From 289fbdd9d86784560fadcafde36f007b89a811a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Mon, 5 Aug 2024 11:13:27 +0200
Subject: [PATCH 01/89] ERC20 code generated by VC

---
 All.lean                                      | 248 ++++++++++++++++-
 .../Common/for_1821242857744567453.lean       |  35 +++
 .../Common/for_1821242857744567453_gen.lean   | 144 ++++++++++
 .../Common/for_1821242857744567453_user.lean  |  43 +++
 .../Common/for_6088573059593786335.lean       |  35 +++
 .../Common/for_6088573059593786335_gen.lean   | 141 ++++++++++
 .../Common/for_6088573059593786335_user.lean  |  43 +++
 .../Common/if_1438067688173587229.lean        |  22 ++
 .../Common/if_1438067688173587229_gen.lean    |  67 +++++
 .../Common/if_1438067688173587229_user.lean   |  22 ++
 .../Common/if_2130076443351184838.lean        |  23 ++
 .../Common/if_2130076443351184838_gen.lean    | 118 ++++++++
 .../Common/if_2130076443351184838_user.lean   |  23 ++
 .../Common/if_2395397427938978657.lean        |  23 ++
 .../Common/if_2395397427938978657_gen.lean    | 114 ++++++++
 .../Common/if_2395397427938978657_user.lean   |  23 ++
 .../Common/if_2792370840247009933.lean        |  23 ++
 .../Common/if_2792370840247009933_gen.lean    |  68 +++++
 .../Common/if_2792370840247009933_user.lean   |  23 ++
 .../Common/if_3812165059632449189.lean        |  23 ++
 .../Common/if_3812165059632449189_gen.lean    | 114 ++++++++
 .../Common/if_3812165059632449189_user.lean   |  23 ++
 .../Common/if_384845947645085899.lean         |  23 ++
 .../Common/if_384845947645085899_gen.lean     |  68 +++++
 .../Common/if_384845947645085899_user.lean    |  23 ++
 .../Common/if_3989404597755436942.lean        |  23 ++
 .../Common/if_3989404597755436942_gen.lean    | 118 ++++++++
 .../Common/if_3989404597755436942_user.lean   |  23 ++
 .../Common/if_4024499920364541172.lean        |  22 ++
 .../Common/if_4024499920364541172_gen.lean    |  64 +++++
 .../Common/if_4024499920364541172_user.lean   |  22 ++
 .../Common/if_4692225504622348326.lean        |  23 ++
 .../Common/if_4692225504622348326_gen.lean    | 114 ++++++++
 .../Common/if_4692225504622348326_user.lean   |  23 ++
 .../Common/if_5042234445269809685.lean        |  23 ++
 .../Common/if_5042234445269809685_gen.lean    | 103 +++++++
 .../Common/if_5042234445269809685_user.lean   |  23 ++
 .../Common/if_5327145078839977110.lean        |  25 ++
 .../Common/if_5327145078839977110_gen.lean    | 122 +++++++++
 .../Common/if_5327145078839977110_user.lean   |  25 ++
 .../Common/if_7164014626810332831.lean        |  23 ++
 .../Common/if_7164014626810332831_gen.lean    |  68 +++++
 .../Common/if_7164014626810332831_user.lean   |  23 ++
 .../Common/if_8073281237182003506.lean        |  22 ++
 .../Common/if_8073281237182003506_gen.lean    |  67 +++++
 .../Common/if_8073281237182003506_user.lean   |  22 ++
 .../Common/if_9141570808380448040.lean        |  23 ++
 .../Common/if_9141570808380448040_gen.lean    | 114 ++++++++
 .../Common/if_9141570808380448040_user.lean   |  23 ++
 .../Common/if_9222169807163418225.lean        |  23 ++
 .../Common/if_9222169807163418225_gen.lean    |  68 +++++
 .../Common/if_9222169807163418225_user.lean   |  23 ++
 .../Common/switch_1041419350816529734.lean    |  24 ++
 .../switch_1041419350816529734_gen.lean       | 144 ++++++++++
 .../switch_1041419350816529734_user.lean      |  24 ++
 .../Common/switch_2364266820542243941.lean    |  27 ++
 .../switch_2364266820542243941_gen.lean       | 201 ++++++++++++++
 .../switch_2364266820542243941_user.lean      |  27 ++
 .../Common/switch_8164987986085659348.lean    |  24 ++
 .../switch_8164987986085659348_gen.lean       | 153 +++++++++++
 .../switch_8164987986085659348_user.lean      |  24 ++
 Generated/erc20shim/ERC20Shim/abi_decode.lean |  24 ++
 .../ERC20Shim/abi_decode_address.lean         |  23 ++
 .../ERC20Shim/abi_decode_address_gen.lean     | 106 ++++++++
 .../ERC20Shim/abi_decode_address_user.lean    |  24 ++
 .../abi_decode_addresst_address.lean          |  25 ++
 .../abi_decode_addresst_address_gen.lean      | 151 +++++++++++
 .../abi_decode_addresst_address_user.lean     |  26 ++
 .../abi_decode_addresst_addresst_uint256.lean |  26 ++
 ..._decode_addresst_addresst_uint256_gen.lean | 173 ++++++++++++
 ...decode_addresst_addresst_uint256_user.lean |  27 ++
 .../abi_decode_addresst_uint256.lean          |  26 ++
 .../abi_decode_addresst_uint256_gen.lean      | 152 +++++++++++
 .../abi_decode_addresst_uint256_user.lean     |  27 ++
 .../erc20shim/ERC20Shim/abi_decode_gen.lean   | 116 ++++++++
 .../ERC20Shim/abi_decode_tuple_address.lean   |  25 ++
 .../abi_decode_tuple_address_gen.lean         | 130 +++++++++
 .../abi_decode_tuple_address_user.lean        |  26 ++
 .../ERC20Shim/abi_decode_uint256.lean         |  23 ++
 .../ERC20Shim/abi_decode_uint256_gen.lean     | 106 ++++++++
 .../ERC20Shim/abi_decode_uint256_user.lean    |  24 ++
 .../erc20shim/ERC20Shim/abi_decode_user.lean  |  25 ++
 .../ERC20Shim/abi_encode_address.lean         |  22 ++
 .../ERC20Shim/abi_encode_address_gen.lean     | 104 +++++++
 .../abi_encode_address_uint256_uint256.lean   |  24 ++
 ...bi_encode_address_uint256_uint256_gen.lean | 156 +++++++++++
 ...i_encode_address_uint256_uint256_user.lean |  25 ++
 .../ERC20Shim/abi_encode_address_user.lean    |  23 ++
 .../erc20shim/ERC20Shim/abi_encode_bool.lean  |  23 ++
 .../ERC20Shim/abi_encode_bool_gen.lean        | 109 ++++++++
 .../ERC20Shim/abi_encode_bool_to_bool.lean    |  22 ++
 .../abi_encode_bool_to_bool_gen.lean          | 104 +++++++
 .../abi_encode_bool_to_bool_user.lean         |  23 ++
 .../ERC20Shim/abi_encode_bool_user.lean       |  24 ++
 .../ERC20Shim/abi_encode_string.lean          |  23 ++
 .../ERC20Shim/abi_encode_string_gen.lean      | 116 ++++++++
 .../abi_encode_string_memory_ptr.lean         |  24 ++
 .../abi_encode_string_memory_ptr_gen.lean     | 156 +++++++++++
 .../abi_encode_string_memory_ptr_user.lean    |  25 ++
 .../ERC20Shim/abi_encode_string_storage.lean  |  26 ++
 .../abi_encode_string_storage_gen.lean        | 168 ++++++++++++
 .../abi_encode_string_storage_user.lean       |  27 ++
 .../ERC20Shim/abi_encode_string_user.lean     |  24 ++
 .../ERC20Shim/abi_encode_tuple_address.lean   |  23 ++
 .../abi_encode_tuple_address_gen.lean         | 109 ++++++++
 .../abi_encode_tuple_address_user.lean        |  24 ++
 .../ERC20Shim/abi_encode_uint256.lean         |  23 ++
 .../ERC20Shim/abi_encode_uint256_gen.lean     | 109 ++++++++
 .../abi_encode_uint256_to_uint256.lean        |  22 ++
 .../abi_encode_uint256_to_uint256_gen.lean    |  90 +++++++
 .../abi_encode_uint256_to_uint256_user.lean   |  23 ++
 .../ERC20Shim/abi_encode_uint256_user.lean    |  24 ++
 .../erc20shim/ERC20Shim/abi_encode_uint8.lean |  23 ++
 .../ERC20Shim/abi_encode_uint8_gen.lean       | 109 ++++++++
 .../ERC20Shim/abi_encode_uint8_to_uint8.lean  |  22 ++
 .../abi_encode_uint8_to_uint8_gen.lean        | 100 +++++++
 .../abi_encode_uint8_to_uint8_user.lean       |  23 ++
 .../ERC20Shim/abi_encode_uint8_user.lean      |  24 ++
 .../array_dataslot_string_storage.lean        |  22 ++
 .../array_dataslot_string_storage_gen.lean    | 104 +++++++
 .../array_dataslot_string_storage_user.lean   |  23 ++
 .../array_storeLengthForEncoding_string.lean  |  22 ++
 ...oreLengthForEncoding_string_fromStack.lean |  22 ++
 ...engthForEncoding_string_fromStack_gen.lean | 100 +++++++
 ...ngthForEncoding_string_fromStack_user.lean |  23 ++
 ...ray_storeLengthForEncoding_string_gen.lean | 100 +++++++
 ...ay_storeLengthForEncoding_string_user.lean |  23 ++
 .../ERC20Shim/checked_add_uint256.lean        |  24 ++
 .../ERC20Shim/checked_add_uint256_gen.lean    | 118 ++++++++
 .../ERC20Shim/checked_add_uint256_user.lean   |  25 ++
 ...y_array_from_storage_to_memory_string.lean |  24 ++
 ...ray_from_storage_to_memory_string_gen.lean | 129 +++++++++
 ...ay_from_storage_to_memory_string_user.lean |  25 ++
 .../copy_memory_to_memory_with_cleanup.lean   |  23 ++
 ...opy_memory_to_memory_with_cleanup_gen.lean | 125 +++++++++
 ...py_memory_to_memory_with_cleanup_user.lean |  24 ++
 .../ERC20Shim/extract_byte_array_length.lean  |  25 ++
 .../extract_byte_array_length_gen.lean        | 157 +++++++++++
 .../extract_byte_array_length_user.lean       |  26 ++
 .../ERC20Shim/finalize_allocation.lean        |  24 ++
 .../ERC20Shim/finalize_allocation_gen.lean    | 157 +++++++++++
 .../ERC20Shim/finalize_allocation_user.lean   |  25 ++
 .../erc20shim/ERC20Shim/fun__approve.lean     |  30 +++
 .../erc20shim/ERC20Shim/fun__approve_gen.lean | 253 ++++++++++++++++++
 .../ERC20Shim/fun__approve_user.lean          |  31 +++
 .../erc20shim/ERC20Shim/fun__transfer.lean    |  26 ++
 .../ERC20Shim/fun__transfer_gen.lean          | 193 +++++++++++++
 .../ERC20Shim/fun__transfer_user.lean         |  27 ++
 .../erc20shim/ERC20Shim/fun_allowance.lean    |  24 ++
 .../ERC20Shim/fun_allowance_gen.lean          | 121 +++++++++
 .../ERC20Shim/fun_allowance_user.lean         |  25 ++
 .../erc20shim/ERC20Shim/fun_approve.lean      |  24 ++
 .../erc20shim/ERC20Shim/fun_approve_420.lean  |  23 ++
 .../ERC20Shim/fun_approve_420_gen.lean        | 107 ++++++++
 .../ERC20Shim/fun_approve_420_user.lean       |  24 ++
 .../erc20shim/ERC20Shim/fun_approve_gen.lean  | 118 ++++++++
 .../erc20shim/ERC20Shim/fun_approve_user.lean |  25 ++
 .../erc20shim/ERC20Shim/fun_balanceOf.lean    |  23 ++
 .../ERC20Shim/fun_balanceOf_gen.lean          | 107 ++++++++
 .../ERC20Shim/fun_balanceOf_user.lean         |  24 ++
 .../erc20shim/ERC20Shim/fun_decimals.lean     |  22 ++
 .../erc20shim/ERC20Shim/fun_decimals_gen.lean |  85 ++++++
 .../ERC20Shim/fun_decimals_user.lean          |  23 ++
 .../erc20shim/ERC20Shim/fun_msgSender.lean    |  22 ++
 .../ERC20Shim/fun_msgSender_gen.lean          |  89 ++++++
 .../ERC20Shim/fun_msgSender_user.lean         |  23 ++
 Generated/erc20shim/ERC20Shim/fun_name.lean   |  23 ++
 .../erc20shim/ERC20Shim/fun_name_gen.lean     | 101 +++++++
 .../erc20shim/ERC20Shim/fun_name_user.lean    |  24 ++
 .../ERC20Shim/fun_spendAllowance.lean         |  26 ++
 .../ERC20Shim/fun_spendAllowance_gen.lean     | 157 +++++++++++
 .../ERC20Shim/fun_spendAllowance_user.lean    |  27 ++
 Generated/erc20shim/ERC20Shim/fun_symbol.lean |  23 ++
 .../erc20shim/ERC20Shim/fun_symbol_gen.lean   | 101 +++++++
 .../erc20shim/ERC20Shim/fun_symbol_user.lean  |  24 ++
 .../erc20shim/ERC20Shim/fun_totalSupply.lean  |  22 ++
 .../ERC20Shim/fun_totalSupply_gen.lean        |  93 +++++++
 .../ERC20Shim/fun_totalSupply_user.lean       |  23 ++
 .../erc20shim/ERC20Shim/fun_transfer.lean     |  24 ++
 .../erc20shim/ERC20Shim/fun_transferFrom.lean |  25 ++
 .../ERC20Shim/fun_transferFrom_gen.lean       | 135 ++++++++++
 .../ERC20Shim/fun_transferFrom_user.lean      |  26 ++
 .../erc20shim/ERC20Shim/fun_transfer_gen.lean | 118 ++++++++
 .../ERC20Shim/fun_transfer_user.lean          |  25 ++
 Generated/erc20shim/ERC20Shim/fun_update.lean |  29 ++
 .../erc20shim/ERC20Shim/fun_update_gen.lean   | 253 ++++++++++++++++++
 .../erc20shim/ERC20Shim/fun_update_user.lean  |  30 +++
 ...ss_mapping_address_uint256_of_address.lean |  22 ++
 ...apping_address_uint256_of_address_gen.lean | 119 ++++++++
 ...pping_address_uint256_of_address_user.lean |  23 ++
 ...ss_mapping_address_uint256_of_address.lean |  22 ++
 ...apping_address_uint256_of_address_gen.lean | 119 ++++++++
 ...pping_address_uint256_of_address_user.lean |  23 ++
 .../erc20shim/ERC20Shim/panic_error_0x11.lean |  22 ++
 .../ERC20Shim/panic_error_0x11_gen.lean       | 122 +++++++++
 .../ERC20Shim/panic_error_0x11_user.lean      |  23 ++
 .../erc20shim/ERC20Shim/panic_error_0x22.lean |  22 ++
 .../ERC20Shim/panic_error_0x22_gen.lean       | 122 +++++++++
 .../ERC20Shim/panic_error_0x22_user.lean      |  23 ++
 .../erc20shim/ERC20Shim/panic_error_0x41.lean |  22 ++
 .../ERC20Shim/panic_error_0x41_gen.lean       | 122 +++++++++
 .../ERC20Shim/panic_error_0x41_user.lean      |  23 ++
 ...b8cf91c1b902ef5e3cb8d9f6f304cf7446f74.lean |  22 ++
 ...91c1b902ef5e3cb8d9f6f304cf7446f74_gen.lean |  96 +++++++
 ...1c1b902ef5e3cb8d9f6f304cf7446f74_user.lean |  23 ++
 ...5db7774001b90d25810abd9040049be7bf4bb.lean |  22 ++
 ...774001b90d25810abd9040049be7bf4bb_gen.lean |  96 +++++++
 ...74001b90d25810abd9040049be7bf4bb_user.lean |  23 ++
 ...e83918d802a52331272ac6fdb6a7c4aea3b1b.lean |  22 ++
 ...18d802a52331272ac6fdb6a7c4aea3b1b_gen.lean |  96 +++++++
 ...8d802a52331272ac6fdb6a7c4aea3b1b_user.lean |  23 ++
 .../ERC20Shim/update_byte_slice_shift.lean    |  22 ++
 .../update_byte_slice_shift_gen.lean          |  89 ++++++
 .../update_byte_slice_shift_user.lean         |  23 ++
 ...rage_value_offsett_uint256_to_uint256.lean |  23 ++
 ..._value_offsett_uint256_to_uint256_gen.lean | 112 ++++++++
 ...value_offsett_uint256_to_uint256_user.lean |  24 ++
 .../ERC20Shim/validator_revert_address.lean   |  23 ++
 .../validator_revert_address_gen.lean         | 129 +++++++++
 .../validator_revert_address_user.lean        |  24 ++
 .../ERC20Shim/validator_revert_uint256.lean   |  23 ++
 .../validator_revert_uint256_gen.lean         | 107 ++++++++
 .../validator_revert_uint256_user.lean        |  24 ++
 vc/stack.yaml                                 |   6 +-
 224 files changed, 12705 insertions(+), 17 deletions(-)
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_384845947645085899.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_384845947645085899_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_384845947645085899_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_address.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_address_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_address_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_addresst_address.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_tuple_address.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_uint256.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_uint256_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_uint256_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_decode_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_address.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_address_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_address_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_bool.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_bool_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_bool_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_string.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_string_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_string_storage.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_string_storage_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_string_storage_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_string_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_tuple_address.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_uint256.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_uint256_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_uint256_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_uint8.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_uint8_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/abi_encode_uint8_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/array_dataslot_string_storage.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/checked_add_uint256.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/checked_add_uint256_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/checked_add_uint256_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/extract_byte_array_length.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/extract_byte_array_length_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/extract_byte_array_length_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/finalize_allocation.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/finalize_allocation_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/finalize_allocation_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun__approve.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun__approve_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun__approve_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun__transfer.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun__transfer_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_allowance.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_allowance_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_approve.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_approve_420.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_approve_420_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_approve_420_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_approve_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_approve_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_balanceOf.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_decimals.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_decimals_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_decimals_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_msgSender.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_msgSender_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_msgSender_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_name.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_name_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_name_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_spendAllowance.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_symbol.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_symbol_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_symbol_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_totalSupply.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_transfer.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_transferFrom.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_transferFrom_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_transfer_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_transfer_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_update.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_update_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/fun_update_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/panic_error_0x11.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/panic_error_0x11_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/panic_error_0x22.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/panic_error_0x22_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/panic_error_0x22_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/panic_error_0x41.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/panic_error_0x41_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/panic_error_0x41_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/update_byte_slice_shift.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/update_byte_slice_shift_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/update_byte_slice_shift_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/validator_revert_address.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/validator_revert_address_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/validator_revert_address_user.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/validator_revert_uint256.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/validator_revert_uint256_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/validator_revert_uint256_user.lean

diff --git a/All.lean b/All.lean
index 2245d5c..a4ac6d1 100644
--- a/All.lean
+++ b/All.lean
@@ -1,21 +1,243 @@
-import Generated.peano.Peano.addk
 import Generated.peano.Peano.addk_user
-import Generated.peano.Peano.expk_user
-import Generated.peano.Peano.mulk_user
-import Generated.peano.Peano.mulk
-import Generated.peano.Peano.expk
-import Generated.peano.Peano.mulk_gen
 import Generated.peano.Peano.expk_gen
 import Generated.peano.Peano.addk_gen
-import Generated.peano.Peano.Common.for_84821961910748561
-import Generated.peano.Peano.Common.if_6183625948864629624_gen
-import Generated.peano.Peano.Common.for_4806375509446804985_gen
-import Generated.peano.Peano.Common.for_727972558926940900_gen
-import Generated.peano.Peano.Common.for_84821961910748561_user
+import Generated.peano.Peano.mulk
+import Generated.peano.Peano.expk_user
+import Generated.peano.Peano.mulk_gen
+import Generated.peano.Peano.expk
+import Generated.peano.Peano.addk
+import Generated.peano.Peano.mulk_user
 import Generated.peano.Peano.Common.if_6183625948864629624_user
 import Generated.peano.Peano.Common.for_727972558926940900_user
-import Generated.peano.Peano.Common.for_727972558926940900
-import Generated.peano.Peano.Common.for_4806375509446804985
+import Generated.peano.Peano.Common.for_4806375509446804985_gen
 import Generated.peano.Peano.Common.for_84821961910748561_gen
 import Generated.peano.Peano.Common.for_4806375509446804985_user
+import Generated.peano.Peano.Common.for_4806375509446804985
+import Generated.peano.Peano.Common.for_727972558926940900_gen
+import Generated.peano.Peano.Common.for_84821961910748561
 import Generated.peano.Peano.Common.if_6183625948864629624
+import Generated.peano.Peano.Common.for_727972558926940900
+import Generated.peano.Peano.Common.if_6183625948864629624_gen
+import Generated.peano.Peano.Common.for_84821961910748561_user
+import Generated.erc20shim.ERC20Shim.abi_encode_string_user
+import Generated.erc20shim.ERC20Shim.abi_decode_tuple_address_gen
+import Generated.erc20shim.ERC20Shim.abi_encode_string_memory_ptr_user
+import Generated.erc20shim.ERC20Shim.fun_approve_user
+import Generated.erc20shim.ERC20Shim.abi_encode_string_storage_user
+import Generated.erc20shim.ERC20Shim.fun_balanceOf_user
+import Generated.erc20shim.ERC20Shim.panic_error_0x22_user
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256_gen
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_address_gen
+import Generated.erc20shim.ERC20Shim.fun_msgSender
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_uint256
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_gen
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.fun_allowance
+import Generated.erc20shim.ERC20Shim.abi_encode_address_gen
+import Generated.erc20shim.ERC20Shim.fun_totalSupply_user
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_uint256_gen
+import Generated.erc20shim.ERC20Shim.finalize_allocation_gen
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_gen
+import Generated.erc20shim.ERC20Shim.copy_memory_to_memory_with_cleanup_user
+import Generated.erc20shim.ERC20Shim.update_byte_slice_shift_gen
+import Generated.erc20shim.ERC20Shim.panic_error_0x11_gen
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_to_bool
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_fromStack_user
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256_user
+import Generated.erc20shim.ERC20Shim.fun_decimals
+import Generated.erc20shim.ERC20Shim.abi_decode_address_user
+import Generated.erc20shim.ERC20Shim.fun__transfer_gen
+import Generated.erc20shim.ERC20Shim.panic_error_0x22
+import Generated.erc20shim.ERC20Shim.fun_allowance_user
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_addresst_uint256_gen
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_addresst_uint256
+import Generated.erc20shim.ERC20Shim.revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen
+import Generated.erc20shim.ERC20Shim.validator_revert_uint256_user
+import Generated.erc20shim.ERC20Shim.panic_error_0x41_gen
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_user
+import Generated.erc20shim.ERC20Shim.fun__approve
+import Generated.erc20shim.ERC20Shim.fun_transferFrom_gen
+import Generated.erc20shim.ERC20Shim.fun_approve_420
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_gen
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+import Generated.erc20shim.ERC20Shim.validator_revert_address
+import Generated.erc20shim.ERC20Shim.fun_decimals_user
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_gen
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_user
+import Generated.erc20shim.ERC20Shim.revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen
+import Generated.erc20shim.ERC20Shim.abi_decode_address
+import Generated.erc20shim.ERC20Shim.panic_error_0x41
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address_user
+import Generated.erc20shim.ERC20Shim.abi_encode_address_user
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256_gen
+import Generated.erc20shim.ERC20Shim.fun_spendAllowance_user
+import Generated.erc20shim.ERC20Shim.abi_encode_bool
+import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string_gen
+import Generated.erc20shim.ERC20Shim.abi_decode_uint256_gen
+import Generated.erc20shim.ERC20Shim.fun_update
+import Generated.erc20shim.ERC20Shim.abi_encode_string_gen
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256_user
+import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string_user
+import Generated.erc20shim.ERC20Shim.abi_decode_address_gen
+import Generated.erc20shim.ERC20Shim.revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb
+import Generated.erc20shim.ERC20Shim.fun_totalSupply_gen
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256
+import Generated.erc20shim.ERC20Shim.fun_update_gen
+import Generated.erc20shim.ERC20Shim.fun_approve_420_gen
+import Generated.erc20shim.ERC20Shim.revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_user
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_user
+import Generated.erc20shim.ERC20Shim.fun_transfer_user
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address_user
+import Generated.erc20shim.ERC20Shim.fun_spendAllowance
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_address_user
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_to_bool_user
+import Generated.erc20shim.ERC20Shim.fun_approve
+import Generated.erc20shim.ERC20Shim.abi_encode_string_storage_gen
+import Generated.erc20shim.ERC20Shim.fun__transfer
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string
+import Generated.erc20shim.ERC20Shim.checked_add_uint256
+import Generated.erc20shim.ERC20Shim.fun_approve_420_user
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8
+import Generated.erc20shim.ERC20Shim.checked_add_uint256_gen
+import Generated.erc20shim.ERC20Shim.fun__transfer_user
+import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage
+import Generated.erc20shim.ERC20Shim.abi_decode_gen
+import Generated.erc20shim.ERC20Shim.update_byte_slice_shift_user
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+import Generated.erc20shim.ERC20Shim.abi_decode_tuple_address_user
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address_gen
+import Generated.erc20shim.ERC20Shim.fun_spendAllowance_gen
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_addresst_uint256_user
+import Generated.erc20shim.ERC20Shim.fun__approve_gen
+import Generated.erc20shim.ERC20Shim.abi_decode_tuple_address
+import Generated.erc20shim.ERC20Shim.abi_encode_address
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_uint256_user
+import Generated.erc20shim.ERC20Shim.fun_name
+import Generated.erc20shim.ERC20Shim.fun_msgSender_gen
+import Generated.erc20shim.ERC20Shim.abi_encode_string_storage
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.fun_transfer
+import Generated.erc20shim.ERC20Shim.fun_update_user
+import Generated.erc20shim.ERC20Shim.checked_add_uint256_user
+import Generated.erc20shim.ERC20Shim.fun_name_gen
+import Generated.erc20shim.ERC20Shim.copy_memory_to_memory_with_cleanup
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_user
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256_user
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_user
+import Generated.erc20shim.ERC20Shim.panic_error_0x11_user
+import Generated.erc20shim.ERC20Shim.abi_encode_string_memory_ptr
+import Generated.erc20shim.ERC20Shim.fun_symbol
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_user
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_to_uint8_user
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_fromStack
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256
+import Generated.erc20shim.ERC20Shim.fun_approve_gen
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256_gen
+import Generated.erc20shim.ERC20Shim.fun_msgSender_user
+import Generated.erc20shim.ERC20Shim.abi_decode_uint256
+import Generated.erc20shim.ERC20Shim.extract_byte_array_length_user
+import Generated.erc20shim.ERC20Shim.abi_decode_uint256_user
+import Generated.erc20shim.ERC20Shim.extract_byte_array_length
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_to_bool_gen
+import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage_gen
+import Generated.erc20shim.ERC20Shim.abi_decode_user
+import Generated.erc20shim.ERC20Shim.finalize_allocation_user
