Merge branch 'master' into perf/reentrancy-guard-precompute-booleanslot

Author: borj404

.changeset/funny-donuts-follow.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`IERC7751`: Add the interface for custom error wrapping of bubbled up reverts.

.changeset/quick-pianos-press.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`ReentrancyGuard` and `ReentrancyGuardTransient`: Add `nonReentrantView`, a read-only version of the `nonReentrant` modifier.

.gitattributes

@@ -0,0 +1,3 @@
+certora/specs/*.spec linguist-language=Solidity
+certora/specs/*.conf linguist-detectable
+certora/specs/*.conf linguist-language=JSON5

.github/workflows/formal-verification.yml

@@ -12,7 +12,7 @@ on:
 env:
   PIP_VERSION: '3.11'
   JAVA_VERSION: '11'
-  SOLC_VERSION: '0.8.20'
+  SOLC_VERSION: '0.8.27'
 
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 
@@ -52,7 +52,7 @@ jobs:
       - name: Install python packages
         run: pip install -r fv-requirements.txt
       - name: Install java
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: temurin
           java-version: ${{ env.JAVA_VERSION }}
@@ -64,7 +64,7 @@ jobs:
       - name: Verify specification
         run: |
           make -C certora apply
-          node certora/run.js ${{ steps.arguments.outputs.result }} >> "$GITHUB_STEP_SUMMARY"
+          node certora/run.js ${{ steps.arguments.outputs.result }} -p 1 -v >> "$GITHUB_STEP_SUMMARY"
         env:
           CERTORAKEY: ${{ secrets.CERTORAKEY }}
 

certora/diff/access_manager_AccessManager.sol.patch

@@ -1,33 +1,33 @@
---- access/manager/AccessManager.sol	2023-10-05 12:17:09.694051809 -0300
-+++ access/manager/AccessManager.sol	2023-10-05 12:26:18.498688718 -0300
-@@ -6,7 +6,6 @@
+--- access/manager/AccessManager.sol	2025-08-16 15:15:34
++++ access/manager/AccessManager.sol	2025-08-16 15:17:51
+@@ -7,7 +7,6 @@
  import {IAccessManaged} from "./IAccessManaged.sol";
  import {Address} from "../../utils/Address.sol";
  import {Context} from "../../utils/Context.sol";
 -import {Multicall} from "../../utils/Multicall.sol";
  import {Math} from "../../utils/math/Math.sol";
  import {Time} from "../../utils/types/Time.sol";
- 
-@@ -57,7 +56,8 @@
-  * mindful of the danger associated with functions such as {{Ownable-renounceOwnership}} or
-  * {{AccessControl-renounceRole}}.
+ import {Hashes} from "../../utils/cryptography/Hashes.sol";
+@@ -59,7 +58,8 @@
+  * mindful of the danger associated with functions such as {Ownable-renounceOwnership} or
+  * {AccessControl-renounceRole}.
   */
 -contract AccessManager is Context, Multicall, IAccessManager {
 +// NOTE: The FV version of this contract doesn't include Multicall because CVL HAVOCs on any `delegatecall`.
 +contract AccessManager is Context, IAccessManager {
      using Time for *;
 
      // Structure that stores the details for a target contract.
-@@ -105,7 +105,7 @@
+@@ -115,7 +115,7 @@
 
      // Used to identify operations that are currently being executed via {execute}.
      // This should be transient storage when supported by the EVM.
 -    bytes32 private _executionId;
 +    bytes32 internal _executionId; // private → internal for FV
 
      /**
-      * @dev Check that the caller is authorized to perform the operation, following the restrictions encoded in
-@@ -253,6 +253,11 @@
+      * @dev Check that the caller is authorized to perform the operation.
+@@ -263,6 +263,11 @@
          _setGrantDelay(roleId, newDelay);
      }
 
