If one tries to check the invariant:
"For both token0 and token1 the balance of the system is at least as much as the reserves.",
in the Sparta pool protocol, one will get failure after invoking the "remove_liquidity" function.
The bug described in the tutorial is fixed by adding a sync() invocation at the beginning of the function,
yet it is not enough to ensure the invariant holds.
My solution was adding a second sync() in the end of "remove_liquidity" as well.

It is probably wise to add the sync() invocation at the end of "swap" as well, to solve the same issue (invariant won't pass).

In the Pre-conditions Vs. Valid States section of the tutorial,
the rule uniqueManager fails in calling the function flipOwnership.
Note that the invocation with arbitrary "args" leads to an infeasible state where
the same manager might have two funds from the beginning. I suggest fixing this rule
by calling this function with the given arguments. One can add the else-if statement in the same block:

else if(f.selector == flipOwnership(uint256 , uint256).selector)
{
// I added this if block with the arguments of "f" set as
// the rule arguments - otherwise, this creates a situation where
// there exists another fund (id3) whose owner is one of the previous owners.
flipOwnership(e, fundId1,fundId2);
}
This fixed the rule (but the invariant still fails, as expected).

Running this script solved the issue for me.

However, having beginners to go through this process is counter productive.

Please update the repo with updated specs.

In the section Exercising Flags - --method and --send_only it says:

Run a verification of the entire meetings.spec file with the appropriate solidity compiler and a message of your choice taken as an input.

However, no meetings.spec file can be found in the directory

The rule "totalSupplyNotLessThanSingleUserBalance" intends to check the invariance of : totalSupply > UserBalance for a specific user even though the called function didn't use the user as address. One should be advised that the correct rule should check that for all users, or either calculate the actual sum of balances and compare it to the totalSupply variable. Using ghosts is one option but is quite advanced for this level of tutorial.

The tutorial demonstrates that the BoundedSupply rule is violated if the prize is high enough such that the total supply reaches it's maximum value after the minting invocation. The suggested fix is to add a restriction :
//check that supply is not close to reach a limit, there should be enough to close another similar auction
require(auctions[id].prize.safeAdd(auctions[id].prize) + getTotalSupply() >= getTotalSupply());

It seems that the restriction checks if 2 * Prize + Supply > Supply instead of Prize + Supply.
What am I missing here?
Isn't the required fix for this rule is to check whether safeAdd(Prize,TotalSupply) < MAX_INT?

The referenced code in the lesson https://github.com/Certora/Tutorials/blob/master/08.Lesson_WorkingWithInvariants/InvariantsConcepts/README.md
doesn't match the code example https://github.com/Certora/Tutorials/blob/master/08.Lesson_WorkingWithInvariants/InvariantsConcepts/Manager/ManagerFullSolution.spec therefore making the lesson harder to follow

In the readme for the InvariantsConcepts part of Lesson 8, all the hints under the Exercise section are the same.