+import Generated.erc20shim.ERC20Shim.fun_transferFrom
+import Generated.erc20shim.ERC20Shim.panic_error_0x41_user
+import Generated.erc20shim.ERC20Shim.finalize_allocation
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256
+import Generated.erc20shim.ERC20Shim.fun_name_user
+import Generated.erc20shim.ERC20Shim.validator_revert_uint256
+import Generated.erc20shim.ERC20Shim.validator_revert_address_user
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.extract_byte_array_length_gen
+import Generated.erc20shim.ERC20Shim.fun_symbol_user
+import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string
+import Generated.erc20shim.ERC20Shim.fun__approve_user
+import Generated.erc20shim.ERC20Shim.fun_allowance_gen
+import Generated.erc20shim.ERC20Shim.copy_memory_to_memory_with_cleanup_gen
+import Generated.erc20shim.ERC20Shim.fun_balanceOf
+import Generated.erc20shim.ERC20Shim.abi_encode_string_memory_ptr_gen
+import Generated.erc20shim.ERC20Shim.fun_decimals_gen
+import Generated.erc20shim.ERC20Shim.fun_totalSupply
+import Generated.erc20shim.ERC20Shim.abi_encode_string
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_address
+import Generated.erc20shim.ERC20Shim.abi_decode
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_fromStack_gen
+import Generated.erc20shim.ERC20Shim.panic_error_0x11
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_to_uint8_gen
+import Generated.erc20shim.ERC20Shim.validator_revert_uint256_gen
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_gen
+import Generated.erc20shim.ERC20Shim.revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_user
+import Generated.erc20shim.ERC20Shim.validator_revert_address_gen
+import Generated.erc20shim.ERC20Shim.fun_balanceOf_gen
+import Generated.erc20shim.ERC20Shim.fun_transfer_gen
+import Generated.erc20shim.ERC20Shim.panic_error_0x22_gen
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen
+import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage_user
+import Generated.erc20shim.ERC20Shim.fun_symbol_gen
+import Generated.erc20shim.ERC20Shim.update_byte_slice_shift
+import Generated.erc20shim.ERC20Shim.fun_transferFrom_user
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_to_uint8
+import Generated.erc20shim.ERC20Shim.revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110_gen
+import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506_user
+import Generated.erc20shim.ERC20Shim.Common.if_2792370840247009933
+import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040
+import Generated.erc20shim.ERC20Shim.Common.if_2792370840247009933_gen
+import Generated.erc20shim.ERC20Shim.Common.if_5042234445269809685_user
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838_user
+import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506
+import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831_user
+import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348_gen
+import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734_gen
+import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453_user
+import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229
+import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453
+import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040_user
+import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040_gen
+import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189
+import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453_gen
+import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899
+import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657
+import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335_user
+import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335_gen
+import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189_gen
+import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229_user
+import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734
+import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899_user
+import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110
+import Generated.erc20shim.ERC20Shim.Common.if_2792370840247009933_user
+import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225
+import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734_user
+import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942_gen
+import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506_gen
+import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225_user
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838_gen
+import Generated.erc20shim.ERC20Shim.Common.if_5042234445269809685
+import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899_gen
+import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326_gen
+import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229_gen
+import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348_user
+import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172_user
+import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941_gen
+import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326_user
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110_user
+import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942
+import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172
+import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326
+import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172_gen
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831_gen
+import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225_gen
+import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941
+import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657_gen
+import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941_user
+import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657_user
+import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942_user
+import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189_user
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.Common.if_5042234445269809685_gen
diff --git a/Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453.lean b/Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453.lean
new file mode 100644
index 0000000..45e32dc
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453.lean
@@ -0,0 +1,35 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453_gen
+
+import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453_user
+
+
+namespace ERC20Shim.Common
+
+set_option autoImplicit false
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma for_1821242857744567453_post_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel (Block for_1821242857744567453_post) s₀ = s₉ →
+        Spec APost_for_1821242857744567453 s₀ s₉ :=
+    λ _ h ↦ for_1821242857744567453_concrete_of_post_abs (for_1821242857744567453_post_concrete_of_code.2 h)
+
+lemma for_1821242857744567453_body_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel (Block for_1821242857744567453_body) s₀ = s₉ →
+        Spec ABody_for_1821242857744567453 s₀ s₉ :=
+    λ _ h ↦ for_1821242857744567453_concrete_of_body_abs (for_1821242857744567453_body_concrete_of_code.2 h)
+
+-- | Code → Abstract (autogenerated).
+lemma for_1821242857744567453_abs_of_code {s₀ fuel} : ∀ s₉, exec fuel for_1821242857744567453 s₀ = s₉ → Spec AFor_for_1821242857744567453 s₀ s₉ := by
+  intros s₉
+  intros hcode
+  apply reasoning_principle_3 for_1821242857744567453_cond for_1821242857744567453_post for_1821242857744567453_body ACond_for_1821242857744567453 APost_for_1821242857744567453 ABody_for_1821242857744567453 AFor_for_1821242857744567453 AZero_for_1821242857744567453 AOk_for_1821242857744567453 AContinue_for_1821242857744567453 ABreak_for_1821242857744567453 ALeave_for_1821242857744567453 @for_1821242857744567453_cond_abs_of_code @for_1821242857744567453_post_abs_of_code @for_1821242857744567453_body_abs_of_code hcode
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453_gen.lean b/Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453_gen.lean
new file mode 100644
index 0000000..9dc33fd
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453_gen.lean
@@ -0,0 +1,144 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace ERC20Shim.Common
+
+set_option autoImplicit false
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def for_1821242857744567453_cond := <<
+    lt(i, length)
+>>
+
+def for_1821242857744567453_post : List Stmt := <ss
+    {
+    let _8 := 32
+    i := add(i, _8)
+}
+>
+
+def for_1821242857744567453_body : List Stmt := <ss
+{
+    let _9 := sload(dataPos)
+    let _10 := add(pos, i)
+    mstore(_10, _9)
+    let _11 := _1
+    dataPos := add(dataPos, _1)
+}
+>
+
+def for_1821242857744567453 := <s
+for { } lt(i, length) {
+    let _8 := 32
+    i := add(i, _8)
+} {
+    let _9 := sload(dataPos)
+    let _10 := add(pos, i)
+    mstore(_10, _9)
+    let _11 := _1
+    dataPos := add(dataPos, _1)
+}
+>
+
+set_option maxRecDepth 4000
+
+-- =============================================================================
+--  POST
+-- =============================================================================
+
+def for_1821242857744567453_post_concrete_of_code
+: {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel (Block for_1821242857744567453_post) s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec for_1821242857744567453_post
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · aesop
+  · aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+-- =============================================================================
+--  BODY
+-- =============================================================================
+
+def for_1821242857744567453_body_concrete_of_code
+: {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel (Block for_1821242857744567453_body) s₀ = s₉
+    → Spec C s₀ s₉
+  }
+:= by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec for_1821242857744567453_body
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · aesop
+  · aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSload']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453_user.lean b/Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453_user.lean
new file mode 100644
index 0000000..7dfc77f
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453_user.lean
@@ -0,0 +1,43 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453_gen
+
+
+namespace ERC20Shim.Common
+
+set_option autoImplicit false
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def ACond_for_1821242857744567453 (s₀ : State) : Literal := sorry 
+def APost_for_1821242857744567453 (s₀ s₉ : State) : Prop := sorry
+def ABody_for_1821242857744567453 (s₀ s₉ : State) : Prop := sorry
+def AFor_for_1821242857744567453 (s₀ s₉ : State) : Prop := sorry
+
+lemma for_1821242857744567453_cond_abs_of_code {s₀ fuel} : eval fuel for_1821242857744567453_cond (s₀) = (s₀, ACond_for_1821242857744567453 (s₀)) := by
+  unfold eval ACond_for_1821242857744567453
+  sorry
+
+lemma for_1821242857744567453_concrete_of_post_abs {s₀ s₉ : State} :
+  Spec for_1821242857744567453_post_concrete_of_code s₀ s₉ →
+  Spec APost_for_1821242857744567453 s₀ s₉ := by
+  sorry
+
+lemma for_1821242857744567453_concrete_of_body_abs {s₀ s₉ : State} :
+  Spec for_1821242857744567453_body_concrete_of_code s₀ s₉ →
+  Spec ABody_for_1821242857744567453 s₀ s₉ := by
+  sorry
+
+lemma AZero_for_1821242857744567453 : ∀ s₀, isOk s₀ → ACond_for_1821242857744567453 (👌 s₀) = 0 → AFor_for_1821242857744567453 s₀ s₀ := sorry
+lemma AOk_for_1821242857744567453 : ∀ s₀ s₂ s₄ s₅, isOk s₀ → isOk s₂ → ¬ ❓ s₅ → ¬ ACond_for_1821242857744567453 s₀ = 0 → ABody_for_1821242857744567453 s₀ s₂ → APost_for_1821242857744567453 s₂ s₄ → Spec AFor_for_1821242857744567453 s₄ s₅ → AFor_for_1821242857744567453 s₀ s₅
+:= sorry
+lemma AContinue_for_1821242857744567453 : ∀ s₀ s₂ s₄ s₅, isOk s₀ → isContinue s₂ → ¬ ACond_for_1821242857744567453 s₀ = 0 → ABody_for_1821242857744567453 s₀ s₂ → Spec APost_for_1821242857744567453 (🧟s₂) s₄ → Spec AFor_for_1821242857744567453 s₄ s₅ → AFor_for_1821242857744567453 s₀ s₅ := sorry
+lemma ABreak_for_1821242857744567453 : ∀ s₀ s₂, isOk s₀ → isBreak s₂ → ¬ ACond_for_1821242857744567453 s₀ = 0 → ABody_for_1821242857744567453 s₀ s₂ → AFor_for_1821242857744567453 s₀ (🧟s₂) := sorry
+lemma ALeave_for_1821242857744567453 : ∀ s₀ s₂, isOk s₀ → isLeave s₂ → ¬ ACond_for_1821242857744567453 s₀ = 0 → ABody_for_1821242857744567453 s₀ s₂ → AFor_for_1821242857744567453 s₀ s₂ := sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335.lean b/Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335.lean
new file mode 100644
index 0000000..d0fa764
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335.lean
@@ -0,0 +1,35 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335_gen
+
+import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335_user
+
+
+namespace ERC20Shim.Common
+
+set_option autoImplicit false
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma for_6088573059593786335_post_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel (Block for_6088573059593786335_post) s₀ = s₉ →
+        Spec APost_for_6088573059593786335 s₀ s₉ :=
+    λ _ h ↦ for_6088573059593786335_concrete_of_post_abs (for_6088573059593786335_post_concrete_of_code.2 h)
+
+lemma for_6088573059593786335_body_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel (Block for_6088573059593786335_body) s₀ = s₉ →
+        Spec ABody_for_6088573059593786335 s₀ s₉ :=
+    λ _ h ↦ for_6088573059593786335_concrete_of_body_abs (for_6088573059593786335_body_concrete_of_code.2 h)
+
+-- | Code → Abstract (autogenerated).
+lemma for_6088573059593786335_abs_of_code {s₀ fuel} : ∀ s₉, exec fuel for_6088573059593786335 s₀ = s₉ → Spec AFor_for_6088573059593786335 s₀ s₉ := by
+  intros s₉
+  intros hcode
+  apply reasoning_principle_3 for_6088573059593786335_cond for_6088573059593786335_post for_6088573059593786335_body ACond_for_6088573059593786335 APost_for_6088573059593786335 ABody_for_6088573059593786335 AFor_for_6088573059593786335 AZero_for_6088573059593786335 AOk_for_6088573059593786335 AContinue_for_6088573059593786335 ABreak_for_6088573059593786335 ALeave_for_6088573059593786335 @for_6088573059593786335_cond_abs_of_code @for_6088573059593786335_post_abs_of_code @for_6088573059593786335_body_abs_of_code hcode
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335_gen.lean b/Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335_gen.lean
new file mode 100644
index 0000000..91be11f
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335_gen.lean
@@ -0,0 +1,141 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace ERC20Shim.Common
+
+set_option autoImplicit false
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def for_6088573059593786335_cond := <<
+    lt(i, length)
+>>
+
+def for_6088573059593786335_post : List Stmt := <ss
+    {
+    let _1 := 32
+    i := add(i, _1)
+}
+>
+
+def for_6088573059593786335_body : List Stmt := <ss
+{
+    let _2 := add(src, i)
+    let _3 := mload(_2)
+    let _4 := add(dst, i)
+    mstore(_4, _3)
+}
+>
+
+def for_6088573059593786335 := <s
+for { } lt(i, length) {
+    let _1 := 32
+    i := add(i, _1)
+} {
+    let _2 := add(src, i)
+    let _3 := mload(_2)
+    let _4 := add(dst, i)
+    mstore(_4, _3)
+}
+>
+
+set_option maxRecDepth 4000
+
+-- =============================================================================
+--  POST
+-- =============================================================================
+
+def for_6088573059593786335_post_concrete_of_code
+: {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel (Block for_6088573059593786335_post) s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec for_6088573059593786335_post
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · aesop
+  · aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+-- =============================================================================
+--  BODY
+-- =============================================================================
+
+def for_6088573059593786335_body_concrete_of_code
+: {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel (Block for_6088573059593786335_body) s₀ = s₉
+    → Spec C s₀ s₉
+  }
+:= by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec for_6088573059593786335_body
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · aesop
+  · aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMMload']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335_user.lean b/Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335_user.lean
new file mode 100644
index 0000000..bf9e7dc
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335_user.lean
@@ -0,0 +1,43 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335_gen
+
+
+namespace ERC20Shim.Common
+
+set_option autoImplicit false
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def ACond_for_6088573059593786335 (s₀ : State) : Literal := sorry 
+def APost_for_6088573059593786335 (s₀ s₉ : State) : Prop := sorry
+def ABody_for_6088573059593786335 (s₀ s₉ : State) : Prop := sorry
+def AFor_for_6088573059593786335 (s₀ s₉ : State) : Prop := sorry
+
+lemma for_6088573059593786335_cond_abs_of_code {s₀ fuel} : eval fuel for_6088573059593786335_cond (s₀) = (s₀, ACond_for_6088573059593786335 (s₀)) := by
+  unfold eval ACond_for_6088573059593786335
+  sorry
+
+lemma for_6088573059593786335_concrete_of_post_abs {s₀ s₉ : State} :
+  Spec for_6088573059593786335_post_concrete_of_code s₀ s₉ →
+  Spec APost_for_6088573059593786335 s₀ s₉ := by
+  sorry
+
+lemma for_6088573059593786335_concrete_of_body_abs {s₀ s₉ : State} :
+  Spec for_6088573059593786335_body_concrete_of_code s₀ s₉ →
+  Spec ABody_for_6088573059593786335 s₀ s₉ := by
+  sorry
+
+lemma AZero_for_6088573059593786335 : ∀ s₀, isOk s₀ → ACond_for_6088573059593786335 (👌 s₀) = 0 → AFor_for_6088573059593786335 s₀ s₀ := sorry
+lemma AOk_for_6088573059593786335 : ∀ s₀ s₂ s₄ s₅, isOk s₀ → isOk s₂ → ¬ ❓ s₅ → ¬ ACond_for_6088573059593786335 s₀ = 0 → ABody_for_6088573059593786335 s₀ s₂ → APost_for_6088573059593786335 s₂ s₄ → Spec AFor_for_6088573059593786335 s₄ s₅ → AFor_for_6088573059593786335 s₀ s₅
+:= sorry
+lemma AContinue_for_6088573059593786335 : ∀ s₀ s₂ s₄ s₅, isOk s₀ → isContinue s₂ → ¬ ACond_for_6088573059593786335 s₀ = 0 → ABody_for_6088573059593786335 s₀ s₂ → Spec APost_for_6088573059593786335 (🧟s₂) s₄ → Spec AFor_for_6088573059593786335 s₄ s₅ → AFor_for_6088573059593786335 s₀ s₅ := sorry
+lemma ABreak_for_6088573059593786335 : ∀ s₀ s₂, isOk s₀ → isBreak s₂ → ¬ ACond_for_6088573059593786335 s₀ = 0 → ABody_for_6088573059593786335 s₀ s₂ → AFor_for_6088573059593786335 s₀ (🧟s₂) := sorry
+lemma ALeave_for_6088573059593786335 : ∀ s₀ s₂, isOk s₀ → isLeave s₂ → ¬ ACond_for_6088573059593786335 s₀ = 0 → ABody_for_6088573059593786335 s₀ s₂ → AFor_for_6088573059593786335 s₀ s₂ := sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229.lean b/Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229.lean
new file mode 100644
index 0000000..9fb8b54
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma if_1438067688173587229_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_1438067688173587229 s₀ = s₉ →
+        Spec A_if_1438067688173587229 s₀ s₉ :=
+  λ _ h ↦ if_1438067688173587229_abs_of_concrete (if_1438067688173587229_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229_gen.lean
new file mode 100644
index 0000000..43e52cb
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229_gen.lean
@@ -0,0 +1,67 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def if_1438067688173587229 := <s
+  if _1 
+{
+    let _2 := _1
+    let _3 := _1
+    revert(_1, _1)
+}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_1438067688173587229_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_1438067688173587229 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_1438067688173587229
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMRevert']
+  try simp
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229_user.lean
new file mode 100644
index 0000000..cefad9a
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229_user.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_if_1438067688173587229 (s₀ s₉ : State) : Prop := sorry
+
+lemma if_1438067688173587229_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_1438067688173587229_concrete_of_code s₀ s₉ →
+  Spec A_if_1438067688173587229 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838.lean b/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838.lean
new file mode 100644
index 0000000..7dae188
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma if_2130076443351184838_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_2130076443351184838 s₀ = s₉ →
+        Spec A_if_2130076443351184838 s₀ s₉ :=
+  λ _ h ↦ if_2130076443351184838_abs_of_concrete (if_2130076443351184838_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_gen.lean
new file mode 100644
index 0000000..bbf0dde
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_gen.lean
@@ -0,0 +1,118 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def if_2130076443351184838 := <s
+  if _4 
+{
+    let expr := var_spender
+    let expr_1 := var_currentAllowance
+    let expr_2 := var_value
+    let _5 := 64
+    let _6 := mload(_5)
+    let _7 := shl(225, 2110234841)
+    mstore(_6, _7)
+    let _8 := 4
+    let _9 := add(_6, _8)
+    let _10 := abi_encode_address_uint256_uint256(_9, var_spender, var_currentAllowance, var_value)
+    let _11 := sub(_10, _6)
+    revert(_6, _11)
+}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_2130076443351184838_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_2130076443351184838 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_2130076443351184838
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMMload']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMShl']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_address_uint256_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMRevert']
+  try simp
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_user.lean
new file mode 100644
index 0000000..a1df7c6
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_if_2130076443351184838 (s₀ s₉ : State) : Prop := sorry
+
+lemma if_2130076443351184838_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_2130076443351184838_concrete_of_code s₀ s₉ →
+  Spec A_if_2130076443351184838 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657.lean b/Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657.lean
new file mode 100644
index 0000000..ff12c5d
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+
+import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma if_2395397427938978657_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_2395397427938978657 s₀ = s₉ →
+        Spec A_if_2395397427938978657 s₀ s₉ :=
+  λ _ h ↦ if_2395397427938978657_abs_of_concrete (if_2395397427938978657_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657_gen.lean
new file mode 100644
index 0000000..d3185f5
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657_gen.lean
@@ -0,0 +1,114 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def if_2395397427938978657 := <s
+  if _13 
+{
+    let expr_3 := 0
+    let _14 := 64
+    let _15 := mload(_14)
+    let _16 := shl(224, 3963891461)
+    mstore(_15, _16)
+    let _17 := 4
+    let _18 := add(_15, _17)
+    let _19 := abi_encode_tuple_address(_18, expr_3)
+    let _20 := sub(_19, _15)
+    revert(_15, _20)
+}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_2395397427938978657_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_2395397427938978657 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_2395397427938978657
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMMload']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMShl']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_tuple_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMRevert']
+  try simp
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657_user.lean
new file mode 100644
index 0000000..9a309fa
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+
+import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_if_2395397427938978657 (s₀ s₉ : State) : Prop := sorry
+
+lemma if_2395397427938978657_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_2395397427938978657_concrete_of_code s₀ s₉ →
+  Spec A_if_2395397427938978657 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933.lean b/Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933.lean
new file mode 100644
index 0000000..6696811
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x11
+
+import Generated.erc20shim.ERC20Shim.Common.if_2792370840247009933_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_2792370840247009933_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma if_2792370840247009933_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_2792370840247009933 s₀ = s₉ →
+        Spec A_if_2792370840247009933 s₀ s₉ :=
+  λ _ h ↦ if_2792370840247009933_abs_of_concrete (if_2792370840247009933_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933_gen.lean
new file mode 100644
index 0000000..6dee4d2
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933_gen.lean
@@ -0,0 +1,68 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x11
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def if_2792370840247009933 := <s
+  if _1 
+{panic_error_0x11()}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_2792370840247009933_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_2792370840247009933 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_2792370840247009933
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (panic_error_0x11_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933_user.lean
new file mode 100644
index 0000000..b2e7629
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x11
+
+import Generated.erc20shim.ERC20Shim.Common.if_2792370840247009933_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_if_2792370840247009933 (s₀ s₉ : State) : Prop := sorry
+
+lemma if_2792370840247009933_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_2792370840247009933_concrete_of_code s₀ s₉ →
+  Spec A_if_2792370840247009933 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189.lean b/Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189.lean
new file mode 100644
index 0000000..6bc500e
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+
+import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma if_3812165059632449189_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_3812165059632449189 s₀ = s₉ →
+        Spec A_if_3812165059632449189 s₀ s₉ :=
+  λ _ h ↦ if_3812165059632449189_abs_of_concrete (if_3812165059632449189_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189_gen.lean
new file mode 100644
index 0000000..c6dd13d
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189_gen.lean
@@ -0,0 +1,114 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def if_3812165059632449189 := <s
+  if _3 
+{
+    let expr_1 := 0
+    let _4 := 64
+    let _5 := mload(_4)
+    let _6 := shl(224, 3858947845)
+    mstore(_5, _6)
+    let _7 := 4
+    let _8 := add(_5, _7)
+    let _9 := abi_encode_tuple_address(_8, expr_1)
+    let _10 := sub(_9, _5)
+    revert(_5, _10)
+}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_3812165059632449189_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_3812165059632449189 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_3812165059632449189
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMMload']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMShl']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_tuple_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMRevert']
+  try simp
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189_user.lean
new file mode 100644
index 0000000..37a8ef1
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+
+import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_if_3812165059632449189 (s₀ s₉ : State) : Prop := sorry
+
+lemma if_3812165059632449189_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_3812165059632449189_concrete_of_code s₀ s₉ →
+  Spec A_if_3812165059632449189 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_384845947645085899.lean b/Generated/erc20shim/ERC20Shim/Common/if_384845947645085899.lean
new file mode 100644
index 0000000..b446d0c
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_384845947645085899.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x22
+
+import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma if_384845947645085899_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_384845947645085899 s₀ = s₉ →
+        Spec A_if_384845947645085899 s₀ s₉ :=
+  λ _ h ↦ if_384845947645085899_abs_of_concrete (if_384845947645085899_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_384845947645085899_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_384845947645085899_gen.lean
new file mode 100644
index 0000000..91f6a3e
