation

function assertRedeemPreview() external;

_stripSelector

Strip the 4-byte selector from raw call input bytes.

function _stripSelector(bytes memory input) internal pure returns (bytes memory args);