@@ -39,28 +39,28 @@
      /**
       * @dev Internal version of {grantRole} without access control. Returns true if the role was newly granted.
       *
-@@ -287,6 +292,11 @@
-         return newMember;
-     }
+@@ -295,6 +300,11 @@
 
+         emit RoleGranted(roleId, account, executionDelay, since, newMember);
+         return newMember;
++    }
++
 +    // Exposed for FV
 +    function _getRoleGrantDelayFull(uint64 roleId) internal view virtual returns (uint32, uint32, uint48) {
 +        return _roles[roleId].grantDelay.getFull();
-+    }
-+
-     /**
-      * @dev Internal version of {revokeRole} without access control. This logic is also used by {renounceRole}.
-      * Returns true if the role was previously granted.
-@@ -586,7 +596,7 @@
+     }
+ 
      /**
-      * @dev Check if the current call is authorized according to admin logic.
+@@ -596,7 +606,7 @@
+      *
+      * WARNING: Carefully review the considerations of {AccessManaged-restricted} since they apply to this modifier.
       */
 -    function _checkAuthorized() private {
 +    function _checkAuthorized() internal virtual { // private → internal virtual for FV
          address caller = _msgSender();
          (bool immediate, uint32 delay) = _canCallSelf(caller, _msgData());
          if (!immediate) {
-@@ -609,7 +619,7 @@
+@@ -619,7 +629,7 @@
       */
      function _getAdminRestrictions(
          bytes calldata data
@@ -69,7 +69,7 @@
          if (data.length < 4) {
              return (false, 0, 0);
          }
-@@ -662,7 +672,7 @@
+@@ -672,7 +682,7 @@
          address caller,
          address target,
          bytes calldata data
@@ -78,7 +78,7 @@
          if (target == address(this)) {
              return _canCallSelf(caller, data);
          } else {
-@@ -716,14 +726,14 @@
+@@ -728,14 +738,14 @@
      /**
       * @dev Extracts the selector from calldata. Panics if data is not at least 4 bytes
       */
@@ -92,6 +92,6 @@
       */
 -    function _hashExecutionId(address target, bytes4 selector) private pure returns (bytes32) {
 +    function _hashExecutionId(address target, bytes4 selector) internal pure returns (bytes32) { // private → internal for FV
-         return keccak256(abi.encode(target, selector));
+         return Hashes.efficientKeccak256(bytes32(uint256(uint160(target))), selector);
      }
  }

certora/diff/account_extensions_draft-AccountERC7579.sol.patch

@@ -0,0 +1,25 @@
+--- account/extensions/draft-AccountERC7579.sol	2025-07-22 11:18:42.944504471 +0200
++++ account/extensions/draft-AccountERC7579.sol	2025-07-22 13:57:03.670277084 +0200
+@@ -60,8 +60,8 @@
+     using EnumerableSet for *;
+     using Packing for bytes32;
+ 
+-    EnumerableSet.AddressSet private _validators;
+-    EnumerableSet.AddressSet private _executors;
++    EnumerableSet.AddressSet internal _validators; // private → internal for FV
++    EnumerableSet.AddressSet internal _executors; // private → internal for FV
+     mapping(bytes4 selector => address) private _fallbacks;
+ 
+     /// @dev The account's {fallback} was called with a selector that doesn't have an installed handler.
+@@ -308,8 +308,9 @@
+      * the ERC-2771 format.
+      */
+     function _fallback() internal virtual returns (bytes memory) {
+-        address handler = _fallbackHandler(msg.sig);
+-        require(handler != address(0), ERC7579MissingFallbackHandler(msg.sig));
++        bytes4 selector = bytes4(msg.data[0:4]);
++        address handler = _fallbackHandler(selector);
++        require(handler != address(0), ERC7579MissingFallbackHandler(selector));
+ 
+         // From https://eips.ethereum.org/EIPS/eip-7579#fallback[ERC-7579 specifications]:
+         // - MUST utilize ERC-2771 to add the original msg.sender to the calldata sent to the fallback handler