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_384845947645085899_gen.lean
@@ -0,0 +1,68 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x22
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def if_384845947645085899 := <s
+  if _7 
+{panic_error_0x22()}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_384845947645085899_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_384845947645085899 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_384845947645085899
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (panic_error_0x22_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_384845947645085899_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_384845947645085899_user.lean
new file mode 100644
index 0000000..df86783
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_384845947645085899_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x22
+
+import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_if_384845947645085899 (s₀ s₉ : State) : Prop := sorry
+
+lemma if_384845947645085899_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_384845947645085899_concrete_of_code s₀ s₉ →
+  Spec A_if_384845947645085899 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942.lean b/Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942.lean
new file mode 100644
index 0000000..95d7723
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+
+import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma if_3989404597755436942_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_3989404597755436942 s₀ = s₉ →
+        Spec A_if_3989404597755436942 s₀ s₉ :=
+  λ _ h ↦ if_3989404597755436942_abs_of_concrete (if_3989404597755436942_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942_gen.lean
new file mode 100644
index 0000000..7e61a04
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942_gen.lean
@@ -0,0 +1,118 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def if_3989404597755436942 := <s
+  if _7 
+{
+    let expr_1 := var_from
+    let expr_2 := _6
+    let expr_3 := var_value
+    let _8 := 64
+    let _9 := mload(_8)
+    let _10 := shl(226, 957625571)
+    mstore(_9, _10)
+    let _11 := 4
+    let _12 := add(_9, _11)
+    let _13 := abi_encode_address_uint256_uint256(_12, var_from, _6, var_value)
+    let _14 := sub(_13, _9)
+    revert(_9, _14)
+}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_3989404597755436942_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_3989404597755436942 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_3989404597755436942
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMMload']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMShl']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_address_uint256_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMRevert']
+  try simp
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942_user.lean
new file mode 100644
index 0000000..3752baa
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+
+import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_if_3989404597755436942 (s₀ s₉ : State) : Prop := sorry
+
+lemma if_3989404597755436942_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_3989404597755436942_concrete_of_code s₀ s₉ →
+  Spec A_if_3989404597755436942 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172.lean b/Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172.lean
new file mode 100644
index 0000000..293609f
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma if_4024499920364541172_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_4024499920364541172 s₀ = s₉ →
+        Spec A_if_4024499920364541172 s₀ s₉ :=
+  λ _ h ↦ if_4024499920364541172_abs_of_concrete (if_4024499920364541172_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172_gen.lean
new file mode 100644
index 0000000..c1f5397
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172_gen.lean
@@ -0,0 +1,64 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def if_4024499920364541172 := <s
+  if _3 
+{
+    let _4 := 127
+    length := and(length, _4)
+}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_4024499920364541172_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_4024499920364541172 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_4024499920364541172
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172_user.lean
new file mode 100644
index 0000000..93c4a6d
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172_user.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_if_4024499920364541172 (s₀ s₉ : State) : Prop := sorry
+
+lemma if_4024499920364541172_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_4024499920364541172_concrete_of_code s₀ s₉ →
+  Spec A_if_4024499920364541172 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326.lean b/Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326.lean
new file mode 100644
index 0000000..bb175f1
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+
+import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma if_4692225504622348326_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_4692225504622348326 s₀ = s₉ →
+        Spec A_if_4692225504622348326 s₀ s₉ :=
+  λ _ h ↦ if_4692225504622348326_abs_of_concrete (if_4692225504622348326_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326_gen.lean
new file mode 100644
index 0000000..2df0e7a
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326_gen.lean
@@ -0,0 +1,114 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def if_4692225504622348326 := <s
+  if _13 
+{
+    let expr_3 := 0
+    let _14 := 64
+    let _15 := mload(_14)
+    let _16 := shl(225, 1242826417)
+    mstore(_15, _16)
+    let _17 := 4
+    let _18 := add(_15, _17)
+    let _19 := abi_encode_tuple_address(_18, expr_3)
+    let _20 := sub(_19, _15)
+    revert(_15, _20)
+}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_4692225504622348326_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_4692225504622348326 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_4692225504622348326
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMMload']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMShl']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_tuple_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMRevert']
+  try simp
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326_user.lean
new file mode 100644
index 0000000..67fa2b8
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+
+import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_if_4692225504622348326 (s₀ s₉ : State) : Prop := sorry
+
+lemma if_4692225504622348326_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_4692225504622348326_concrete_of_code s₀ s₉ →
+  Spec A_if_4692225504622348326 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685.lean b/Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685.lean
new file mode 100644
index 0000000..221d82f
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256
+
+import Generated.erc20shim.ERC20Shim.Common.if_5042234445269809685_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_5042234445269809685_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma if_5042234445269809685_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_5042234445269809685 s₀ = s₉ →
+        Spec A_if_5042234445269809685 s₀ s₉ :=
+  λ _ h ↦ if_5042234445269809685_abs_of_concrete (if_5042234445269809685_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685_gen.lean
new file mode 100644
index 0000000..a17212f
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685_gen.lean
@@ -0,0 +1,103 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def if_5042234445269809685 := <s
+  if var_emitEvent 
+{
+    let expr_5 := var_owner
+    let expr_6 := var_spender
+    let expr_7 := var_value
+    let _24 := 63486140976153616755203102783360879283472101686154884697241723088393386309925
+    let _25 := _2
+    let _26 := _12
+    let _27 := 64
+    let _28 := mload(_27)
+    let _29 := abi_encode_uint256(_28, var_value)
+    let _30 := sub(_29, _28)
+    log3(_28, _30, _24, _2, _12)
+}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_5042234445269809685_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_5042234445269809685 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_5042234445269809685
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMMload']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMLog3']
+  try simp
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685_user.lean
new file mode 100644
index 0000000..aaa12e5
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256
+
+import Generated.erc20shim.ERC20Shim.Common.if_5042234445269809685_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_if_5042234445269809685 (s₀ s₉ : State) : Prop := sorry
+
+lemma if_5042234445269809685_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_5042234445269809685_concrete_of_code s₀ s₉ →
+  Spec A_if_5042234445269809685 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110.lean b/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110.lean
new file mode 100644
index 0000000..f1e1110
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.fun__approve
+
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma if_5327145078839977110_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_5327145078839977110 s₀ = s₉ →
+        Spec A_if_5327145078839977110 s₀ s₉ :=
+  λ _ h ↦ if_5327145078839977110_abs_of_concrete (if_5327145078839977110_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_gen.lean
new file mode 100644
index 0000000..39239b5
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_gen.lean
@@ -0,0 +1,122 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.fun__approve
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def if_5327145078839977110 := <s
+  if _3 
+{
+    let _4 := lt(var_currentAllowance, var_value)
+    if _4 
+    {
+        let expr := var_spender
+        let expr_1 := var_currentAllowance
+        let expr_2 := var_value
+        let _5 := 64
+        let _6 := mload(_5)
+        let _7 := shl(225, 2110234841)
+        mstore(_6, _7)
+        let _8 := 4
+        let _9 := add(_6, _8)
+        let _10 := abi_encode_address_uint256_uint256(_9, var_spender, var_currentAllowance, var_value)
+        let _11 := sub(_10, _6)
+        revert(_6, _11)
+    }
+    let expr_3 := var_owner
+    let expr_4 := var_spender
+    let _12 := 0
+    let _13 := sub(var_currentAllowance, var_value)
+    fun__approve(var_owner, var_spender, _13, _12)
+}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_5327145078839977110_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_5327145078839977110 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_5327145078839977110
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMLt']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_2130076443351184838_abs_of_code if_2130076443351184838 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (fun__approve_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_user.lean
new file mode 100644
index 0000000..781b147
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_user.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.fun__approve
+
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_if_5327145078839977110 (s₀ s₉ : State) : Prop := sorry
+
+lemma if_5327145078839977110_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_5327145078839977110_concrete_of_code s₀ s₉ →
+  Spec A_if_5327145078839977110 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831.lean b/Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831.lean
new file mode 100644
index 0000000..9e2d42b
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma if_7164014626810332831_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_7164014626810332831 s₀ = s₉ →
+        Spec A_if_7164014626810332831 s₀ s₉ :=
+  λ _ h ↦ if_7164014626810332831_abs_of_concrete (if_7164014626810332831_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831_gen.lean
new file mode 100644
index 0000000..4f7b2d7
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831_gen.lean
@@ -0,0 +1,68 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def if_7164014626810332831 := <s
+  if _3 
+{revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b()}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_7164014626810332831_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_7164014626810332831 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_7164014626810332831
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831_user.lean
new file mode 100644
index 0000000..6ea2030
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_if_7164014626810332831 (s₀ s₉ : State) : Prop := sorry
+
+lemma if_7164014626810332831_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_7164014626810332831_concrete_of_code s₀ s₉ →
+  Spec A_if_7164014626810332831 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506.lean b/Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506.lean
new file mode 100644
index 0000000..2679d07
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma if_8073281237182003506_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_8073281237182003506 s₀ = s₉ →
+        Spec A_if_8073281237182003506 s₀ s₉ :=
+  λ _ h ↦ if_8073281237182003506_abs_of_concrete (if_8073281237182003506_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506_gen.lean
new file mode 100644
index 0000000..e3785d8
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506_gen.lean
@@ -0,0 +1,67 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def if_8073281237182003506 := <s
+  if _4 
+{
+    let _5 := 0
+    let _6 := _5
+    revert(_5, _5)
+}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_8073281237182003506_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_8073281237182003506 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_8073281237182003506
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMRevert']
+  try simp
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506_user.lean
new file mode 100644
index 0000000..ebd03fc
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506_user.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_if_8073281237182003506 (s₀ s₉ : State) : Prop := sorry
+
+lemma if_8073281237182003506_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_8073281237182003506_concrete_of_code s₀ s₉ →
+  Spec A_if_8073281237182003506 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040.lean b/Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040.lean
new file mode 100644
index 0000000..5a61c64
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+
+import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma if_9141570808380448040_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_9141570808380448040 s₀ = s₉ →
+        Spec A_if_9141570808380448040 s₀ s₉ :=
+  λ _ h ↦ if_9141570808380448040_abs_of_concrete (if_9141570808380448040_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040_gen.lean
new file mode 100644
index 0000000..6dfbad4
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040_gen.lean
@@ -0,0 +1,114 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def if_9141570808380448040 := <s
+  if _3 
+{
+    let expr_1 := 0
+    let _4 := 64
+    let _5 := mload(_4)
+    let _6 := shl(225, 1264811663)
+    mstore(_5, _6)
+    let _7 := 4
+    let _8 := add(_5, _7)
+    let _9 := abi_encode_tuple_address(_8, expr_1)
+    let _10 := sub(_9, _5)
+    revert(_5, _10)
+}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_9141570808380448040_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_9141570808380448040 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_9141570808380448040
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMMload']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMShl']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_tuple_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMRevert']
+  try simp
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040_user.lean
new file mode 100644
index 0000000..d948f80
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+
+import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_if_9141570808380448040 (s₀ s₉ : State) : Prop := sorry
+
+lemma if_9141570808380448040_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_9141570808380448040_concrete_of_code s₀ s₉ →
+  Spec A_if_9141570808380448040 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225.lean b/Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225.lean
new file mode 100644
index 0000000..a7f9676
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x41
+
+import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma if_9222169807163418225_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_9222169807163418225 s₀ = s₉ →
+        Spec A_if_9222169807163418225 s₀ s₉ :=
+  λ _ h ↦ if_9222169807163418225_abs_of_concrete (if_9222169807163418225_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225_gen.lean
new file mode 100644
index 0000000..c89eafb
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225_gen.lean
@@ -0,0 +1,68 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x41
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def if_9222169807163418225 := <s
+  if _8 
+{panic_error_0x41()}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_9222169807163418225_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_9222169807163418225 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_9222169807163418225
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (panic_error_0x41_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225_user.lean
new file mode 100644
index 0000000..0d2870b
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x41
+
+import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_if_9222169807163418225 (s₀ s₉ : State) : Prop := sorry
+
+lemma if_9222169807163418225_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_9222169807163418225_concrete_of_code s₀ s₉ →
+  Spec A_if_9222169807163418225 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734.lean b/Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734.lean
new file mode 100644
index 0000000..4af1c85
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256
+
+import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734_gen
+
+import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma switch_1041419350816529734_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel switch_1041419350816529734 s₀ = s₉ →
+        Spec A_switch_1041419350816529734 s₀ s₉ :=
+  λ _ h ↦ switch_1041419350816529734_abs_of_concrete (switch_1041419350816529734_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734_gen.lean b/Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734_gen.lean
new file mode 100644
index 0000000..48013ad
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734_gen.lean
@@ -0,0 +1,144 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def switch_1041419350816529734 := <s
+  switch _24 case 0 {
+    let expr_6 := var_value
+    let _25 := 0
+    let _26 := mapping_index_access_mapping_address_uint256_of_address(_25, var_to)
+    let _27 := sload(_26)
+    let _28 := _27
+    let _29 := add(_27, var_value)
+    update_storage_value_offsett_uint256_to_uint256(_26, _29)
+}
+default
+{
+    let _30 := 2
+    let _31 := sload(_30)
+    let _32 := _31
+    let _33 := sub(_31, var_value)
+    let _34 := _30
+    update_storage_value_offsett_uint256_to_uint256(_30, _33)
+}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def switch_1041419350816529734_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel switch_1041419350816529734 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec switch_1041419350816529734
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Switch _ _ _ = f; aesop
+  · generalize Switch _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [Switch']
+
+  -- AST-specific tactics
+
+  unfold execSwitchCases
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (mapping_index_access_mapping_address_uint256_of_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSload']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (update_storage_value_offsett_uint256_to_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  
+  generalize hdefault : exec _ _ _ = sdef
+  unfold execSwitchCases
+  subst hdefault
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSload']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (update_storage_value_offsett_uint256_to_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734_user.lean b/Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734_user.lean
new file mode 100644
index 0000000..3e32f9f
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256
+
+import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_switch_1041419350816529734 (s₀ s₉ : State) : Prop := sorry
+
+lemma switch_1041419350816529734_abs_of_concrete {s₀ s₉ : State} :
+  Spec switch_1041419350816529734_concrete_of_code s₀ s₉ →
+  Spec A_switch_1041419350816529734 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941.lean b/Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941.lean
new file mode 100644
index 0000000..b3ced95
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941.lean
@@ -0,0 +1,27 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256
+import Generated.erc20shim.ERC20Shim.checked_add_uint256
+
+import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941_gen
+
+import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma switch_2364266820542243941_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel switch_2364266820542243941 s₀ = s₉ →
+        Spec A_switch_2364266820542243941 s₀ s₉ :=
+  λ _ h ↦ switch_2364266820542243941_abs_of_concrete (switch_2364266820542243941_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941_gen.lean b/Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941_gen.lean
new file mode 100644
index 0000000..3af3eeb
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941_gen.lean
@@ -0,0 +1,201 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256
+import Generated.erc20shim.ERC20Shim.checked_add_uint256
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def switch_2364266820542243941 := <s
+  switch _3 case 0 {
+    let _4 := 0
+    let _5 := mapping_index_access_mapping_address_uint256_of_address(_4, var_from)
+    let _6 := sload(_5)
+    let var_fromBalance := _6
+    let _7 := lt(_6, var_value)
+    if _7 
+    {
+        let expr_1 := var_from
+        let expr_2 := _6
+        let expr_3 := var_value
+        let _8 := 64
+        let _9 := mload(_8)
+        let _10 := shl(226, 957625571)
+        mstore(_9, _10)
+        let _11 := 4
+        let _12 := add(_9, _11)
+        let _13 := abi_encode_address_uint256_uint256(_12, var_from, _6, var_value)
+        let _14 := sub(_13, _9)
+        revert(_9, _14)
+    }
+    let expr_4 := sub(_6, var_value)
+    let _15 := _4
+    let _16 := mapping_index_access_mapping_address_uint256_of_address(_4, var_from)
+    update_storage_value_offsett_uint256_to_uint256(_16, expr_4)
+}
+default
+{
+    let _17 := 2
+    let _18 := sload(_17)
+    let _19 := _18
+    let _20 := checked_add_uint256(_18, var_value)
+    let _21 := _17
+    update_storage_value_offsett_uint256_to_uint256(_17, _20)
+}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def switch_2364266820542243941_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel switch_2364266820542243941 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec switch_2364266820542243941
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Switch _ _ _ = f; aesop
+  · generalize Switch _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [Switch']
+
+  -- AST-specific tactics
+
+  unfold execSwitchCases
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (mapping_index_access_mapping_address_uint256_of_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSload']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMLt']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_3989404597755436942_abs_of_code if_3989404597755436942 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (mapping_index_access_mapping_address_uint256_of_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (update_storage_value_offsett_uint256_to_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  
+  generalize hdefault : exec _ _ _ = sdef
+  unfold execSwitchCases
+  subst hdefault
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSload']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (checked_add_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (update_storage_value_offsett_uint256_to_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941_user.lean b/Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941_user.lean
new file mode 100644
index 0000000..9cb30a8
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941_user.lean
@@ -0,0 +1,27 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256
+import Generated.erc20shim.ERC20Shim.checked_add_uint256
+
+import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_switch_2364266820542243941 (s₀ s₉ : State) : Prop := sorry
+
+lemma switch_2364266820542243941_abs_of_concrete {s₀ s₉ : State} :
+  Spec switch_2364266820542243941_concrete_of_code s₀ s₉ →
+  Spec A_switch_2364266820542243941 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348.lean b/Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348.lean
new file mode 100644
index 0000000..b48026e
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage
+import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453
+
+import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348_gen
+
+import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma switch_8164987986085659348_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel switch_8164987986085659348 s₀ = s₉ →
+        Spec A_switch_8164987986085659348 s₀ s₉ :=
+  λ _ h ↦ switch_8164987986085659348_abs_of_concrete (switch_8164987986085659348_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348_gen.lean b/Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348_gen.lean
new file mode 100644
index 0000000..aa2d869
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348_gen.lean
@@ -0,0 +1,153 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage
+import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def switch_8164987986085659348 := <s
+  switch _2 case 0 {
+    let _3 := not(255)
+    let _4 := and(slotValue, _3)
+    mstore(pos, _4)
+    let _5 := iszero(length)
+    let _6 := iszero(_5)
+    let _7 := shl(5, _6)
+    ret := add(pos, _7)
+}
+case 1 {
+    let dataPos := array_dataslot_string_storage(value)
+    let i := 0
+    for { } lt(i, length) {
+        let _8 := 32
+        i := add(i, _8)
+    } {
+        let _9 := sload(dataPos)
+        let _10 := add(pos, i)
+        mstore(_10, _9)
+        let _11 := _1
+        dataPos := add(dataPos, _1)
+    }
+    ret := add(pos, i)
+}
+default
+{ }
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def switch_8164987986085659348_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel switch_8164987986085659348 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec switch_8164987986085659348
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Switch _ _ _ = f; aesop
+  · generalize Switch _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [Switch']
+
+  -- AST-specific tactics
+
+  unfold execSwitchCases
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMNot']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMIszero']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMIszero']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMShl']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (array_dataslot_string_storage_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract for_1821242857744567453_abs_of_code for_1821242857744567453 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  
+  generalize hdefault : exec _ _ _ = sdef
+  unfold execSwitchCases
+  subst hdefault
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348_user.lean b/Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348_user.lean
new file mode 100644
index 0000000..a29a7df
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage
+import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453
+
+import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348_gen
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_switch_8164987986085659348 (s₀ s₉ : State) : Prop := sorry
+
+lemma switch_8164987986085659348_abs_of_concrete {s₀ s₉ : State} :
+  Spec switch_8164987986085659348_concrete_of_code s₀ s₉ →
+  Spec A_switch_8164987986085659348 s₀ s₉ := by
+  sorry
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode.lean b/Generated/erc20shim/ERC20Shim/abi_decode.lean
new file mode 100644
index 0000000..3ab572a
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+
+import Generated.erc20shim.ERC20Shim.abi_decode_gen
+
+import Generated.erc20shim.ERC20Shim.abi_decode_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma abi_decode_abs_of_code {s₀ s₉ : State} { headStart dataEnd} {fuel : Nat} :
+  execCall fuel abi_decode [] (s₀, [headStart, dataEnd]) = s₉ →
+  Spec (A_abi_decode  headStart dataEnd) s₀ s₉
+:= λ h ↦ abi_decode_abs_of_concrete (abi_decode_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_address.lean b/Generated/erc20shim/ERC20Shim/abi_decode_address.lean
new file mode 100644
index 0000000..d06470e
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_address.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.validator_revert_address
+
+import Generated.erc20shim.ERC20Shim.abi_decode_address_gen
+
+import Generated.erc20shim.ERC20Shim.abi_decode_address_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma abi_decode_address_abs_of_code {s₀ s₉ : State} {value offset end_clear_sanitised_hrafn} {fuel : Nat} :
+  execCall fuel abi_decode_address [value] (s₀, [offset, end_clear_sanitised_hrafn]) = s₉ →
+  Spec (A_abi_decode_address value offset end_clear_sanitised_hrafn) s₀ s₉
+:= λ h ↦ abi_decode_address_abs_of_concrete (abi_decode_address_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_address_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_address_gen.lean
new file mode 100644
index 0000000..a04aa82
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_address_gen.lean
@@ -0,0 +1,106 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.validator_revert_address
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def abi_decode_address : FunctionDefinition := <f
+    function abi_decode_address(offset, end_clear_sanitised_hrafn) -> value
+    
+{
+    value := calldataload(offset)
+    validator_revert_address(value)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_decode_address_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {value offset end_clear_sanitised_hrafn fuel},
+         execCall fuel abi_decode_address [value] (s₀, [offset, end_clear_sanitised_hrafn]) = s₉ →
+         Spec (C value offset end_clear_sanitised_hrafn) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ value offset end_clear_sanitised_hrafn fuel
+  unfold abi_decode_address
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMCalldataload']
+  try simp
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (validator_revert_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_address_user.lean b/Generated/erc20shim/ERC20Shim/abi_decode_address_user.lean
new file mode 100644
index 0000000..2321fea
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_address_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.validator_revert_address
+
+import Generated.erc20shim.ERC20Shim.abi_decode_address_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_abi_decode_address (value : Identifier) (offset end_clear_sanitised_hrafn : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_decode_address_abs_of_concrete {s₀ s₉ : State} {value offset end_clear_sanitised_hrafn} :
+  Spec (abi_decode_address_concrete_of_code.1 value offset end_clear_sanitised_hrafn) s₀ s₉ →
+  Spec (A_abi_decode_address value offset end_clear_sanitised_hrafn) s₀ s₉ := by
+  unfold abi_decode_address_concrete_of_code A_abi_decode_address
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address.lean b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address.lean
new file mode 100644
index 0000000..5ad32ae
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+import Generated.erc20shim.ERC20Shim.abi_decode_address
+
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_address_gen
+
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_address_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma abi_decode_addresst_address_abs_of_code {s₀ s₉ : State} {value0 value1 headStart dataEnd} {fuel : Nat} :
+  execCall fuel abi_decode_addresst_address [value0, value1] (s₀, [headStart, dataEnd]) = s₉ →
+  Spec (A_abi_decode_addresst_address value0 value1 headStart dataEnd) s₀ s₉
+:= λ h ↦ abi_decode_addresst_address_abs_of_concrete (abi_decode_addresst_address_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_gen.lean
new file mode 100644
index 0000000..234ecc9
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_gen.lean
@@ -0,0 +1,151 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+import Generated.erc20shim.ERC20Shim.abi_decode_address
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def abi_decode_addresst_address : FunctionDefinition := <f
+    function abi_decode_addresst_address(headStart, dataEnd) -> value0, value1
+    
+{
+    let _1 := 64
+    let _2 := sub(dataEnd, headStart)
+    let _3 := slt(_2, _1)
+    if _3 
+    {revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b()}
+    value0 := abi_decode_address(headStart, dataEnd)
+    let _4 := 32
+    let _5 := add(headStart, _4)
+    value1 := abi_decode_address(_5, dataEnd)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_decode_addresst_address_concrete_of_code
+: {
+    C :
+      _ → _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {value0 value1 headStart dataEnd fuel},
+         execCall fuel abi_decode_addresst_address [value0, value1] (s₀, [headStart, dataEnd]) = s₉ →
+         Spec (C value0 value1 headStart dataEnd) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ value0 value1 headStart dataEnd fuel
+  unfold abi_decode_addresst_address
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSlt']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_7164014626810332831_abs_of_code if_7164014626810332831 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_decode_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_decode_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_user.lean b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_user.lean
new file mode 100644
index 0000000..8830eab
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_user.lean
@@ -0,0 +1,26 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+import Generated.erc20shim.ERC20Shim.abi_decode_address
+
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_address_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_abi_decode_addresst_address (value0 value1 : Identifier) (headStart dataEnd : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_decode_addresst_address_abs_of_concrete {s₀ s₉ : State} {value0 value1 headStart dataEnd} :
+  Spec (abi_decode_addresst_address_concrete_of_code.1 value0 value1 headStart dataEnd) s₀ s₉ →
+  Spec (A_abi_decode_addresst_address value0 value1 headStart dataEnd) s₀ s₉ := by
+  unfold abi_decode_addresst_address_concrete_of_code A_abi_decode_addresst_address
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256.lean b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256.lean
new file mode 100644
index 0000000..6d3b512
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256.lean
@@ -0,0 +1,26 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+import Generated.erc20shim.ERC20Shim.abi_decode_address
+import Generated.erc20shim.ERC20Shim.abi_decode_uint256
+
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_addresst_uint256_gen
+
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_addresst_uint256_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma abi_decode_addresst_addresst_uint256_abs_of_code {s₀ s₉ : State} {value0 value1 value2 headStart dataEnd} {fuel : Nat} :
+  execCall fuel abi_decode_addresst_addresst_uint256 [value0, value1, value2] (s₀, [headStart, dataEnd]) = s₉ →
+  Spec (A_abi_decode_addresst_addresst_uint256 value0 value1 value2 headStart dataEnd) s₀ s₉
+:= λ h ↦ abi_decode_addresst_addresst_uint256_abs_of_concrete (abi_decode_addresst_addresst_uint256_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_gen.lean
new file mode 100644
index 0000000..e4d8c00
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_gen.lean
@@ -0,0 +1,173 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+import Generated.erc20shim.ERC20Shim.abi_decode_address
+import Generated.erc20shim.ERC20Shim.abi_decode_uint256
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def abi_decode_addresst_addresst_uint256 : FunctionDefinition := <f
+    function abi_decode_addresst_addresst_uint256(headStart, dataEnd) -> value0, value1, value2
+    
+{
+    let _1 := 96
+    let _2 := sub(dataEnd, headStart)
+    let _3 := slt(_2, _1)
+    if _3 
+    {revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b()}
+    value0 := abi_decode_address(headStart, dataEnd)
+    let _4 := 32
+    let _5 := add(headStart, _4)
+    value1 := abi_decode_address(_5, dataEnd)
+    let _6 := 64
+    let _7 := add(headStart, _6)
+    value2 := abi_decode_uint256(_7, dataEnd)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_decode_addresst_addresst_uint256_concrete_of_code
+: {
+    C :
+      _ → _ → _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {value0 value1 value2 headStart dataEnd fuel},
+         execCall fuel abi_decode_addresst_addresst_uint256 [value0, value1, value2] (s₀, [headStart, dataEnd]) = s₉ →
+         Spec (C value0 value1 value2 headStart dataEnd) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ value0 value1 value2 headStart dataEnd fuel
+  unfold abi_decode_addresst_addresst_uint256
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSlt']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_7164014626810332831_abs_of_code if_7164014626810332831 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_decode_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_decode_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_decode_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_user.lean b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_user.lean
new file mode 100644
index 0000000..b0abd84
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_user.lean
@@ -0,0 +1,27 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+import Generated.erc20shim.ERC20Shim.abi_decode_address
+import Generated.erc20shim.ERC20Shim.abi_decode_uint256
+
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_addresst_uint256_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_abi_decode_addresst_addresst_uint256 (value0 value1 value2 : Identifier) (headStart dataEnd : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_decode_addresst_addresst_uint256_abs_of_concrete {s₀ s₉ : State} {value0 value1 value2 headStart dataEnd} :
+  Spec (abi_decode_addresst_addresst_uint256_concrete_of_code.1 value0 value1 value2 headStart dataEnd) s₀ s₉ →
+  Spec (A_abi_decode_addresst_addresst_uint256 value0 value1 value2 headStart dataEnd) s₀ s₉ := by
+  unfold abi_decode_addresst_addresst_uint256_concrete_of_code A_abi_decode_addresst_addresst_uint256
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256.lean b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256.lean
new file mode 100644
index 0000000..28ce57f
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256.lean
@@ -0,0 +1,26 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+import Generated.erc20shim.ERC20Shim.abi_decode_address
+import Generated.erc20shim.ERC20Shim.abi_decode_uint256
+
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_uint256_gen
+
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_uint256_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma abi_decode_addresst_uint256_abs_of_code {s₀ s₉ : State} {value0 value1 headStart dataEnd} {fuel : Nat} :
+  execCall fuel abi_decode_addresst_uint256 [value0, value1] (s₀, [headStart, dataEnd]) = s₉ →
+  Spec (A_abi_decode_addresst_uint256 value0 value1 headStart dataEnd) s₀ s₉
+:= λ h ↦ abi_decode_addresst_uint256_abs_of_concrete (abi_decode_addresst_uint256_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_gen.lean
new file mode 100644
index 0000000..c4b0094
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_gen.lean
@@ -0,0 +1,152 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+import Generated.erc20shim.ERC20Shim.abi_decode_address
+import Generated.erc20shim.ERC20Shim.abi_decode_uint256
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def abi_decode_addresst_uint256 : FunctionDefinition := <f
+    function abi_decode_addresst_uint256(headStart, dataEnd) -> value0, value1
+    
+{
+    let _1 := 64
+    let _2 := sub(dataEnd, headStart)
+    let _3 := slt(_2, _1)
+    if _3 
+    {revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b()}
+    value0 := abi_decode_address(headStart, dataEnd)
+    let _4 := 32
+    let _5 := add(headStart, _4)
+    value1 := abi_decode_uint256(_5, dataEnd)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_decode_addresst_uint256_concrete_of_code
+: {
+    C :
+      _ → _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {value0 value1 headStart dataEnd fuel},
+         execCall fuel abi_decode_addresst_uint256 [value0, value1] (s₀, [headStart, dataEnd]) = s₉ →
+         Spec (C value0 value1 headStart dataEnd) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ value0 value1 headStart dataEnd fuel
+  unfold abi_decode_addresst_uint256
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSlt']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_7164014626810332831_abs_of_code if_7164014626810332831 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_decode_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_decode_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_user.lean b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_user.lean
new file mode 100644
index 0000000..3523e32
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_user.lean
@@ -0,0 +1,27 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+import Generated.erc20shim.ERC20Shim.abi_decode_address
+import Generated.erc20shim.ERC20Shim.abi_decode_uint256
+
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_uint256_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_abi_decode_addresst_uint256 (value0 value1 : Identifier) (headStart dataEnd : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_decode_addresst_uint256_abs_of_concrete {s₀ s₉ : State} {value0 value1 headStart dataEnd} :
+  Spec (abi_decode_addresst_uint256_concrete_of_code.1 value0 value1 headStart dataEnd) s₀ s₉ →
+  Spec (A_abi_decode_addresst_uint256 value0 value1 headStart dataEnd) s₀ s₉ := by
+  unfold abi_decode_addresst_uint256_concrete_of_code A_abi_decode_addresst_uint256
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_gen.lean
new file mode 100644
index 0000000..0a78a89
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_gen.lean
@@ -0,0 +1,116 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def abi_decode : FunctionDefinition := <f
+    function abi_decode(headStart, dataEnd) -> 
+    
+{
+    let _1 := 0
+    let _2 := sub(dataEnd, headStart)
+    let _3 := slt(_2, _1)
+    if _3 
+    {revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b()}
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_decode_concrete_of_code
+: {
+    C :
+      _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} { headStart dataEnd fuel},
+         execCall fuel abi_decode [] (s₀, [headStart, dataEnd]) = s₉ →
+         Spec (C  headStart dataEnd) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉  headStart dataEnd fuel
+  unfold abi_decode
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSlt']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_7164014626810332831_abs_of_code if_7164014626810332831 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address.lean b/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address.lean
new file mode 100644
index 0000000..fa98ba7
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+import Generated.erc20shim.ERC20Shim.abi_decode_address
+
+import Generated.erc20shim.ERC20Shim.abi_decode_tuple_address_gen
+
+import Generated.erc20shim.ERC20Shim.abi_decode_tuple_address_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma abi_decode_tuple_address_abs_of_code {s₀ s₉ : State} {value0 headStart dataEnd} {fuel : Nat} :
+  execCall fuel abi_decode_tuple_address [value0] (s₀, [headStart, dataEnd]) = s₉ →
+  Spec (A_abi_decode_tuple_address value0 headStart dataEnd) s₀ s₉
+:= λ h ↦ abi_decode_tuple_address_abs_of_concrete (abi_decode_tuple_address_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_gen.lean
new file mode 100644
index 0000000..1caa0fa
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_gen.lean
@@ -0,0 +1,130 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+import Generated.erc20shim.ERC20Shim.abi_decode_address
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def abi_decode_tuple_address : FunctionDefinition := <f
+    function abi_decode_tuple_address(headStart, dataEnd) -> value0
+    
+{
+    let _1 := 32
+    let _2 := sub(dataEnd, headStart)
+    let _3 := slt(_2, _1)
+    if _3 
+    {revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b()}
+    value0 := abi_decode_address(headStart, dataEnd)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_decode_tuple_address_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {value0 headStart dataEnd fuel},
+         execCall fuel abi_decode_tuple_address [value0] (s₀, [headStart, dataEnd]) = s₉ →
+         Spec (C value0 headStart dataEnd) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ value0 headStart dataEnd fuel
+  unfold abi_decode_tuple_address
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSlt']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_7164014626810332831_abs_of_code if_7164014626810332831 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_decode_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_user.lean b/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_user.lean
new file mode 100644
index 0000000..ccfc027
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_user.lean
@@ -0,0 +1,26 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+import Generated.erc20shim.ERC20Shim.abi_decode_address
+
+import Generated.erc20shim.ERC20Shim.abi_decode_tuple_address_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_abi_decode_tuple_address (value0 : Identifier) (headStart dataEnd : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_decode_tuple_address_abs_of_concrete {s₀ s₉ : State} {value0 headStart dataEnd} :
+  Spec (abi_decode_tuple_address_concrete_of_code.1 value0 headStart dataEnd) s₀ s₉ →
+  Spec (A_abi_decode_tuple_address value0 headStart dataEnd) s₀ s₉ := by
+  unfold abi_decode_tuple_address_concrete_of_code A_abi_decode_tuple_address
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_uint256.lean b/Generated/erc20shim/ERC20Shim/abi_decode_uint256.lean
new file mode 100644
index 0000000..378ad62
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_uint256.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.validator_revert_uint256
+
+import Generated.erc20shim.ERC20Shim.abi_decode_uint256_gen
+
+import Generated.erc20shim.ERC20Shim.abi_decode_uint256_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma abi_decode_uint256_abs_of_code {s₀ s₉ : State} {value offset end_clear_sanitised_hrafn} {fuel : Nat} :
+  execCall fuel abi_decode_uint256 [value] (s₀, [offset, end_clear_sanitised_hrafn]) = s₉ →
+  Spec (A_abi_decode_uint256 value offset end_clear_sanitised_hrafn) s₀ s₉
+:= λ h ↦ abi_decode_uint256_abs_of_concrete (abi_decode_uint256_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_uint256_gen.lean
new file mode 100644
index 0000000..67a91b9
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_uint256_gen.lean
@@ -0,0 +1,106 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.validator_revert_uint256
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def abi_decode_uint256 : FunctionDefinition := <f
+    function abi_decode_uint256(offset, end_clear_sanitised_hrafn) -> value
+    
+{
+    value := calldataload(offset)
+    validator_revert_uint256(value)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_decode_uint256_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {value offset end_clear_sanitised_hrafn fuel},
+         execCall fuel abi_decode_uint256 [value] (s₀, [offset, end_clear_sanitised_hrafn]) = s₉ →
+         Spec (C value offset end_clear_sanitised_hrafn) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ value offset end_clear_sanitised_hrafn fuel
+  unfold abi_decode_uint256
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMCalldataload']
+  try simp
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (validator_revert_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_uint256_user.lean b/Generated/erc20shim/ERC20Shim/abi_decode_uint256_user.lean
new file mode 100644
index 0000000..c1de972
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_uint256_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.validator_revert_uint256
+
+import Generated.erc20shim.ERC20Shim.abi_decode_uint256_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_abi_decode_uint256 (value : Identifier) (offset end_clear_sanitised_hrafn : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_decode_uint256_abs_of_concrete {s₀ s₉ : State} {value offset end_clear_sanitised_hrafn} :
+  Spec (abi_decode_uint256_concrete_of_code.1 value offset end_clear_sanitised_hrafn) s₀ s₉ →
+  Spec (A_abi_decode_uint256 value offset end_clear_sanitised_hrafn) s₀ s₉ := by
+  unfold abi_decode_uint256_concrete_of_code A_abi_decode_uint256
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_user.lean b/Generated/erc20shim/ERC20Shim/abi_decode_user.lean
new file mode 100644
index 0000000..b8235d0
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_user.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+
+import Generated.erc20shim.ERC20Shim.abi_decode_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_abi_decode  (headStart dataEnd : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_decode_abs_of_concrete {s₀ s₉ : State} { headStart dataEnd} :
+  Spec (abi_decode_concrete_of_code.1  headStart dataEnd) s₀ s₉ →
+  Spec (A_abi_decode  headStart dataEnd) s₀ s₉ := by
+  unfold abi_decode_concrete_of_code A_abi_decode
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_address.lean b/Generated/erc20shim/ERC20Shim/abi_encode_address.lean
new file mode 100644
index 0000000..2947fd6
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_address.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address_gen
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma abi_encode_address_abs_of_code {s₀ s₉ : State} { value pos} {fuel : Nat} :
+  execCall fuel abi_encode_address [] (s₀, [value, pos]) = s₉ →
+  Spec (A_abi_encode_address  value pos) s₀ s₉
+:= λ h ↦ abi_encode_address_abs_of_concrete (abi_encode_address_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_address_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_address_gen.lean
new file mode 100644
index 0000000..424b407
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_address_gen.lean
@@ -0,0 +1,104 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def abi_encode_address : FunctionDefinition := <f
+    function abi_encode_address(value, pos) -> 
+    
+{
+    let _1 := sub(shl(160, 1), 1)
+    let _2 := and(value, _1)
+    mstore(pos, _2)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_encode_address_concrete_of_code
+: {
+    C :
+      _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} { value pos fuel},
+         execCall fuel abi_encode_address [] (s₀, [value, pos]) = s₉ →
+         Spec (C  value pos) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉  value pos fuel
+  unfold abi_encode_address
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256.lean b/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256.lean
new file mode 100644
index 0000000..518f112
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256_gen
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma abi_encode_address_uint256_uint256_abs_of_code {s₀ s₉ : State} {tail headStart value0 value1 value2} {fuel : Nat} :
+  execCall fuel abi_encode_address_uint256_uint256 [tail] (s₀, [headStart, value0, value1, value2]) = s₉ →
+  Spec (A_abi_encode_address_uint256_uint256 tail headStart value0 value1 value2) s₀ s₉
+:= λ h ↦ abi_encode_address_uint256_uint256_abs_of_concrete (abi_encode_address_uint256_uint256_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_gen.lean
new file mode 100644
index 0000000..77baa0f
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_gen.lean
@@ -0,0 +1,156 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def abi_encode_address_uint256_uint256 : FunctionDefinition := <f
+    function abi_encode_address_uint256_uint256(headStart, value0, value1, value2) -> tail
+    
+{
+    let _1 := 96
+    tail := add(headStart, _1)
+    abi_encode_address(value0, headStart)
+    let _2 := 32
+    let _3 := add(headStart, _2)
+    abi_encode_uint256_to_uint256(value1, _3)
+    let _4 := 64
+    let _5 := add(headStart, _4)
+    abi_encode_uint256_to_uint256(value2, _5)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_encode_address_uint256_uint256_concrete_of_code
+: {
+    C :
+      _ → _ → _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {tail headStart value0 value1 value2 fuel},
+         execCall fuel abi_encode_address_uint256_uint256 [tail] (s₀, [headStart, value0, value1, value2]) = s₉ →
+         Spec (C tail headStart value0 value1 value2) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ tail headStart value0 value1 value2 fuel
+  unfold abi_encode_address_uint256_uint256
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_uint256_to_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_uint256_to_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_user.lean b/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_user.lean
new file mode 100644
index 0000000..f367595
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_user.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_abi_encode_address_uint256_uint256 (tail : Identifier) (headStart value0 value1 value2 : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_encode_address_uint256_uint256_abs_of_concrete {s₀ s₉ : State} {tail headStart value0 value1 value2} :
+  Spec (abi_encode_address_uint256_uint256_concrete_of_code.1 tail headStart value0 value1 value2) s₀ s₉ →
+  Spec (A_abi_encode_address_uint256_uint256 tail headStart value0 value1 value2) s₀ s₉ := by
+  unfold abi_encode_address_uint256_uint256_concrete_of_code A_abi_encode_address_uint256_uint256
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_address_user.lean b/Generated/erc20shim/ERC20Shim/abi_encode_address_user.lean
new file mode 100644
index 0000000..6a23d0f
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_address_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_abi_encode_address  (value pos : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_encode_address_abs_of_concrete {s₀ s₉ : State} { value pos} :
+  Spec (abi_encode_address_concrete_of_code.1  value pos) s₀ s₉ →
+  Spec (A_abi_encode_address  value pos) s₀ s₉ := by
+  unfold abi_encode_address_concrete_of_code A_abi_encode_address
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_bool.lean b/Generated/erc20shim/ERC20Shim/abi_encode_bool.lean
new file mode 100644
index 0000000..027a0d4
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_bool.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_to_bool
+
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_gen
+
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma abi_encode_bool_abs_of_code {s₀ s₉ : State} {tail headStart value0} {fuel : Nat} :
+  execCall fuel abi_encode_bool [tail] (s₀, [headStart, value0]) = s₉ →
+  Spec (A_abi_encode_bool tail headStart value0) s₀ s₉
+:= λ h ↦ abi_encode_bool_abs_of_concrete (abi_encode_bool_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_bool_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_bool_gen.lean
new file mode 100644
index 0000000..c055b75
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_bool_gen.lean
@@ -0,0 +1,109 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_to_bool
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def abi_encode_bool : FunctionDefinition := <f
+    function abi_encode_bool(headStart, value0) -> tail
+    
+{
+    let _1 := 32
+    tail := add(headStart, _1)
+    abi_encode_bool_to_bool(value0, headStart)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_encode_bool_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {tail headStart value0 fuel},
+         execCall fuel abi_encode_bool [tail] (s₀, [headStart, value0]) = s₉ →
+         Spec (C tail headStart value0) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ tail headStart value0 fuel
+  unfold abi_encode_bool
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_bool_to_bool_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool.lean b/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool.lean
new file mode 100644
index 0000000..600c269
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_to_bool_gen