certora/diff/token_ERC721_ERC721.sol.patch

@@ -0,0 +1,11 @@
+--- token/ERC721/ERC721.sol	2025-08-19 17:23:33.436823903 +0200
++++ token/ERC721/ERC721.sol	2025-08-19 17:23:07.328925282 +0200
+@@ -27,7 +27,7 @@
+ 
+     mapping(uint256 tokenId => address) private _owners;
+ 
+-    mapping(address owner => uint256) private _balances;
++    mapping(address owner => uint256) internal _balances; // private → internal for FV
+ 
+     mapping(uint256 tokenId => address) private _tokenApprovals;
+ 

certora/harnesses/AccountHarness.sol

@@ -0,0 +1,60 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.26;
+
+import {AccountERC7702WithModulesMock} from "../patched/mocks/account/AccountMock.sol";
+import {EIP712} from "../patched/utils/cryptography/EIP712.sol";
+import {EnumerableSet} from "../patched/utils/structs/EnumerableSet.sol";
+
+contract AccountHarness is AccountERC7702WithModulesMock {
+    using EnumerableSet for EnumerableSet.AddressSet;
+
+    constructor(string memory name, string memory version) EIP712(name, version) {}
+
+    function getFallbackHandler(bytes4 selector) external view returns (address) {
+        return _fallbackHandler(selector);
+    }
+
+    function getDataSelector(bytes memory data) external pure returns (bytes4) {
+        return bytes4(data);
+    }
+
+    function _validatorContains(address module) external view returns (bool) {
+        return _validators.contains(module);
+    }
+
+    function _validatorLength() external view returns (uint256) {
+        return _validators.length();
+    }
+
+    function _validatorAt(uint256 index) external view returns (address) {
+        return _validators.at(index);
+    }
+
+    function _validatorAtFull(uint256 index) external view returns (bytes32) {
+        return _validators._inner._values[index];
+    }
+
+    function _validatorPositionOf(address module) external view returns (uint256) {
+        return _validators._inner._positions[bytes32(uint256(uint160(module)))];
+    }
+
+    function _executorContains(address module) external view returns (bool) {
+        return _executors.contains(module);
+    }
+
+    function _executorLength() external view returns (uint256) {
+        return _executors.length();
+    }
+
+    function _executorAt(uint256 index) external view returns (address) {
+        return _executors.at(index);
+    }
+
+    function _executorAtFull(uint256 index) external view returns (bytes32) {
+        return _executors._inner._values[index];
+    }
+
+    function _executorPositionOf(address module) external view returns (uint256) {
+        return _executors._inner._positions[bytes32(uint256(uint160(module)))];
+    }
+}

certora/harnesses/ERC20WrapperHarness.sol

@@ -12,18 +12,6 @@ contract ERC20WrapperHarness is ERC20Permit, ERC20Wrapper {
         string memory _symbol
     ) ERC20(_name, _symbol) ERC20Permit(_name) ERC20Wrapper(_underlying) {}
 
-    function underlyingTotalSupply() public view returns (uint256) {
-        return underlying().totalSupply();
-    }
-
-    function underlyingBalanceOf(address account) public view returns (uint256) {
-        return underlying().balanceOf(account);
-    }
-
-    function underlyingAllowanceToThis(address account) public view returns (uint256) {
-        return underlying().allowance(account, address(this));
-    }
-
     function recover(address account) public returns (uint256) {
         return _recover(account);
     }

certora/harnesses/ERC721Harness.sol

@@ -23,6 +23,10 @@ contract ERC721Harness is ERC721 {
         _burn(tokenId);
     }
 
+    function unsafeBalanceOf(address owner) public view returns (uint256) {
+        return _balances[owner];
+    }
+
     function unsafeOwnerOf(uint256 tokenId) external view returns (address) {
         return _ownerOf(tokenId);
     }