+
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_to_bool_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma abi_encode_bool_to_bool_abs_of_code {s₀ s₉ : State} { value pos} {fuel : Nat} :
+  execCall fuel abi_encode_bool_to_bool [] (s₀, [value, pos]) = s₉ →
+  Spec (A_abi_encode_bool_to_bool  value pos) s₀ s₉
+:= λ h ↦ abi_encode_bool_to_bool_abs_of_concrete (abi_encode_bool_to_bool_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_gen.lean
new file mode 100644
index 0000000..2aa804e
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_gen.lean
@@ -0,0 +1,104 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def abi_encode_bool_to_bool : FunctionDefinition := <f
+    function abi_encode_bool_to_bool(value, pos) -> 
+    
+{
+    let _1 := iszero(value)
+    let _2 := iszero(_1)
+    mstore(pos, _2)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_encode_bool_to_bool_concrete_of_code
+: {
+    C :
+      _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} { value pos fuel},
+         execCall fuel abi_encode_bool_to_bool [] (s₀, [value, pos]) = s₉ →
+         Spec (C  value pos) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉  value pos fuel
+  unfold abi_encode_bool_to_bool
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMIszero']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMIszero']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_user.lean b/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_user.lean
new file mode 100644
index 0000000..8f51251
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_to_bool_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_abi_encode_bool_to_bool  (value pos : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_encode_bool_to_bool_abs_of_concrete {s₀ s₉ : State} { value pos} :
+  Spec (abi_encode_bool_to_bool_concrete_of_code.1  value pos) s₀ s₉ →
+  Spec (A_abi_encode_bool_to_bool  value pos) s₀ s₉ := by
+  unfold abi_encode_bool_to_bool_concrete_of_code A_abi_encode_bool_to_bool
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_bool_user.lean b/Generated/erc20shim/ERC20Shim/abi_encode_bool_user.lean
new file mode 100644
index 0000000..b81ad83
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_bool_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_to_bool
+
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_abi_encode_bool (tail : Identifier) (headStart value0 : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_encode_bool_abs_of_concrete {s₀ s₉ : State} {tail headStart value0} :
+  Spec (abi_encode_bool_concrete_of_code.1 tail headStart value0) s₀ s₉ →
+  Spec (A_abi_encode_bool tail headStart value0) s₀ s₉ := by
+  unfold abi_encode_bool_concrete_of_code A_abi_encode_bool
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_string.lean b/Generated/erc20shim/ERC20Shim/abi_encode_string.lean
new file mode 100644
index 0000000..c6be116
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_string.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_string_memory_ptr
+
+import Generated.erc20shim.ERC20Shim.abi_encode_string_gen
+
+import Generated.erc20shim.ERC20Shim.abi_encode_string_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma abi_encode_string_abs_of_code {s₀ s₉ : State} {tail headStart value0} {fuel : Nat} :
+  execCall fuel abi_encode_string [tail] (s₀, [headStart, value0]) = s₉ →
+  Spec (A_abi_encode_string tail headStart value0) s₀ s₉
+:= λ h ↦ abi_encode_string_abs_of_concrete (abi_encode_string_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_string_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_string_gen.lean
new file mode 100644
index 0000000..d2bf6ca
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_string_gen.lean
@@ -0,0 +1,116 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_string_memory_ptr
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def abi_encode_string : FunctionDefinition := <f
+    function abi_encode_string(headStart, value0) -> tail
+    
+{
+    let _1 := 32
+    tail := add(headStart, _1)
+    let _2 := _1
+    mstore(headStart, _1)
+    tail := abi_encode_string_memory_ptr(value0, tail)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_encode_string_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {tail headStart value0 fuel},
+         execCall fuel abi_encode_string [tail] (s₀, [headStart, value0]) = s₉ →
+         Spec (C tail headStart value0) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ tail headStart value0 fuel
+  unfold abi_encode_string
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_string_memory_ptr_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr.lean b/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr.lean
new file mode 100644
index 0000000..57f2393
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_fromStack
+import Generated.erc20shim.ERC20Shim.copy_memory_to_memory_with_cleanup
+
+import Generated.erc20shim.ERC20Shim.abi_encode_string_memory_ptr_gen
+
+import Generated.erc20shim.ERC20Shim.abi_encode_string_memory_ptr_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma abi_encode_string_memory_ptr_abs_of_code {s₀ s₉ : State} {end_clear_sanitised_hrafn value pos} {fuel : Nat} :
+  execCall fuel abi_encode_string_memory_ptr [end_clear_sanitised_hrafn] (s₀, [value, pos]) = s₉ →
+  Spec (A_abi_encode_string_memory_ptr end_clear_sanitised_hrafn value pos) s₀ s₉
+:= λ h ↦ abi_encode_string_memory_ptr_abs_of_concrete (abi_encode_string_memory_ptr_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_gen.lean
new file mode 100644
index 0000000..7b28dc0
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_gen.lean
@@ -0,0 +1,156 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_fromStack
+import Generated.erc20shim.ERC20Shim.copy_memory_to_memory_with_cleanup
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def abi_encode_string_memory_ptr : FunctionDefinition := <f
+    function abi_encode_string_memory_ptr(value, pos) -> end_clear_sanitised_hrafn
+    
+{
+    let length := mload(value)
+    pos := array_storeLengthForEncoding_string_fromStack(pos, length)
+    let _1 := 32
+    let _2 := add(value, _1)
+    copy_memory_to_memory_with_cleanup(_2, pos, length)
+    let _3 := not(31)
+    let _4 := 31
+    let _5 := add(length, _4)
+    let _6 := and(_5, _3)
+    end_clear_sanitised_hrafn := add(pos, _6)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_encode_string_memory_ptr_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {end_clear_sanitised_hrafn value pos fuel},
+         execCall fuel abi_encode_string_memory_ptr [end_clear_sanitised_hrafn] (s₀, [value, pos]) = s₉ →
+         Spec (C end_clear_sanitised_hrafn value pos) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ end_clear_sanitised_hrafn value pos fuel
+  unfold abi_encode_string_memory_ptr
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMMload']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (array_storeLengthForEncoding_string_fromStack_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (copy_memory_to_memory_with_cleanup_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMNot']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_user.lean b/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_user.lean
new file mode 100644
index 0000000..5f348b9
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_user.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_fromStack
+import Generated.erc20shim.ERC20Shim.copy_memory_to_memory_with_cleanup
+
+import Generated.erc20shim.ERC20Shim.abi_encode_string_memory_ptr_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_abi_encode_string_memory_ptr (end_clear_sanitised_hrafn : Identifier) (value pos : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_encode_string_memory_ptr_abs_of_concrete {s₀ s₉ : State} {end_clear_sanitised_hrafn value pos} :
+  Spec (abi_encode_string_memory_ptr_concrete_of_code.1 end_clear_sanitised_hrafn value pos) s₀ s₉ →
+  Spec (A_abi_encode_string_memory_ptr end_clear_sanitised_hrafn value pos) s₀ s₉ := by
+  unfold abi_encode_string_memory_ptr_concrete_of_code A_abi_encode_string_memory_ptr
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_string_storage.lean b/Generated/erc20shim/ERC20Shim/abi_encode_string_storage.lean
new file mode 100644
index 0000000..508cb07
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_string_storage.lean
@@ -0,0 +1,26 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.extract_byte_array_length
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string
+import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348
+import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage
+
+import Generated.erc20shim.ERC20Shim.abi_encode_string_storage_gen
+
+import Generated.erc20shim.ERC20Shim.abi_encode_string_storage_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma abi_encode_string_storage_abs_of_code {s₀ s₉ : State} {ret value pos} {fuel : Nat} :
+  execCall fuel abi_encode_string_storage [ret] (s₀, [value, pos]) = s₉ →
+  Spec (A_abi_encode_string_storage ret value pos) s₀ s₉
+:= λ h ↦ abi_encode_string_storage_abs_of_concrete (abi_encode_string_storage_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_string_storage_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_string_storage_gen.lean
new file mode 100644
index 0000000..571f622
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_string_storage_gen.lean
@@ -0,0 +1,168 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.extract_byte_array_length
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string
+import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348
+import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def abi_encode_string_storage : FunctionDefinition := <f
+    function abi_encode_string_storage(value, pos) -> ret
+    
+{
+    let slotValue := sload(value)
+    let length := extract_byte_array_length(slotValue)
+    pos := array_storeLengthForEncoding_string(pos, length)
+    let _1 := 1
+    let _2 := and(slotValue, _1)
+    switch _2 case 0 {
+        let _3 := not(255)
+        let _4 := and(slotValue, _3)
+        mstore(pos, _4)
+        let _5 := iszero(length)
+        let _6 := iszero(_5)
+        let _7 := shl(5, _6)
+        ret := add(pos, _7)
+    }
+    case 1 {
+        let dataPos := array_dataslot_string_storage(value)
+        let i := 0
+        for { } lt(i, length) {
+            let _8 := 32
+            i := add(i, _8)
+        } {
+            let _9 := sload(dataPos)
+            let _10 := add(pos, i)
+            mstore(_10, _9)
+            let _11 := _1
+            dataPos := add(dataPos, _1)
+        }
+        ret := add(pos, i)
+    }
+    default
+    { }
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_encode_string_storage_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {ret value pos fuel},
+         execCall fuel abi_encode_string_storage [ret] (s₀, [value, pos]) = s₉ →
+         Spec (C ret value pos) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ ret value pos fuel
+  unfold abi_encode_string_storage
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSload']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (extract_byte_array_length_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (array_storeLengthForEncoding_string_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract switch_8164987986085659348_abs_of_code switch_8164987986085659348 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_string_storage_user.lean b/Generated/erc20shim/ERC20Shim/abi_encode_string_storage_user.lean
new file mode 100644
index 0000000..9e7dfe1
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_string_storage_user.lean
@@ -0,0 +1,27 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.extract_byte_array_length
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string
+import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348
+import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage
+
+import Generated.erc20shim.ERC20Shim.abi_encode_string_storage_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_abi_encode_string_storage (ret : Identifier) (value pos : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_encode_string_storage_abs_of_concrete {s₀ s₉ : State} {ret value pos} :
+  Spec (abi_encode_string_storage_concrete_of_code.1 ret value pos) s₀ s₉ →
+  Spec (A_abi_encode_string_storage ret value pos) s₀ s₉ := by
+  unfold abi_encode_string_storage_concrete_of_code A_abi_encode_string_storage
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_string_user.lean b/Generated/erc20shim/ERC20Shim/abi_encode_string_user.lean
new file mode 100644
index 0000000..d56dd56
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_string_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_string_memory_ptr
+
+import Generated.erc20shim.ERC20Shim.abi_encode_string_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_abi_encode_string (tail : Identifier) (headStart value0 : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_encode_string_abs_of_concrete {s₀ s₉ : State} {tail headStart value0} :
+  Spec (abi_encode_string_concrete_of_code.1 tail headStart value0) s₀ s₉ →
+  Spec (A_abi_encode_string tail headStart value0) s₀ s₉ := by
+  unfold abi_encode_string_concrete_of_code A_abi_encode_string
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address.lean b/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address.lean
new file mode 100644
index 0000000..e77acaa
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address
+
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address_gen
+
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma abi_encode_tuple_address_abs_of_code {s₀ s₉ : State} {tail headStart value0} {fuel : Nat} :
+  execCall fuel abi_encode_tuple_address [tail] (s₀, [headStart, value0]) = s₉ →
+  Spec (A_abi_encode_tuple_address tail headStart value0) s₀ s₉
+:= λ h ↦ abi_encode_tuple_address_abs_of_concrete (abi_encode_tuple_address_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_gen.lean
new file mode 100644
index 0000000..8fddf63
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_gen.lean
@@ -0,0 +1,109 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def abi_encode_tuple_address : FunctionDefinition := <f
+    function abi_encode_tuple_address(headStart, value0) -> tail
+    
+{
+    let _1 := 32
+    tail := add(headStart, _1)
+    abi_encode_address(value0, headStart)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_encode_tuple_address_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {tail headStart value0 fuel},
+         execCall fuel abi_encode_tuple_address [tail] (s₀, [headStart, value0]) = s₉ →
+         Spec (C tail headStart value0) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ tail headStart value0 fuel
+  unfold abi_encode_tuple_address
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_user.lean b/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_user.lean
new file mode 100644
index 0000000..f2cb4b5
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address
+
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_abi_encode_tuple_address (tail : Identifier) (headStart value0 : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_encode_tuple_address_abs_of_concrete {s₀ s₉ : State} {tail headStart value0} :
+  Spec (abi_encode_tuple_address_concrete_of_code.1 tail headStart value0) s₀ s₉ →
+  Spec (A_abi_encode_tuple_address tail headStart value0) s₀ s₉ := by
+  unfold abi_encode_tuple_address_concrete_of_code A_abi_encode_tuple_address
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint256.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint256.lean
new file mode 100644
index 0000000..e52a9fa
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint256.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_gen
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma abi_encode_uint256_abs_of_code {s₀ s₉ : State} {tail headStart value0} {fuel : Nat} :
+  execCall fuel abi_encode_uint256 [tail] (s₀, [headStart, value0]) = s₉ →
+  Spec (A_abi_encode_uint256 tail headStart value0) s₀ s₉
+:= λ h ↦ abi_encode_uint256_abs_of_concrete (abi_encode_uint256_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_gen.lean
new file mode 100644
index 0000000..0ccc665
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_gen.lean
@@ -0,0 +1,109 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def abi_encode_uint256 : FunctionDefinition := <f
+    function abi_encode_uint256(headStart, value0) -> tail
+    
+{
+    let _1 := 32
+    tail := add(headStart, _1)
+    abi_encode_uint256_to_uint256(value0, headStart)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_encode_uint256_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {tail headStart value0 fuel},
+         execCall fuel abi_encode_uint256 [tail] (s₀, [headStart, value0]) = s₉ →
+         Spec (C tail headStart value0) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ tail headStart value0 fuel
+  unfold abi_encode_uint256
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_uint256_to_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256.lean
new file mode 100644
index 0000000..fa24cb2
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256_gen
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma abi_encode_uint256_to_uint256_abs_of_code {s₀ s₉ : State} { value pos} {fuel : Nat} :
+  execCall fuel abi_encode_uint256_to_uint256 [] (s₀, [value, pos]) = s₉ →
+  Spec (A_abi_encode_uint256_to_uint256  value pos) s₀ s₉
+:= λ h ↦ abi_encode_uint256_to_uint256_abs_of_concrete (abi_encode_uint256_to_uint256_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_gen.lean
new file mode 100644
index 0000000..1a1dd79
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_gen.lean
@@ -0,0 +1,90 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def abi_encode_uint256_to_uint256 : FunctionDefinition := <f
+    function abi_encode_uint256_to_uint256(value, pos) -> 
+    
+{mstore(pos, value)}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_encode_uint256_to_uint256_concrete_of_code
+: {
+    C :
+      _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} { value pos fuel},
+         execCall fuel abi_encode_uint256_to_uint256 [] (s₀, [value, pos]) = s₉ →
+         Spec (C  value pos) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉  value pos fuel
+  unfold abi_encode_uint256_to_uint256
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_user.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_user.lean
new file mode 100644
index 0000000..c0831f1
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_abi_encode_uint256_to_uint256  (value pos : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_encode_uint256_to_uint256_abs_of_concrete {s₀ s₉ : State} { value pos} :
+  Spec (abi_encode_uint256_to_uint256_concrete_of_code.1  value pos) s₀ s₉ →
+  Spec (A_abi_encode_uint256_to_uint256  value pos) s₀ s₉ := by
+  unfold abi_encode_uint256_to_uint256_concrete_of_code A_abi_encode_uint256_to_uint256
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint256_user.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_user.lean
new file mode 100644
index 0000000..fe730d2
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_abi_encode_uint256 (tail : Identifier) (headStart value0 : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_encode_uint256_abs_of_concrete {s₀ s₉ : State} {tail headStart value0} :
+  Spec (abi_encode_uint256_concrete_of_code.1 tail headStart value0) s₀ s₉ →
+  Spec (A_abi_encode_uint256 tail headStart value0) s₀ s₉ := by
+  unfold abi_encode_uint256_concrete_of_code A_abi_encode_uint256
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint8.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint8.lean
new file mode 100644
index 0000000..859d026
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint8.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_to_uint8
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_gen
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma abi_encode_uint8_abs_of_code {s₀ s₉ : State} {tail headStart value0} {fuel : Nat} :
+  execCall fuel abi_encode_uint8 [tail] (s₀, [headStart, value0]) = s₉ →
+  Spec (A_abi_encode_uint8 tail headStart value0) s₀ s₉
+:= λ h ↦ abi_encode_uint8_abs_of_concrete (abi_encode_uint8_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint8_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_gen.lean
new file mode 100644
index 0000000..67d4226
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_gen.lean
@@ -0,0 +1,109 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_to_uint8
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def abi_encode_uint8 : FunctionDefinition := <f
+    function abi_encode_uint8(headStart, value0) -> tail
+    
+{
+    let _1 := 32
+    tail := add(headStart, _1)
+    abi_encode_uint8_to_uint8(value0, headStart)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_encode_uint8_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {tail headStart value0 fuel},
+         execCall fuel abi_encode_uint8 [tail] (s₀, [headStart, value0]) = s₉ →
+         Spec (C tail headStart value0) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ tail headStart value0 fuel
+  unfold abi_encode_uint8
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_uint8_to_uint8_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8.lean
new file mode 100644
index 0000000..0505e7d
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_to_uint8_gen
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_to_uint8_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma abi_encode_uint8_to_uint8_abs_of_code {s₀ s₉ : State} { value pos} {fuel : Nat} :
+  execCall fuel abi_encode_uint8_to_uint8 [] (s₀, [value, pos]) = s₉ →
+  Spec (A_abi_encode_uint8_to_uint8  value pos) s₀ s₉
+:= λ h ↦ abi_encode_uint8_to_uint8_abs_of_concrete (abi_encode_uint8_to_uint8_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_gen.lean
new file mode 100644
index 0000000..f130df9
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_gen.lean
@@ -0,0 +1,100 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def abi_encode_uint8_to_uint8 : FunctionDefinition := <f
+    function abi_encode_uint8_to_uint8(value, pos) -> 
+    
+{
+    let _1 := 255
+    let _2 := and(value, _1)
+    mstore(pos, _2)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def abi_encode_uint8_to_uint8_concrete_of_code
+: {
+    C :
+      _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} { value pos fuel},
+         execCall fuel abi_encode_uint8_to_uint8 [] (s₀, [value, pos]) = s₉ →
+         Spec (C  value pos) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉  value pos fuel
+  unfold abi_encode_uint8_to_uint8
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_user.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_user.lean
new file mode 100644
index 0000000..e82c953
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_to_uint8_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_abi_encode_uint8_to_uint8  (value pos : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_encode_uint8_to_uint8_abs_of_concrete {s₀ s₉ : State} { value pos} :
+  Spec (abi_encode_uint8_to_uint8_concrete_of_code.1  value pos) s₀ s₉ →
+  Spec (A_abi_encode_uint8_to_uint8  value pos) s₀ s₉ := by
+  unfold abi_encode_uint8_to_uint8_concrete_of_code A_abi_encode_uint8_to_uint8
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint8_user.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_user.lean
new file mode 100644
index 0000000..97d8dad
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_to_uint8
+
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_abi_encode_uint8 (tail : Identifier) (headStart value0 : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma abi_encode_uint8_abs_of_concrete {s₀ s₉ : State} {tail headStart value0} :
+  Spec (abi_encode_uint8_concrete_of_code.1 tail headStart value0) s₀ s₉ →
+  Spec (A_abi_encode_uint8 tail headStart value0) s₀ s₉ := by
+  unfold abi_encode_uint8_concrete_of_code A_abi_encode_uint8
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage.lean b/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage.lean
new file mode 100644
index 0000000..b1ce4f8
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage_gen
+
+import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma array_dataslot_string_storage_abs_of_code {s₀ s₉ : State} {data ptr} {fuel : Nat} :
+  execCall fuel array_dataslot_string_storage [data] (s₀, [ptr]) = s₉ →
+  Spec (A_array_dataslot_string_storage data ptr) s₀ s₉
+:= λ h ↦ array_dataslot_string_storage_abs_of_concrete (array_dataslot_string_storage_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_gen.lean b/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_gen.lean
new file mode 100644
index 0000000..6841ce4
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_gen.lean
@@ -0,0 +1,104 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def array_dataslot_string_storage : FunctionDefinition := <f
+    function array_dataslot_string_storage(ptr) -> data
+    
+{
+    let _1 := 0
+    mstore(_1, ptr)
+    let _2 := 32
+    let _3 := _1
+    data := keccak256(_1, _2)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def array_dataslot_string_storage_concrete_of_code
+: {
+    C :
+      _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {data ptr fuel},
+         execCall fuel array_dataslot_string_storage [data] (s₀, [ptr]) = s₉ →
+         Spec (C data ptr) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ data ptr fuel
+  unfold array_dataslot_string_storage
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMKeccak256']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_user.lean b/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_user.lean
new file mode 100644
index 0000000..69e62c5
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_array_dataslot_string_storage (data : Identifier) (ptr : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma array_dataslot_string_storage_abs_of_concrete {s₀ s₉ : State} {data ptr} :
+  Spec (array_dataslot_string_storage_concrete_of_code.1 data ptr) s₀ s₉ →
+  Spec (A_array_dataslot_string_storage data ptr) s₀ s₉ := by
+  unfold array_dataslot_string_storage_concrete_of_code A_array_dataslot_string_storage
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string.lean b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string.lean
new file mode 100644
index 0000000..f90c6dd
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_gen
+
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma array_storeLengthForEncoding_string_abs_of_code {s₀ s₉ : State} {updated_pos pos length} {fuel : Nat} :
+  execCall fuel array_storeLengthForEncoding_string [updated_pos] (s₀, [pos, length]) = s₉ →
+  Spec (A_array_storeLengthForEncoding_string updated_pos pos length) s₀ s₉
+:= λ h ↦ array_storeLengthForEncoding_string_abs_of_concrete (array_storeLengthForEncoding_string_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack.lean b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack.lean
new file mode 100644
index 0000000..9e1dabc
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_fromStack_gen
+
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_fromStack_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma array_storeLengthForEncoding_string_fromStack_abs_of_code {s₀ s₉ : State} {updated_pos pos length} {fuel : Nat} :
+  execCall fuel array_storeLengthForEncoding_string_fromStack [updated_pos] (s₀, [pos, length]) = s₉ →
+  Spec (A_array_storeLengthForEncoding_string_fromStack updated_pos pos length) s₀ s₉
+:= λ h ↦ array_storeLengthForEncoding_string_fromStack_abs_of_concrete (array_storeLengthForEncoding_string_fromStack_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_gen.lean b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_gen.lean
new file mode 100644
index 0000000..a6937e1
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_gen.lean
@@ -0,0 +1,100 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def array_storeLengthForEncoding_string_fromStack : FunctionDefinition := <f
+    function array_storeLengthForEncoding_string_fromStack(pos, length) -> updated_pos
+    
+{
+    mstore(pos, length)
+    let _1 := 32
+    updated_pos := add(pos, _1)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def array_storeLengthForEncoding_string_fromStack_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {updated_pos pos length fuel},
+         execCall fuel array_storeLengthForEncoding_string_fromStack [updated_pos] (s₀, [pos, length]) = s₉ →
+         Spec (C updated_pos pos length) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ updated_pos pos length fuel
+  unfold array_storeLengthForEncoding_string_fromStack
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_user.lean b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_user.lean
new file mode 100644
index 0000000..7d56206
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_fromStack_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_array_storeLengthForEncoding_string_fromStack (updated_pos : Identifier) (pos length : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma array_storeLengthForEncoding_string_fromStack_abs_of_concrete {s₀ s₉ : State} {updated_pos pos length} :
+  Spec (array_storeLengthForEncoding_string_fromStack_concrete_of_code.1 updated_pos pos length) s₀ s₉ →
+  Spec (A_array_storeLengthForEncoding_string_fromStack updated_pos pos length) s₀ s₉ := by
+  unfold array_storeLengthForEncoding_string_fromStack_concrete_of_code A_array_storeLengthForEncoding_string_fromStack
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_gen.lean b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_gen.lean
new file mode 100644
index 0000000..38d877c
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_gen.lean
@@ -0,0 +1,100 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def array_storeLengthForEncoding_string : FunctionDefinition := <f
+    function array_storeLengthForEncoding_string(pos, length) -> updated_pos
+    
+{
+    mstore(pos, length)
+    let _1 := 32
+    updated_pos := add(pos, _1)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def array_storeLengthForEncoding_string_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {updated_pos pos length fuel},
+         execCall fuel array_storeLengthForEncoding_string [updated_pos] (s₀, [pos, length]) = s₉ →
+         Spec (C updated_pos pos length) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ updated_pos pos length fuel
+  unfold array_storeLengthForEncoding_string
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_user.lean b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_user.lean
new file mode 100644
index 0000000..62335f1
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_array_storeLengthForEncoding_string (updated_pos : Identifier) (pos length : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma array_storeLengthForEncoding_string_abs_of_concrete {s₀ s₉ : State} {updated_pos pos length} :
+  Spec (array_storeLengthForEncoding_string_concrete_of_code.1 updated_pos pos length) s₀ s₉ →
+  Spec (A_array_storeLengthForEncoding_string updated_pos pos length) s₀ s₉ := by
+  unfold array_storeLengthForEncoding_string_concrete_of_code A_array_storeLengthForEncoding_string
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/checked_add_uint256.lean b/Generated/erc20shim/ERC20Shim/checked_add_uint256.lean
new file mode 100644
index 0000000..08dc22a
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/checked_add_uint256.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_2792370840247009933
+import Generated.erc20shim.ERC20Shim.panic_error_0x11
+
+import Generated.erc20shim.ERC20Shim.checked_add_uint256_gen
+
+import Generated.erc20shim.ERC20Shim.checked_add_uint256_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma checked_add_uint256_abs_of_code {s₀ s₉ : State} {sum x y} {fuel : Nat} :
+  execCall fuel checked_add_uint256 [sum] (s₀, [x, y]) = s₉ →
+  Spec (A_checked_add_uint256 sum x y) s₀ s₉
+:= λ h ↦ checked_add_uint256_abs_of_concrete (checked_add_uint256_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/checked_add_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/checked_add_uint256_gen.lean
new file mode 100644
index 0000000..ebd9bd1
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/checked_add_uint256_gen.lean
@@ -0,0 +1,118 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_2792370840247009933
+import Generated.erc20shim.ERC20Shim.panic_error_0x11
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def checked_add_uint256 : FunctionDefinition := <f
+    function checked_add_uint256(x, y) -> sum
+    
+{
+    x := x
+    y := y
+    sum := add(x, y)
+    let _1 := gt(x, sum)
+    if _1 
+    {panic_error_0x11()}
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def checked_add_uint256_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {sum x y fuel},
+         execCall fuel checked_add_uint256 [sum] (s₀, [x, y]) = s₉ →
+         Spec (C sum x y) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ sum x y fuel
+  unfold checked_add_uint256
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMGt']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_2792370840247009933_abs_of_code if_2792370840247009933 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/checked_add_uint256_user.lean b/Generated/erc20shim/ERC20Shim/checked_add_uint256_user.lean
new file mode 100644
index 0000000..3db1faa
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/checked_add_uint256_user.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_2792370840247009933
+import Generated.erc20shim.ERC20Shim.panic_error_0x11
+
+import Generated.erc20shim.ERC20Shim.checked_add_uint256_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_checked_add_uint256 (sum : Identifier) (x y : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma checked_add_uint256_abs_of_concrete {s₀ s₉ : State} {sum x y} :
+  Spec (checked_add_uint256_concrete_of_code.1 sum x y) s₀ s₉ →
+  Spec (A_checked_add_uint256 sum x y) s₀ s₉ := by
+  unfold checked_add_uint256_concrete_of_code A_checked_add_uint256
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string.lean b/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string.lean
new file mode 100644
index 0000000..ffaa234
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_string_storage
+import Generated.erc20shim.ERC20Shim.finalize_allocation
+
+import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string_gen
+
+import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma copy_array_from_storage_to_memory_string_abs_of_code {s₀ s₉ : State} {memPtr slot} {fuel : Nat} :
+  execCall fuel copy_array_from_storage_to_memory_string [memPtr] (s₀, [slot]) = s₉ →
+  Spec (A_copy_array_from_storage_to_memory_string memPtr slot) s₀ s₉
+:= λ h ↦ copy_array_from_storage_to_memory_string_abs_of_concrete (copy_array_from_storage_to_memory_string_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_gen.lean b/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_gen.lean
new file mode 100644
index 0000000..7090514
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_gen.lean
@@ -0,0 +1,129 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_string_storage
+import Generated.erc20shim.ERC20Shim.finalize_allocation
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def copy_array_from_storage_to_memory_string : FunctionDefinition := <f
+    function copy_array_from_storage_to_memory_string(slot) -> memPtr
+    
+{
+    let _1 := 64
+    memPtr := mload(_1)
+    let _2 := abi_encode_string_storage(slot, memPtr)
+    let _3 := sub(_2, memPtr)
+    finalize_allocation(memPtr, _3)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def copy_array_from_storage_to_memory_string_concrete_of_code
+: {
+    C :
+      _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {memPtr slot fuel},
+         execCall fuel copy_array_from_storage_to_memory_string [memPtr] (s₀, [slot]) = s₉ →
+         Spec (C memPtr slot) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ memPtr slot fuel
+  unfold copy_array_from_storage_to_memory_string
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMMload']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_string_storage_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (finalize_allocation_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_user.lean b/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_user.lean
new file mode 100644
index 0000000..db98dc9
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_user.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_string_storage
+import Generated.erc20shim.ERC20Shim.finalize_allocation
+
+import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_copy_array_from_storage_to_memory_string (memPtr : Identifier) (slot : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma copy_array_from_storage_to_memory_string_abs_of_concrete {s₀ s₉ : State} {memPtr slot} :
+  Spec (copy_array_from_storage_to_memory_string_concrete_of_code.1 memPtr slot) s₀ s₉ →
+  Spec (A_copy_array_from_storage_to_memory_string memPtr slot) s₀ s₉ := by
+  unfold copy_array_from_storage_to_memory_string_concrete_of_code A_copy_array_from_storage_to_memory_string
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup.lean b/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup.lean
new file mode 100644
index 0000000..83d14db
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335
+
+import Generated.erc20shim.ERC20Shim.copy_memory_to_memory_with_cleanup_gen
+
+import Generated.erc20shim.ERC20Shim.copy_memory_to_memory_with_cleanup_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common 
+
+lemma copy_memory_to_memory_with_cleanup_abs_of_code {s₀ s₉ : State} { src dst length} {fuel : Nat} :
+  execCall fuel copy_memory_to_memory_with_cleanup [] (s₀, [src, dst, length]) = s₉ →
+  Spec (A_copy_memory_to_memory_with_cleanup  src dst length) s₀ s₉
+:= λ h ↦ copy_memory_to_memory_with_cleanup_abs_of_concrete (copy_memory_to_memory_with_cleanup_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_gen.lean b/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_gen.lean
new file mode 100644
index 0000000..43ea68f
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_gen.lean
@@ -0,0 +1,125 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common 
+
+def copy_memory_to_memory_with_cleanup : FunctionDefinition := <f
+    function copy_memory_to_memory_with_cleanup(src, dst, length) -> 
+    
+{
+    let i := 0
+    for { } lt(i, length) {
+        let _1 := 32
+        i := add(i, _1)
+    } {
+        let _2 := add(src, i)
+        let _3 := mload(_2)
+        let _4 := add(dst, i)
+        mstore(_4, _3)
+    }
+    let _5 := 0
+    let _6 := add(dst, length)
+    mstore(_6, _5)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def copy_memory_to_memory_with_cleanup_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} { src dst length fuel},
+         execCall fuel copy_memory_to_memory_with_cleanup [] (s₀, [src, dst, length]) = s₉ →
+         Spec (C  src dst length) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉  src dst length fuel
+  unfold copy_memory_to_memory_with_cleanup
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract for_6088573059593786335_abs_of_code for_6088573059593786335 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_user.lean b/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_user.lean
new file mode 100644
index 0000000..0904d84
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335
+
+import Generated.erc20shim.ERC20Shim.copy_memory_to_memory_with_cleanup_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common 
+
+def A_copy_memory_to_memory_with_cleanup  (src dst length : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma copy_memory_to_memory_with_cleanup_abs_of_concrete {s₀ s₉ : State} { src dst length} :
+  Spec (copy_memory_to_memory_with_cleanup_concrete_of_code.1  src dst length) s₀ s₉ →
+  Spec (A_copy_memory_to_memory_with_cleanup  src dst length) s₀ s₉ := by
+  unfold copy_memory_to_memory_with_cleanup_concrete_of_code A_copy_memory_to_memory_with_cleanup
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/extract_byte_array_length.lean b/Generated/erc20shim/ERC20Shim/extract_byte_array_length.lean
new file mode 100644
index 0000000..27ad43a
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/extract_byte_array_length.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172
+import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899
+import Generated.erc20shim.ERC20Shim.panic_error_0x22
+
+import Generated.erc20shim.ERC20Shim.extract_byte_array_length_gen
+
+import Generated.erc20shim.ERC20Shim.extract_byte_array_length_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma extract_byte_array_length_abs_of_code {s₀ s₉ : State} {length data} {fuel : Nat} :
+  execCall fuel extract_byte_array_length [length] (s₀, [data]) = s₉ →
+  Spec (A_extract_byte_array_length length data) s₀ s₉
+:= λ h ↦ extract_byte_array_length_abs_of_concrete (extract_byte_array_length_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/extract_byte_array_length_gen.lean b/Generated/erc20shim/ERC20Shim/extract_byte_array_length_gen.lean
new file mode 100644
index 0000000..b0db6b0
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/extract_byte_array_length_gen.lean
@@ -0,0 +1,157 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172
+import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899
+import Generated.erc20shim.ERC20Shim.panic_error_0x22
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def extract_byte_array_length : FunctionDefinition := <f
+    function extract_byte_array_length(data) -> length
+    
+{
+    let _1 := 1
+    length := shr(_1, data)
+    let _2 := _1
+    let outOfPlaceEncoding := and(data, _1)
+    let _3 := iszero(outOfPlaceEncoding)
+    if _3 
+    {
+        let _4 := 127
+        length := and(length, _4)
+    }
+    let _5 := 32
+    let _6 := lt(length, _5)
+    let _7 := eq(outOfPlaceEncoding, _6)
+    if _7 
+    {panic_error_0x22()}
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def extract_byte_array_length_concrete_of_code
+: {
+    C :
+      _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {length data fuel},
+         execCall fuel extract_byte_array_length [length] (s₀, [data]) = s₉ →
+         Spec (C length data) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ length data fuel
+  unfold extract_byte_array_length
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMShr']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMIszero']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_4024499920364541172_abs_of_code if_4024499920364541172 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMLt']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMEq']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_384845947645085899_abs_of_code if_384845947645085899 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/extract_byte_array_length_user.lean b/Generated/erc20shim/ERC20Shim/extract_byte_array_length_user.lean
new file mode 100644
index 0000000..16cc46a
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/extract_byte_array_length_user.lean
@@ -0,0 +1,26 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172
+import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899
+import Generated.erc20shim.ERC20Shim.panic_error_0x22
+
+import Generated.erc20shim.ERC20Shim.extract_byte_array_length_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_extract_byte_array_length (length : Identifier) (data : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma extract_byte_array_length_abs_of_concrete {s₀ s₉ : State} {length data} :
+  Spec (extract_byte_array_length_concrete_of_code.1 length data) s₀ s₉ →
+  Spec (A_extract_byte_array_length length data) s₀ s₉ := by
+  unfold extract_byte_array_length_concrete_of_code A_extract_byte_array_length
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/finalize_allocation.lean b/Generated/erc20shim/ERC20Shim/finalize_allocation.lean
new file mode 100644
index 0000000..e648bcc
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/finalize_allocation.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225
+import Generated.erc20shim.ERC20Shim.panic_error_0x41
+
+import Generated.erc20shim.ERC20Shim.finalize_allocation_gen
+
+import Generated.erc20shim.ERC20Shim.finalize_allocation_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma finalize_allocation_abs_of_code {s₀ s₉ : State} { memPtr size} {fuel : Nat} :
+  execCall fuel finalize_allocation [] (s₀, [memPtr, size]) = s₉ →
+  Spec (A_finalize_allocation  memPtr size) s₀ s₉
+:= λ h ↦ finalize_allocation_abs_of_concrete (finalize_allocation_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/finalize_allocation_gen.lean b/Generated/erc20shim/ERC20Shim/finalize_allocation_gen.lean
new file mode 100644
index 0000000..fed9d67
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/finalize_allocation_gen.lean
@@ -0,0 +1,157 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225
+import Generated.erc20shim.ERC20Shim.panic_error_0x41
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def finalize_allocation : FunctionDefinition := <f
+    function finalize_allocation(memPtr, size) -> 
+    
+{
+    let _1 := not(31)
+    let _2 := 31
+    let _3 := add(size, _2)
+    let _4 := and(_3, _1)
+    let newFreePtr := add(memPtr, _4)
+    let _5 := lt(newFreePtr, memPtr)
+    let _6 := 18446744073709551615
+    let _7 := gt(newFreePtr, _6)
+    let _8 := or(_7, _5)
+    if _8 
+    {panic_error_0x41()}
+    let _9 := 64
+    mstore(_9, newFreePtr)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def finalize_allocation_concrete_of_code
+: {
+    C :
+      _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} { memPtr size fuel},
+         execCall fuel finalize_allocation [] (s₀, [memPtr, size]) = s₉ →
+         Spec (C  memPtr size) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉  memPtr size fuel
+  unfold finalize_allocation
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMNot']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMLt']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMGt']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMOr']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_9222169807163418225_abs_of_code if_9222169807163418225 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/finalize_allocation_user.lean b/Generated/erc20shim/ERC20Shim/finalize_allocation_user.lean
new file mode 100644
index 0000000..ba9a41f
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/finalize_allocation_user.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225
+import Generated.erc20shim.ERC20Shim.panic_error_0x41
+
+import Generated.erc20shim.ERC20Shim.finalize_allocation_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_finalize_allocation  (memPtr size : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma finalize_allocation_abs_of_concrete {s₀ s₉ : State} { memPtr size} :
+  Spec (finalize_allocation_concrete_of_code.1  memPtr size) s₀ s₉ →
+  Spec (A_finalize_allocation  memPtr size) s₀ s₉ := by
+  unfold finalize_allocation_concrete_of_code A_finalize_allocation
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun__approve.lean b/Generated/erc20shim/ERC20Shim/fun__approve.lean
new file mode 100644
index 0000000..813c41c
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun__approve.lean
@@ -0,0 +1,30 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256
+import Generated.erc20shim.ERC20Shim.Common.if_5042234445269809685
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256
+
+import Generated.erc20shim.ERC20Shim.fun__approve_gen
+
+import Generated.erc20shim.ERC20Shim.fun__approve_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma fun__approve_abs_of_code {s₀ s₉ : State} { var_owner var_spender var_value var_emitEvent} {fuel : Nat} :
+  execCall fuel fun__approve [] (s₀, [var_owner, var_spender, var_value, var_emitEvent]) = s₉ →
+  Spec (A_fun__approve  var_owner var_spender var_value var_emitEvent) s₀ s₉
+:= λ h ↦ fun__approve_abs_of_concrete (fun__approve_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun__approve_gen.lean b/Generated/erc20shim/ERC20Shim/fun__approve_gen.lean
new file mode 100644
index 0000000..56e06b5
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun__approve_gen.lean
@@ -0,0 +1,253 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256
+import Generated.erc20shim.ERC20Shim.Common.if_5042234445269809685
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def fun__approve : FunctionDefinition := <f
+    function fun__approve(var_owner, var_spender, var_value, var_emitEvent) -> 
+    
+{
+    let expr := var_owner
+    let _1 := sub(shl(160, 1), 1)
+    let _2 := and(var_owner, _1)
+    let _3 := iszero(_2)
+    if _3 
+    {
+        let expr_1 := 0
+        let _4 := 64
+        let _5 := mload(_4)
+        let _6 := shl(224, 3858947845)
+        mstore(_5, _6)
+        let _7 := 4
+        let _8 := add(_5, _7)
+        let _9 := abi_encode_tuple_address(_8, expr_1)
+        let _10 := sub(_9, _5)
+        revert(_5, _10)
+    }
+    let expr_2 := var_spender
+    let _11 := _1
+    let _12 := and(var_spender, _1)
+    let _13 := iszero(_12)
+    if _13 
+    {
+        let expr_3 := 0
+        let _14 := 64
+        let _15 := mload(_14)
+        let _16 := shl(225, 1242826417)
+        mstore(_15, _16)
+        let _17 := 4
+        let _18 := add(_15, _17)
+        let _19 := abi_encode_tuple_address(_18, expr_3)
+        let _20 := sub(_19, _15)
+        revert(_15, _20)
+    }
+    let expr_4 := var_value
+    let _21 := 1
+    let _22 := mapping_index_access_mapping_address_mapping_address_uint256_of_address(_21, var_owner)
+    let _23 := mapping_index_access_mapping_address_uint256_of_address(_22, var_spender)
+    update_storage_value_offsett_uint256_to_uint256(_23, var_value)
+    if var_emitEvent 
+    {
+        let expr_5 := var_owner
+        let expr_6 := var_spender
+        let expr_7 := var_value
+        let _24 := 63486140976153616755203102783360879283472101686154884697241723088393386309925
+        let _25 := _2
+        let _26 := _12
+        let _27 := 64
+        let _28 := mload(_27)
+        let _29 := abi_encode_uint256(_28, var_value)
+        let _30 := sub(_29, _28)
+        log3(_28, _30, _24, _2, _12)
+    }
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def fun__approve_concrete_of_code
+: {
+    C :
+      _ → _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} { var_owner var_spender var_value var_emitEvent fuel},
+         execCall fuel fun__approve [] (s₀, [var_owner, var_spender, var_value, var_emitEvent]) = s₉ →
+         Spec (C  var_owner var_spender var_value var_emitEvent) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉  var_owner var_spender var_value var_emitEvent fuel
+  unfold fun__approve
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMIszero']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_3812165059632449189_abs_of_code if_3812165059632449189 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMIszero']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_4692225504622348326_abs_of_code if_4692225504622348326 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (mapping_index_access_mapping_address_mapping_address_uint256_of_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (mapping_index_access_mapping_address_uint256_of_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (update_storage_value_offsett_uint256_to_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_5042234445269809685_abs_of_code if_5042234445269809685 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun__approve_user.lean b/Generated/erc20shim/ERC20Shim/fun__approve_user.lean
new file mode 100644
index 0000000..cb5d44f
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun__approve_user.lean
@@ -0,0 +1,31 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256
+import Generated.erc20shim.ERC20Shim.Common.if_5042234445269809685
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256
+
+import Generated.erc20shim.ERC20Shim.fun__approve_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_fun__approve  (var_owner var_spender var_value var_emitEvent : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma fun__approve_abs_of_concrete {s₀ s₉ : State} { var_owner var_spender var_value var_emitEvent} :
+  Spec (fun__approve_concrete_of_code.1  var_owner var_spender var_value var_emitEvent) s₀ s₉ →
+  Spec (A_fun__approve  var_owner var_spender var_value var_emitEvent) s₀ s₉ := by
+  unfold fun__approve_concrete_of_code A_fun__approve
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun__transfer.lean b/Generated/erc20shim/ERC20Shim/fun__transfer.lean
new file mode 100644
index 0000000..155b61a
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun__transfer.lean
@@ -0,0 +1,26 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657
+import Generated.erc20shim.ERC20Shim.fun_update
+
+import Generated.erc20shim.ERC20Shim.fun__transfer_gen
+
+import Generated.erc20shim.ERC20Shim.fun__transfer_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma fun__transfer_abs_of_code {s₀ s₉ : State} { var_from var_to var_value} {fuel : Nat} :
+  execCall fuel fun__transfer [] (s₀, [var_from, var_to, var_value]) = s₉ →
+  Spec (A_fun__transfer  var_from var_to var_value) s₀ s₉
+:= λ h ↦ fun__transfer_abs_of_concrete (fun__transfer_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun__transfer_gen.lean b/Generated/erc20shim/ERC20Shim/fun__transfer_gen.lean
new file mode 100644
index 0000000..16bcf0c
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun__transfer_gen.lean
@@ -0,0 +1,193 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657
+import Generated.erc20shim.ERC20Shim.fun_update
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def fun__transfer : FunctionDefinition := <f
+    function fun__transfer(var_from, var_to, var_value) -> 
+    
+{
+    let expr := var_from
+    let _1 := sub(shl(160, 1), 1)
+    let _2 := and(var_from, _1)
+    let _3 := iszero(_2)
+    if _3 
+    {
+        let expr_1 := 0
+        let _4 := 64
+        let _5 := mload(_4)
+        let _6 := shl(225, 1264811663)
+        mstore(_5, _6)
+        let _7 := 4
+        let _8 := add(_5, _7)
+        let _9 := abi_encode_tuple_address(_8, expr_1)
+        let _10 := sub(_9, _5)
+        revert(_5, _10)
+    }
+    let expr_2 := var_to
+    let _11 := _1
+    let _12 := and(var_to, _1)
+    let _13 := iszero(_12)
+    if _13 
+    {
+        let expr_3 := 0
+        let _14 := 64
+        let _15 := mload(_14)
+        let _16 := shl(224, 3963891461)
+        mstore(_15, _16)
+        let _17 := 4
+        let _18 := add(_15, _17)
+        let _19 := abi_encode_tuple_address(_18, expr_3)
+        let _20 := sub(_19, _15)
+        revert(_15, _20)
+    }
+    fun_update(var_from, var_to, var_value)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def fun__transfer_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} { var_from var_to var_value fuel},
+         execCall fuel fun__transfer [] (s₀, [var_from, var_to, var_value]) = s₉ →
+         Spec (C  var_from var_to var_value) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉  var_from var_to var_value fuel
+  unfold fun__transfer
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMIszero']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_9141570808380448040_abs_of_code if_9141570808380448040 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMIszero']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_2395397427938978657_abs_of_code if_2395397427938978657 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (fun_update_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean b/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
new file mode 100644
index 0000000..2e3a362
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
@@ -0,0 +1,27 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657
+import Generated.erc20shim.ERC20Shim.fun_update
+
+import Generated.erc20shim.ERC20Shim.fun__transfer_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_fun__transfer  (var_from var_to var_value : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma fun__transfer_abs_of_concrete {s₀ s₉ : State} { var_from var_to var_value} :
+  Spec (fun__transfer_concrete_of_code.1  var_from var_to var_value) s₀ s₉ →
+  Spec (A_fun__transfer  var_from var_to var_value) s₀ s₉ := by
+  unfold fun__transfer_concrete_of_code A_fun__transfer
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance.lean b/Generated/erc20shim/ERC20Shim/fun_allowance.lean
new file mode 100644
index 0000000..25b62db
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+
+import Generated.erc20shim.ERC20Shim.fun_allowance_gen
+
+import Generated.erc20shim.ERC20Shim.fun_allowance_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma fun_allowance_abs_of_code {s₀ s₉ : State} {var var_owner var_spender} {fuel : Nat} :
+  execCall fuel fun_allowance [var] (s₀, [var_owner, var_spender]) = s₉ →
+  Spec (A_fun_allowance var var_owner var_spender) s₀ s₉
+:= λ h ↦ fun_allowance_abs_of_concrete (fun_allowance_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_gen.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_gen.lean
new file mode 100644
index 0000000..b96ca2c
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_gen.lean
@@ -0,0 +1,121 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def fun_allowance : FunctionDefinition := <f
+    function fun_allowance(var_owner, var_spender) -> var
+    
+{
+    let _1 := 1
+    let _2 := mapping_index_access_mapping_address_mapping_address_uint256_of_address(_1, var_owner)
+    let _3 := mapping_index_access_mapping_address_uint256_of_address(_2, var_spender)
+    var := sload(_3)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def fun_allowance_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {var var_owner var_spender fuel},
+         execCall fuel fun_allowance [var] (s₀, [var_owner, var_spender]) = s₉ →
+         Spec (C var var_owner var_spender) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ var var_owner var_spender fuel
+  unfold fun_allowance
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (mapping_index_access_mapping_address_mapping_address_uint256_of_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (mapping_index_access_mapping_address_uint256_of_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSload']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
new file mode 100644
index 0000000..1a0d8f7
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+
+import Generated.erc20shim.ERC20Shim.fun_allowance_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_fun_allowance (var : Identifier) (var_owner var_spender : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spender} :
+  Spec (fun_allowance_concrete_of_code.1 var var_owner var_spender) s₀ s₉ →
+  Spec (A_fun_allowance var var_owner var_spender) s₀ s₉ := by
+  unfold fun_allowance_concrete_of_code A_fun_allowance
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve.lean b/Generated/erc20shim/ERC20Shim/fun_approve.lean
new file mode 100644
index 0000000..820f5e4
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_approve.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.fun_msgSender
+import Generated.erc20shim.ERC20Shim.fun_approve_420
+
+import Generated.erc20shim.ERC20Shim.fun_approve_gen
+
+import Generated.erc20shim.ERC20Shim.fun_approve_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma fun_approve_abs_of_code {s₀ s₉ : State} {var var_spender var_value} {fuel : Nat} :
+  execCall fuel fun_approve [var] (s₀, [var_spender, var_value]) = s₉ →
+  Spec (A_fun_approve var var_spender var_value) s₀ s₉
+:= λ h ↦ fun_approve_abs_of_concrete (fun_approve_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve_420.lean b/Generated/erc20shim/ERC20Shim/fun_approve_420.lean
new file mode 100644
index 0000000..5d961c8
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_approve_420.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.fun__approve
+
+import Generated.erc20shim.ERC20Shim.fun_approve_420_gen
+
+import Generated.erc20shim.ERC20Shim.fun_approve_420_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma fun_approve_420_abs_of_code {s₀ s₉ : State} { var_owner var_spender var_value} {fuel : Nat} :
+  execCall fuel fun_approve_420 [] (s₀, [var_owner, var_spender, var_value]) = s₉ →
+  Spec (A_fun_approve_420  var_owner var_spender var_value) s₀ s₉
+:= λ h ↦ fun_approve_420_abs_of_concrete (fun_approve_420_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve_420_gen.lean b/Generated/erc20shim/ERC20Shim/fun_approve_420_gen.lean
new file mode 100644
index 0000000..6464052
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_approve_420_gen.lean
@@ -0,0 +1,107 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.fun__approve
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def fun_approve_420 : FunctionDefinition := <f
+    function fun_approve_420(var_owner, var_spender, var_value) -> 
+    
+{
+    let expr := var_owner
+    let _1 := 1
+    fun__approve(var_owner, var_spender, var_value, _1)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def fun_approve_420_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} { var_owner var_spender var_value fuel},
+         execCall fuel fun_approve_420 [] (s₀, [var_owner, var_spender, var_value]) = s₉ →
+         Spec (C  var_owner var_spender var_value) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉  var_owner var_spender var_value fuel
+  unfold fun_approve_420
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (fun__approve_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve_420_user.lean b/Generated/erc20shim/ERC20Shim/fun_approve_420_user.lean
new file mode 100644
index 0000000..630e5c8
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_approve_420_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.fun__approve
+
+import Generated.erc20shim.ERC20Shim.fun_approve_420_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_fun_approve_420  (var_owner var_spender var_value : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma fun_approve_420_abs_of_concrete {s₀ s₉ : State} { var_owner var_spender var_value} :
+  Spec (fun_approve_420_concrete_of_code.1  var_owner var_spender var_value) s₀ s₉ →
+  Spec (A_fun_approve_420  var_owner var_spender var_value) s₀ s₉ := by
+  unfold fun_approve_420_concrete_of_code A_fun_approve_420
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve_gen.lean b/Generated/erc20shim/ERC20Shim/fun_approve_gen.lean
new file mode 100644
index 0000000..4f0fc2b
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_approve_gen.lean
@@ -0,0 +1,118 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.fun_msgSender
+import Generated.erc20shim.ERC20Shim.fun_approve_420
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def fun_approve : FunctionDefinition := <f
+    function fun_approve(var_spender, var_value) -> var
+    
+{
+    let _1 := fun_msgSender()
+    fun_approve_420(_1, var_spender, var_value)
+    var := 1
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def fun_approve_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {var var_spender var_value fuel},
+         execCall fuel fun_approve [var] (s₀, [var_spender, var_value]) = s₉ →
+         Spec (C var var_spender var_value) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ var var_spender var_value fuel
+  unfold fun_approve
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (fun_msgSender_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (fun_approve_420_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve_user.lean b/Generated/erc20shim/ERC20Shim/fun_approve_user.lean
new file mode 100644
index 0000000..ffa7f5e
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_approve_user.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.fun_msgSender
+import Generated.erc20shim.ERC20Shim.fun_approve_420
+
+import Generated.erc20shim.ERC20Shim.fun_approve_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_fun_approve (var : Identifier) (var_spender var_value : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma fun_approve_abs_of_concrete {s₀ s₉ : State} {var var_spender var_value} :
+  Spec (fun_approve_concrete_of_code.1 var var_spender var_value) s₀ s₉ →
+  Spec (A_fun_approve var var_spender var_value) s₀ s₉ := by
+  unfold fun_approve_concrete_of_code A_fun_approve
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf.lean
new file mode 100644
index 0000000..c2b9b22
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+
+import Generated.erc20shim.ERC20Shim.fun_balanceOf_gen
+
+import Generated.erc20shim.ERC20Shim.fun_balanceOf_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma fun_balanceOf_abs_of_code {s₀ s₉ : State} {var var_account} {fuel : Nat} :
+  execCall fuel fun_balanceOf [var] (s₀, [var_account]) = s₉ →
+  Spec (A_fun_balanceOf var var_account) s₀ s₉
+:= λ h ↦ fun_balanceOf_abs_of_concrete (fun_balanceOf_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean
new file mode 100644
index 0000000..6f1dd58
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean
@@ -0,0 +1,107 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def fun_balanceOf : FunctionDefinition := <f
+    function fun_balanceOf(var_account) -> var
+    
+{
+    let _1 := 0
+    let _2 := mapping_index_access_mapping_address_uint256_of_address(_1, var_account)
+    var := sload(_2)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def fun_balanceOf_concrete_of_code
+: {
+    C :
+      _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {var var_account fuel},
+         execCall fuel fun_balanceOf [var] (s₀, [var_account]) = s₉ →
+         Spec (C var var_account) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ var var_account fuel
+  unfold fun_balanceOf
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (mapping_index_access_mapping_address_uint256_of_address_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSload']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
new file mode 100644
index 0000000..daddd88
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+
+import Generated.erc20shim.ERC20Shim.fun_balanceOf_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
+  Spec (fun_balanceOf_concrete_of_code.1 var var_account) s₀ s₉ →
+  Spec (A_fun_balanceOf var var_account) s₀ s₉ := by
+  unfold fun_balanceOf_concrete_of_code A_fun_balanceOf
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_decimals.lean b/Generated/erc20shim/ERC20Shim/fun_decimals.lean
new file mode 100644
index 0000000..701c7ba
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_decimals.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.fun_decimals_gen
+
+import Generated.erc20shim.ERC20Shim.fun_decimals_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma fun_decimals_abs_of_code {s₀ s₉ : State} {var } {fuel : Nat} :
+  execCall fuel fun_decimals [var] (s₀, []) = s₉ →
+  Spec (A_fun_decimals var ) s₀ s₉
+:= λ h ↦ fun_decimals_abs_of_concrete (fun_decimals_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_decimals_gen.lean b/Generated/erc20shim/ERC20Shim/fun_decimals_gen.lean
new file mode 100644
index 0000000..0b00328
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_decimals_gen.lean
@@ -0,0 +1,85 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def fun_decimals : FunctionDefinition := <f
+    function fun_decimals() -> var
+    
+{var := 18}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def fun_decimals_concrete_of_code
+: {
+    C :
+      _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {var  fuel},
+         execCall fuel fun_decimals [var] (s₀, []) = s₉ →
+         Spec (C var ) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ var  fuel
+  unfold fun_decimals
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_decimals_user.lean b/Generated/erc20shim/ERC20Shim/fun_decimals_user.lean
new file mode 100644
index 0000000..93c38c4
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_decimals_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.fun_decimals_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_fun_decimals (var : Identifier)  (s₀ s₉ : State) : Prop := sorry
+
+lemma fun_decimals_abs_of_concrete {s₀ s₉ : State} {var } :
+  Spec (fun_decimals_concrete_of_code.1 var ) s₀ s₉ →
+  Spec (A_fun_decimals var ) s₀ s₉ := by
+  unfold fun_decimals_concrete_of_code A_fun_decimals
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_msgSender.lean b/Generated/erc20shim/ERC20Shim/fun_msgSender.lean
new file mode 100644
index 0000000..3ef0fab
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_msgSender.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.fun_msgSender_gen
+
+import Generated.erc20shim.ERC20Shim.fun_msgSender_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma fun_msgSender_abs_of_code {s₀ s₉ : State} {var } {fuel : Nat} :
+  execCall fuel fun_msgSender [var] (s₀, []) = s₉ →
+  Spec (A_fun_msgSender var ) s₀ s₉
+:= λ h ↦ fun_msgSender_abs_of_concrete (fun_msgSender_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_msgSender_gen.lean b/Generated/erc20shim/ERC20Shim/fun_msgSender_gen.lean
new file mode 100644
index 0000000..7616f54
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_msgSender_gen.lean
@@ -0,0 +1,89 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def fun_msgSender : FunctionDefinition := <f
+    function fun_msgSender() -> var
+    
+{var := caller()}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def fun_msgSender_concrete_of_code
+: {
+    C :
+      _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {var  fuel},
+         execCall fuel fun_msgSender [var] (s₀, []) = s₉ →
+         Spec (C var ) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ var  fuel
+  unfold fun_msgSender
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMCaller']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_msgSender_user.lean b/Generated/erc20shim/ERC20Shim/fun_msgSender_user.lean
new file mode 100644
index 0000000..8103586
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_msgSender_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.fun_msgSender_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_fun_msgSender (var : Identifier)  (s₀ s₉ : State) : Prop := sorry
+
+lemma fun_msgSender_abs_of_concrete {s₀ s₉ : State} {var } :
+  Spec (fun_msgSender_concrete_of_code.1 var ) s₀ s₉ →
+  Spec (A_fun_msgSender var ) s₀ s₉ := by
+  unfold fun_msgSender_concrete_of_code A_fun_msgSender
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_name.lean b/Generated/erc20shim/ERC20Shim/fun_name.lean
new file mode 100644
index 0000000..08382f3
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_name.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string
+
+import Generated.erc20shim.ERC20Shim.fun_name_gen
+
+import Generated.erc20shim.ERC20Shim.fun_name_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma fun_name_abs_of_code {s₀ s₉ : State} {var__mpos } {fuel : Nat} :
+  execCall fuel fun_name [var__mpos] (s₀, []) = s₉ →
+  Spec (A_fun_name var__mpos ) s₀ s₉
+:= λ h ↦ fun_name_abs_of_concrete (fun_name_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_name_gen.lean b/Generated/erc20shim/ERC20Shim/fun_name_gen.lean
new file mode 100644
index 0000000..580e28d
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_name_gen.lean
@@ -0,0 +1,101 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def fun_name : FunctionDefinition := <f
+    function fun_name() -> var__mpos
+    
+{
+    let _1 := 3
+    var__mpos := copy_array_from_storage_to_memory_string(_1)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def fun_name_concrete_of_code
+: {
+    C :
+      _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {var__mpos  fuel},
+         execCall fuel fun_name [var__mpos] (s₀, []) = s₉ →
+         Spec (C var__mpos ) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ var__mpos  fuel
+  unfold fun_name
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (copy_array_from_storage_to_memory_string_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_name_user.lean b/Generated/erc20shim/ERC20Shim/fun_name_user.lean
new file mode 100644
index 0000000..8120c8b
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_name_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string
+
+import Generated.erc20shim.ERC20Shim.fun_name_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_fun_name (var__mpos : Identifier)  (s₀ s₉ : State) : Prop := sorry
+
+lemma fun_name_abs_of_concrete {s₀ s₉ : State} {var__mpos } :
+  Spec (fun_name_concrete_of_code.1 var__mpos ) s₀ s₉ →
+  Spec (A_fun_name var__mpos ) s₀ s₉ := by
+  unfold fun_name_concrete_of_code A_fun_name
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance.lean
new file mode 100644
index 0000000..6b9232c
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance.lean
@@ -0,0 +1,26 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.fun_allowance
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.fun__approve
+
+import Generated.erc20shim.ERC20Shim.fun_spendAllowance_gen
+
+import Generated.erc20shim.ERC20Shim.fun_spendAllowance_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma fun_spendAllowance_abs_of_code {s₀ s₉ : State} { var_owner var_spender var_value} {fuel : Nat} :
+  execCall fuel fun_spendAllowance [] (s₀, [var_owner, var_spender, var_value]) = s₉ →
+  Spec (A_fun_spendAllowance  var_owner var_spender var_value) s₀ s₉
+:= λ h ↦ fun_spendAllowance_abs_of_concrete (fun_spendAllowance_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean
new file mode 100644
index 0000000..c42503b
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean
@@ -0,0 +1,157 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.fun_allowance
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.fun__approve
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def fun_spendAllowance : FunctionDefinition := <f
+    function fun_spendAllowance(var_owner, var_spender, var_value) -> 
+    
+{
+    let var_currentAllowance := fun_allowance(var_owner, var_spender)
+    let _1 := not(0)
+    let _2 := eq(var_currentAllowance, _1)
+    let _3 := iszero(_2)
+    if _3 
+    {
+        let _4 := lt(var_currentAllowance, var_value)
+        if _4 
+        {
+            let expr := var_spender
+            let expr_1 := var_currentAllowance
+            let expr_2 := var_value
+            let _5 := 64
+            let _6 := mload(_5)
+            let _7 := shl(225, 2110234841)
+            mstore(_6, _7)
+            let _8 := 4
+            let _9 := add(_6, _8)
+            let _10 := abi_encode_address_uint256_uint256(_9, var_spender, var_currentAllowance, var_value)
+            let _11 := sub(_10, _6)
+            revert(_6, _11)
+        }
+        let expr_3 := var_owner
+        let expr_4 := var_spender
+        let _12 := 0
+        let _13 := sub(var_currentAllowance, var_value)
+        fun__approve(var_owner, var_spender, _13, _12)
+    }
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def fun_spendAllowance_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} { var_owner var_spender var_value fuel},
+         execCall fuel fun_spendAllowance [] (s₀, [var_owner, var_spender, var_value]) = s₉ →
+         Spec (C  var_owner var_spender var_value) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉  var_owner var_spender var_value fuel
+  unfold fun_spendAllowance
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (fun_allowance_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMNot']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMEq']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMIszero']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_5327145078839977110_abs_of_code if_5327145078839977110 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
new file mode 100644
index 0000000..33a7410
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
@@ -0,0 +1,27 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.fun_allowance
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.fun__approve
+
+import Generated.erc20shim.ERC20Shim.fun_spendAllowance_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_fun_spendAllowance  (var_owner var_spender var_value : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma fun_spendAllowance_abs_of_concrete {s₀ s₉ : State} { var_owner var_spender var_value} :
+  Spec (fun_spendAllowance_concrete_of_code.1  var_owner var_spender var_value) s₀ s₉ →
+  Spec (A_fun_spendAllowance  var_owner var_spender var_value) s₀ s₉ := by
+  unfold fun_spendAllowance_concrete_of_code A_fun_spendAllowance
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_symbol.lean b/Generated/erc20shim/ERC20Shim/fun_symbol.lean
new file mode 100644
index 0000000..2678863
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_symbol.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string
+
+import Generated.erc20shim.ERC20Shim.fun_symbol_gen
+
+import Generated.erc20shim.ERC20Shim.fun_symbol_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma fun_symbol_abs_of_code {s₀ s₉ : State} {var_mpos } {fuel : Nat} :
+  execCall fuel fun_symbol [var_mpos] (s₀, []) = s₉ →
+  Spec (A_fun_symbol var_mpos ) s₀ s₉
+:= λ h ↦ fun_symbol_abs_of_concrete (fun_symbol_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_symbol_gen.lean b/Generated/erc20shim/ERC20Shim/fun_symbol_gen.lean
new file mode 100644
index 0000000..719ce49
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_symbol_gen.lean
@@ -0,0 +1,101 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def fun_symbol : FunctionDefinition := <f
+    function fun_symbol() -> var_mpos
+    
+{
+    let _1 := 4
+    var_mpos := copy_array_from_storage_to_memory_string(_1)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def fun_symbol_concrete_of_code
+: {
+    C :
+      _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {var_mpos  fuel},
+         execCall fuel fun_symbol [var_mpos] (s₀, []) = s₉ →
+         Spec (C var_mpos ) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ var_mpos  fuel
+  unfold fun_symbol
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (copy_array_from_storage_to_memory_string_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_symbol_user.lean b/Generated/erc20shim/ERC20Shim/fun_symbol_user.lean
new file mode 100644
index 0000000..8c11220
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_symbol_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string
+
+import Generated.erc20shim.ERC20Shim.fun_symbol_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_fun_symbol (var_mpos : Identifier)  (s₀ s₉ : State) : Prop := sorry
+
+lemma fun_symbol_abs_of_concrete {s₀ s₉ : State} {var_mpos } :
+  Spec (fun_symbol_concrete_of_code.1 var_mpos ) s₀ s₉ →
+  Spec (A_fun_symbol var_mpos ) s₀ s₉ := by
+  unfold fun_symbol_concrete_of_code A_fun_symbol
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_totalSupply.lean b/Generated/erc20shim/ERC20Shim/fun_totalSupply.lean
new file mode 100644
index 0000000..817f796
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_totalSupply.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.fun_totalSupply_gen
+
+import Generated.erc20shim.ERC20Shim.fun_totalSupply_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma fun_totalSupply_abs_of_code {s₀ s₉ : State} {var_ } {fuel : Nat} :
+  execCall fuel fun_totalSupply [var_] (s₀, []) = s₉ →
+  Spec (A_fun_totalSupply var_ ) s₀ s₉
+:= λ h ↦ fun_totalSupply_abs_of_concrete (fun_totalSupply_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean b/Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean
new file mode 100644
index 0000000..9785664
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean
@@ -0,0 +1,93 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def fun_totalSupply : FunctionDefinition := <f
+    function fun_totalSupply() -> var_
+    
+{
+    let _1 := 2
+    var_ := sload(_1)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def fun_totalSupply_concrete_of_code
+: {
+    C :
+      _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {var_  fuel},
+         execCall fuel fun_totalSupply [var_] (s₀, []) = s₉ →
+         Spec (C var_ ) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ var_  fuel
+  unfold fun_totalSupply
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSload']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
new file mode 100644
index 0000000..50a105b
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.fun_totalSupply_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_fun_totalSupply (var_ : Identifier)  (s₀ s₉ : State) : Prop := sorry
+
+lemma fun_totalSupply_abs_of_concrete {s₀ s₉ : State} {var_ } :
+  Spec (fun_totalSupply_concrete_of_code.1 var_ ) s₀ s₉ →
+  Spec (A_fun_totalSupply var_ ) s₀ s₉ := by
+  unfold fun_totalSupply_concrete_of_code A_fun_totalSupply
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_transfer.lean b/Generated/erc20shim/ERC20Shim/fun_transfer.lean
new file mode 100644
index 0000000..aaa2415
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_transfer.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.fun_msgSender
+import Generated.erc20shim.ERC20Shim.fun__transfer
+
+import Generated.erc20shim.ERC20Shim.fun_transfer_gen
+
+import Generated.erc20shim.ERC20Shim.fun_transfer_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma fun_transfer_abs_of_code {s₀ s₉ : State} {var var_to var_value} {fuel : Nat} :
+  execCall fuel fun_transfer [var] (s₀, [var_to, var_value]) = s₉ →
+  Spec (A_fun_transfer var var_to var_value) s₀ s₉
+:= λ h ↦ fun_transfer_abs_of_concrete (fun_transfer_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom.lean
new file mode 100644
index 0000000..d6f0fbd
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.fun_msgSender
+import Generated.erc20shim.ERC20Shim.fun_spendAllowance
+import Generated.erc20shim.ERC20Shim.fun__transfer
+
+import Generated.erc20shim.ERC20Shim.fun_transferFrom_gen
+
+import Generated.erc20shim.ERC20Shim.fun_transferFrom_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma fun_transferFrom_abs_of_code {s₀ s₉ : State} {var var_from var_to var_value} {fuel : Nat} :
+  execCall fuel fun_transferFrom [var] (s₀, [var_from, var_to, var_value]) = s₉ →
+  Spec (A_fun_transferFrom var var_from var_to var_value) s₀ s₉
+:= λ h ↦ fun_transferFrom_abs_of_concrete (fun_transferFrom_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom_gen.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom_gen.lean
new file mode 100644
index 0000000..ad4baf9
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom_gen.lean
@@ -0,0 +1,135 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.fun_msgSender
+import Generated.erc20shim.ERC20Shim.fun_spendAllowance
+import Generated.erc20shim.ERC20Shim.fun__transfer
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def fun_transferFrom : FunctionDefinition := <f
+    function fun_transferFrom(var_from, var_to, var_value) -> var
+    
+{
+    let _1 := fun_msgSender()
+    fun_spendAllowance(var_from, _1, var_value)
+    fun__transfer(var_from, var_to, var_value)
+    var := 1
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def fun_transferFrom_concrete_of_code
+: {
+    C :
+      _ → _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {var var_from var_to var_value fuel},
+         execCall fuel fun_transferFrom [var] (s₀, [var_from, var_to, var_value]) = s₉ →
+         Spec (C var var_from var_to var_value) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ var var_from var_to var_value fuel
+  unfold fun_transferFrom
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (fun_msgSender_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (fun_spendAllowance_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (fun__transfer_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
new file mode 100644
index 0000000..07e1104
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
@@ -0,0 +1,26 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.fun_msgSender
+import Generated.erc20shim.ERC20Shim.fun_spendAllowance
+import Generated.erc20shim.ERC20Shim.fun__transfer
+
+import Generated.erc20shim.ERC20Shim.fun_transferFrom_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_fun_transferFrom (var : Identifier) (var_from var_to var_value : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma fun_transferFrom_abs_of_concrete {s₀ s₉ : State} {var var_from var_to var_value} :
+  Spec (fun_transferFrom_concrete_of_code.1 var var_from var_to var_value) s₀ s₉ →
+  Spec (A_fun_transferFrom var var_from var_to var_value) s₀ s₉ := by
+  unfold fun_transferFrom_concrete_of_code A_fun_transferFrom
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_transfer_gen.lean b/Generated/erc20shim/ERC20Shim/fun_transfer_gen.lean
new file mode 100644
index 0000000..7a22dc2
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_transfer_gen.lean
@@ -0,0 +1,118 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.fun_msgSender
+import Generated.erc20shim.ERC20Shim.fun__transfer
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def fun_transfer : FunctionDefinition := <f
+    function fun_transfer(var_to, var_value) -> var
+    
+{
+    let _1 := fun_msgSender()
+    fun__transfer(_1, var_to, var_value)
+    var := 1
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def fun_transfer_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {var var_to var_value fuel},
+         execCall fuel fun_transfer [var] (s₀, [var_to, var_value]) = s₉ →
+         Spec (C var var_to var_value) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ var var_to var_value fuel
+  unfold fun_transfer
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (fun_msgSender_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons, ExprStmtCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- simp [Var']
+  -- simp [Var']
+  -- simp [Var']
+  try simp
+  
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (fun__transfer_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_transfer_user.lean b/Generated/erc20shim/ERC20Shim/fun_transfer_user.lean
new file mode 100644
index 0000000..fb9421d
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_transfer_user.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.fun_msgSender
+import Generated.erc20shim.ERC20Shim.fun__transfer
+
+import Generated.erc20shim.ERC20Shim.fun_transfer_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_fun_transfer (var : Identifier) (var_to var_value : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma fun_transfer_abs_of_concrete {s₀ s₉ : State} {var var_to var_value} :
+  Spec (fun_transfer_concrete_of_code.1 var var_to var_value) s₀ s₉ →
+  Spec (A_fun_transfer var var_to var_value) s₀ s₉ := by
+  unfold fun_transfer_concrete_of_code A_fun_transfer
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_update.lean b/Generated/erc20shim/ERC20Shim/fun_update.lean
new file mode 100644
index 0000000..a1efff8
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_update.lean
@@ -0,0 +1,29 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256
+import Generated.erc20shim.ERC20Shim.checked_add_uint256
+import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256
+
+import Generated.erc20shim.ERC20Shim.fun_update_gen
+
+import Generated.erc20shim.ERC20Shim.fun_update_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma fun_update_abs_of_code {s₀ s₉ : State} { var_from var_to var_value} {fuel : Nat} :
+  execCall fuel fun_update [] (s₀, [var_from, var_to, var_value]) = s₉ →
+  Spec (A_fun_update  var_from var_to var_value) s₀ s₉
+:= λ h ↦ fun_update_abs_of_concrete (fun_update_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_update_gen.lean b/Generated/erc20shim/ERC20Shim/fun_update_gen.lean
new file mode 100644
index 0000000..98dc07d
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_update_gen.lean
@@ -0,0 +1,253 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256
+import Generated.erc20shim.ERC20Shim.checked_add_uint256
+import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def fun_update : FunctionDefinition := <f
+    function fun_update(var_from, var_to, var_value) -> 
+    
+{
+    let expr := var_from
+    let _1 := sub(shl(160, 1), 1)
+    let _2 := and(var_from, _1)
+    let _3 := iszero(_2)
+    switch _3 case 0 {
+        let _4 := 0
+        let _5 := mapping_index_access_mapping_address_uint256_of_address(_4, var_from)
+        let _6 := sload(_5)
+        let var_fromBalance := _6
+        let _7 := lt(_6, var_value)
+        if _7 
+        {
+            let expr_1 := var_from
+            let expr_2 := _6
+            let expr_3 := var_value
+            let _8 := 64
+            let _9 := mload(_8)
+            let _10 := shl(226, 957625571)
+            mstore(_9, _10)
+            let _11 := 4
+            let _12 := add(_9, _11)
+            let _13 := abi_encode_address_uint256_uint256(_12, var_from, _6, var_value)
+            let _14 := sub(_13, _9)
+            revert(_9, _14)
+        }
+        let expr_4 := sub(_6, var_value)
+        let _15 := _4
+        let _16 := mapping_index_access_mapping_address_uint256_of_address(_4, var_from)
+        update_storage_value_offsett_uint256_to_uint256(_16, expr_4)
+    }
+    default
+    {
+        let _17 := 2
+        let _18 := sload(_17)
+        let _19 := _18
+        let _20 := checked_add_uint256(_18, var_value)
+        let _21 := _17
+        update_storage_value_offsett_uint256_to_uint256(_17, _20)
+    }
+    let expr_5 := var_to
+    let _22 := _1
+    let _23 := and(var_to, _1)
+    let _24 := iszero(_23)
+    switch _24 case 0 {
+        let expr_6 := var_value
+        let _25 := 0
+        let _26 := mapping_index_access_mapping_address_uint256_of_address(_25, var_to)
+        let _27 := sload(_26)
+        let _28 := _27
+        let _29 := add(_27, var_value)
+        update_storage_value_offsett_uint256_to_uint256(_26, _29)
+    }
+    default
+    {
+        let _30 := 2
+        let _31 := sload(_30)
+        let _32 := _31
+        let _33 := sub(_31, var_value)
+        let _34 := _30
+        update_storage_value_offsett_uint256_to_uint256(_30, _33)
+    }
+    let expr_7 := var_from
+    let expr_8 := var_to
+    let expr_9 := var_value
+    let _35 := 100389287136786176327247604509743168900146139575972864366142685224231313322991
+    let _36 := _2
+    let _37 := _23
+    let _38 := 64
+    let _39 := mload(_38)
+    let _40 := abi_encode_uint256(_39, var_value)
+    let _41 := sub(_40, _39)
+    log3(_39, _41, _35, _2, _23)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def fun_update_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} { var_from var_to var_value fuel},
+         execCall fuel fun_update [] (s₀, [var_from, var_to, var_value]) = s₉ →
+         Spec (C  var_from var_to var_value) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉  var_from var_to var_value fuel
+  unfold fun_update
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMIszero']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract switch_2364266820542243941_abs_of_code switch_2364266820542243941 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMIszero']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract switch_1041419350816529734_abs_of_code switch_1041419350816529734 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMMload']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMLog3']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_update_user.lean b/Generated/erc20shim/ERC20Shim/fun_update_user.lean
new file mode 100644
index 0000000..d1e01b1
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/fun_update_user.lean
@@ -0,0 +1,30 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256
+import Generated.erc20shim.ERC20Shim.checked_add_uint256
+import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256
+
+import Generated.erc20shim.ERC20Shim.fun_update_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+def A_fun_update  (var_from var_to var_value : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma fun_update_abs_of_concrete {s₀ s₉ : State} { var_from var_to var_value} :
+  Spec (fun_update_concrete_of_code.1  var_from var_to var_value) s₀ s₉ →
+  Spec (A_fun_update  var_from var_to var_value) s₀ s₉ := by
+  unfold fun_update_concrete_of_code A_fun_update
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address.lean
new file mode 100644
index 0000000..c3a29ca
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma mapping_index_access_mapping_address_mapping_address_uint256_of_address_abs_of_code {s₀ s₉ : State} {dataSlot slot key} {fuel : Nat} :
+  execCall fuel mapping_index_access_mapping_address_mapping_address_uint256_of_address [dataSlot] (s₀, [slot, key]) = s₉ →
+  Spec (A_mapping_index_access_mapping_address_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉
+:= λ h ↦ mapping_index_access_mapping_address_mapping_address_uint256_of_address_abs_of_concrete (mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen.lean
new file mode 100644
index 0000000..082c33e
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen.lean
@@ -0,0 +1,119 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def mapping_index_access_mapping_address_mapping_address_uint256_of_address : FunctionDefinition := <f
+    function mapping_index_access_mapping_address_mapping_address_uint256_of_address(slot, key) -> dataSlot
+    
+{
+    let _1 := and(key, sub(shl(160, 1), 1))
+    let _2 := 0
+    mstore(_2, _1)
+    let _3 := 32
+    mstore(_3, slot)
+    let _4 := 64
+    let _5 := _2
+    dataSlot := keccak256(_2, _4)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {dataSlot slot key fuel},
+         execCall fuel mapping_index_access_mapping_address_mapping_address_uint256_of_address [dataSlot] (s₀, [slot, key]) = s₉ →
+         Spec (C dataSlot slot key) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ dataSlot slot key fuel
+  unfold mapping_index_access_mapping_address_mapping_address_uint256_of_address
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMKeccak256']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
new file mode 100644
index 0000000..ff0e10f
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_mapping_index_access_mapping_address_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma mapping_index_access_mapping_address_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
+  Spec (mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
+  Spec (A_mapping_index_access_mapping_address_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
+  unfold mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_mapping_address_uint256_of_address
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address.lean
new file mode 100644
index 0000000..1986749
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_gen
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_code {s₀ s₉ : State} {dataSlot slot key} {fuel : Nat} :
+  execCall fuel mapping_index_access_mapping_address_uint256_of_address [dataSlot] (s₀, [slot, key]) = s₉ →
+  Spec (A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉
+:= λ h ↦ mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete (mapping_index_access_mapping_address_uint256_of_address_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_gen.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_gen.lean
new file mode 100644
index 0000000..b44d4bb
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_gen.lean
@@ -0,0 +1,119 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def mapping_index_access_mapping_address_uint256_of_address : FunctionDefinition := <f
+    function mapping_index_access_mapping_address_uint256_of_address(slot, key) -> dataSlot
+    
+{
+    let _1 := and(key, sub(shl(160, 1), 1))
+    let _2 := 0
+    mstore(_2, _1)
+    let _3 := 32
+    mstore(_3, slot)
+    let _4 := 64
+    let _5 := _2
+    dataSlot := keccak256(_2, _4)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def mapping_index_access_mapping_address_uint256_of_address_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {dataSlot slot key fuel},
+         execCall fuel mapping_index_access_mapping_address_uint256_of_address [dataSlot] (s₀, [slot, key]) = s₉ →
+         Spec (C dataSlot slot key) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ dataSlot slot key fuel
+  unfold mapping_index_access_mapping_address_uint256_of_address
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMKeccak256']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
new file mode 100644
index 0000000..d5574bc
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
+  Spec (mapping_index_access_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
+  Spec (A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
+  unfold mapping_index_access_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_uint256_of_address
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x11.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x11.lean
new file mode 100644
index 0000000..24cc0d7
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x11.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x11_gen
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x11_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma panic_error_0x11_abs_of_code {s₀ s₉ : State}  } {fuel : Nat} :
+  execCall fuel panic_error_0x11 [] (s₀, []) = s₉ →
+  Spec (A_panic_error_0x11  ) s₀ s₉
+:= λ h ↦ panic_error_0x11_abs_of_concrete (panic_error_0x11_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean
new file mode 100644
index 0000000..8151c0d
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean
@@ -0,0 +1,122 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def panic_error_0x11 : FunctionDefinition := <f
+    function panic_error_0x11() -> 
+    
+{
+    let _1 := shl(224, 1313373041)
+    let _2 := 0
+    mstore(_2, _1)
+    let _3 := 17
+    let _4 := 4
+    mstore(_4, _3)
+    let _5 := 36
+    let _6 := _2
+    revert(_2, _5)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def panic_error_0x11_concrete_of_code
+: {
+    C :
+      
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {  fuel},
+         execCall fuel panic_error_0x11 [] (s₀, []) = s₉ →
+         Spec (C  ) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉   fuel
+  unfold panic_error_0x11
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMShl']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMRevert']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x11_user.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x11_user.lean
new file mode 100644
index 0000000..ac78615
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x11_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x11_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_panic_error_0x11   (s₀ s₉ : State) : Prop := sorry
+
+lemma panic_error_0x11_abs_of_concrete {s₀ s₉ : State}  } :
+  Spec (panic_error_0x11_concrete_of_code.1  ) s₀ s₉ →
+  Spec (A_panic_error_0x11  ) s₀ s₉ := by
+  unfold panic_error_0x11_concrete_of_code A_panic_error_0x11
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x22.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x22.lean
new file mode 100644
index 0000000..e94476c
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x22.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x22_gen
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x22_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma panic_error_0x22_abs_of_code {s₀ s₉ : State}  } {fuel : Nat} :
+  execCall fuel panic_error_0x22 [] (s₀, []) = s₉ →
+  Spec (A_panic_error_0x22  ) s₀ s₉
+:= λ h ↦ panic_error_0x22_abs_of_concrete (panic_error_0x22_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x22_gen.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x22_gen.lean
new file mode 100644
index 0000000..55c046b
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x22_gen.lean
@@ -0,0 +1,122 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def panic_error_0x22 : FunctionDefinition := <f
+    function panic_error_0x22() -> 
+    
+{
+    let _1 := shl(224, 1313373041)
+    let _2 := 0
+    mstore(_2, _1)
+    let _3 := 34
+    let _4 := 4
+    mstore(_4, _3)
+    let _5 := 36
+    let _6 := _2
+    revert(_2, _5)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def panic_error_0x22_concrete_of_code
+: {
+    C :
+      
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {  fuel},
+         execCall fuel panic_error_0x22 [] (s₀, []) = s₉ →
+         Spec (C  ) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉   fuel
+  unfold panic_error_0x22
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMShl']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMRevert']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x22_user.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x22_user.lean
new file mode 100644
index 0000000..6cdddce
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x22_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x22_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_panic_error_0x22   (s₀ s₉ : State) : Prop := sorry
+
+lemma panic_error_0x22_abs_of_concrete {s₀ s₉ : State}  } :
+  Spec (panic_error_0x22_concrete_of_code.1  ) s₀ s₉ →
+  Spec (A_panic_error_0x22  ) s₀ s₉ := by
+  unfold panic_error_0x22_concrete_of_code A_panic_error_0x22
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x41.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x41.lean
new file mode 100644
index 0000000..033e1f0
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x41.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x41_gen
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x41_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma panic_error_0x41_abs_of_code {s₀ s₉ : State}  } {fuel : Nat} :
+  execCall fuel panic_error_0x41 [] (s₀, []) = s₉ →
+  Spec (A_panic_error_0x41  ) s₀ s₉
+:= λ h ↦ panic_error_0x41_abs_of_concrete (panic_error_0x41_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x41_gen.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x41_gen.lean
new file mode 100644
index 0000000..b1634cc
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x41_gen.lean
@@ -0,0 +1,122 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def panic_error_0x41 : FunctionDefinition := <f
+    function panic_error_0x41() -> 
+    
+{
+    let _1 := shl(224, 1313373041)
+    let _2 := 0
+    mstore(_2, _1)
+    let _3 := 65
+    let _4 := 4
+    mstore(_4, _3)
+    let _5 := 36
+    let _6 := _2
+    revert(_2, _5)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def panic_error_0x41_concrete_of_code
+: {
+    C :
+      
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {  fuel},
+         execCall fuel panic_error_0x41 [] (s₀, []) = s₉ →
+         Spec (C  ) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉   fuel
+  unfold panic_error_0x41
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMShl']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMRevert']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x41_user.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x41_user.lean
new file mode 100644
index 0000000..4826936
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x41_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.panic_error_0x41_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_panic_error_0x41   (s₀ s₉ : State) : Prop := sorry
+
+lemma panic_error_0x41_abs_of_concrete {s₀ s₉ : State}  } :
+  Spec (panic_error_0x41_concrete_of_code.1  ) s₀ s₉ →
+  Spec (A_panic_error_0x41  ) s₀ s₉ := by
+  unfold panic_error_0x41_concrete_of_code A_panic_error_0x41
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74.lean b/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74.lean
new file mode 100644
index 0000000..97c0e34
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen
+
+import Generated.erc20shim.ERC20Shim.revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_abs_of_code {s₀ s₉ : State}  } {fuel : Nat} :
+  execCall fuel revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74 [] (s₀, []) = s₉ →
+  Spec (A_revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74  ) s₀ s₉
+:= λ h ↦ revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_abs_of_concrete (revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen.lean b/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen.lean
new file mode 100644
index 0000000..7a7fefe
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen.lean
@@ -0,0 +1,96 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74 : FunctionDefinition := <f
+    function revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74() -> 
+    
+{
+    let _1 := 0
+    let _2 := _1
+    revert(_1, _1)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_concrete_of_code
+: {
+    C :
+      
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {  fuel},
+         execCall fuel revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74 [] (s₀, []) = s₉ →
+         Spec (C  ) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉   fuel
+  unfold revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMRevert']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_user.lean b/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_user.lean
new file mode 100644
index 0000000..19aae0d
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74   (s₀ s₉ : State) : Prop := sorry
+
+lemma revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_abs_of_concrete {s₀ s₉ : State}  } :
+  Spec (revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_concrete_of_code.1  ) s₀ s₉ →
+  Spec (A_revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74  ) s₀ s₉ := by
+  unfold revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_concrete_of_code A_revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb.lean b/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb.lean
new file mode 100644
index 0000000..71185ec
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen
+
+import Generated.erc20shim.ERC20Shim.revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_abs_of_code {s₀ s₉ : State}  } {fuel : Nat} :
+  execCall fuel revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb [] (s₀, []) = s₉ →
+  Spec (A_revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb  ) s₀ s₉
+:= λ h ↦ revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_abs_of_concrete (revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen.lean b/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen.lean
new file mode 100644
index 0000000..fbc34ac
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen.lean
@@ -0,0 +1,96 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb : FunctionDefinition := <f
+    function revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb() -> 
+    
+{
+    let _1 := 0
+    let _2 := _1
+    revert(_1, _1)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_concrete_of_code
+: {
+    C :
+      
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {  fuel},
+         execCall fuel revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb [] (s₀, []) = s₉ →
+         Spec (C  ) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉   fuel
+  unfold revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMRevert']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_user.lean b/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_user.lean
new file mode 100644
index 0000000..668329e
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb   (s₀ s₉ : State) : Prop := sorry
+
+lemma revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_abs_of_concrete {s₀ s₉ : State}  } :
+  Spec (revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_concrete_of_code.1  ) s₀ s₉ →
+  Spec (A_revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb  ) s₀ s₉ := by
+  unfold revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_concrete_of_code A_revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b.lean b/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b.lean
new file mode 100644
index 0000000..45e55ba
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen
+
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_abs_of_code {s₀ s₉ : State}  } {fuel : Nat} :
+  execCall fuel revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b [] (s₀, []) = s₉ →
+  Spec (A_revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b  ) s₀ s₉
+:= λ h ↦ revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_abs_of_concrete (revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen.lean b/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen.lean
new file mode 100644
index 0000000..2c27564
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen.lean
@@ -0,0 +1,96 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b : FunctionDefinition := <f
+    function revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b() -> 
+    
+{
+    let _1 := 0
+    let _2 := _1
+    revert(_1, _1)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_concrete_of_code
+: {
+    C :
+      
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {  fuel},
+         execCall fuel revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b [] (s₀, []) = s₉ →
+         Spec (C  ) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉   fuel
+  unfold revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMRevert']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_user.lean b/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_user.lean
new file mode 100644
index 0000000..8ef0836
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b   (s₀ s₉ : State) : Prop := sorry
+
+lemma revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_abs_of_concrete {s₀ s₉ : State}  } :
+  Spec (revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_concrete_of_code.1  ) s₀ s₉ →
+  Spec (A_revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b  ) s₀ s₉ := by
+  unfold revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_concrete_of_code A_revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/update_byte_slice_shift.lean b/Generated/erc20shim/ERC20Shim/update_byte_slice_shift.lean
new file mode 100644
index 0000000..32894b7
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/update_byte_slice_shift.lean
@@ -0,0 +1,22 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.update_byte_slice_shift_gen
+
+import Generated.erc20shim.ERC20Shim.update_byte_slice_shift_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+lemma update_byte_slice_shift_abs_of_code {s₀ s₉ : State} {result value toInsert} {fuel : Nat} :
+  execCall fuel update_byte_slice_shift [result] (s₀, [value, toInsert]) = s₉ →
+  Spec (A_update_byte_slice_shift result value toInsert) s₀ s₉
+:= λ h ↦ update_byte_slice_shift_abs_of_concrete (update_byte_slice_shift_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/update_byte_slice_shift_gen.lean b/Generated/erc20shim/ERC20Shim/update_byte_slice_shift_gen.lean
new file mode 100644
index 0000000..397e29c
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/update_byte_slice_shift_gen.lean
@@ -0,0 +1,89 @@
+import Clear.ReasoningPrinciple
+
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def update_byte_slice_shift : FunctionDefinition := <f
+    function update_byte_slice_shift(value, toInsert) -> result
+    
+{
+    toInsert := toInsert
+    result := toInsert
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def update_byte_slice_shift_concrete_of_code
+: {
+    C :
+      _ → _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {result value toInsert fuel},
+         execCall fuel update_byte_slice_shift [result] (s₀, [value, toInsert]) = s₉ →
+         Spec (C result value toInsert) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ result value toInsert fuel
+  unfold update_byte_slice_shift
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/update_byte_slice_shift_user.lean b/Generated/erc20shim/ERC20Shim/update_byte_slice_shift_user.lean
new file mode 100644
index 0000000..78b95f7
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/update_byte_slice_shift_user.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+
+import Generated.erc20shim.ERC20Shim.update_byte_slice_shift_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+
+def A_update_byte_slice_shift (result : Identifier) (value toInsert : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma update_byte_slice_shift_abs_of_concrete {s₀ s₉ : State} {result value toInsert} :
+  Spec (update_byte_slice_shift_concrete_of_code.1 result value toInsert) s₀ s₉ →
+  Spec (A_update_byte_slice_shift result value toInsert) s₀ s₉ := by
+  unfold update_byte_slice_shift_concrete_of_code A_update_byte_slice_shift
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256.lean b/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256.lean
new file mode 100644
index 0000000..4839f24
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.update_byte_slice_shift
+
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256_gen
+
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma update_storage_value_offsett_uint256_to_uint256_abs_of_code {s₀ s₉ : State} { slot value} {fuel : Nat} :
+  execCall fuel update_storage_value_offsett_uint256_to_uint256 [] (s₀, [slot, value]) = s₉ →
+  Spec (A_update_storage_value_offsett_uint256_to_uint256  slot value) s₀ s₉
+:= λ h ↦ update_storage_value_offsett_uint256_to_uint256_abs_of_concrete (update_storage_value_offsett_uint256_to_uint256_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_gen.lean
new file mode 100644
index 0000000..7bb39fc
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_gen.lean
@@ -0,0 +1,112 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.update_byte_slice_shift
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def update_storage_value_offsett_uint256_to_uint256 : FunctionDefinition := <f
+    function update_storage_value_offsett_uint256_to_uint256(slot, value) -> 
+    
+{
+    let _1 := sload(slot)
+    let _2 := update_byte_slice_shift(_1, value)
+    sstore(slot, _2)
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def update_storage_value_offsett_uint256_to_uint256_concrete_of_code
+: {
+    C :
+      _ → _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} { slot value fuel},
+         execCall fuel update_storage_value_offsett_uint256_to_uint256 [] (s₀, [slot, value]) = s₉ →
+         Spec (C  slot value) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉  slot value fuel
+  unfold update_storage_value_offsett_uint256_to_uint256
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSload']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (update_byte_slice_shift_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  -- EXPR 
+  rw [EVMSstore']
+  try simp
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_user.lean b/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_user.lean
new file mode 100644
index 0000000..f2cb5fc
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.update_byte_slice_shift
+
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def A_update_storage_value_offsett_uint256_to_uint256  (slot value : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma update_storage_value_offsett_uint256_to_uint256_abs_of_concrete {s₀ s₉ : State} { slot value} :
+  Spec (update_storage_value_offsett_uint256_to_uint256_concrete_of_code.1  slot value) s₀ s₉ →
+  Spec (A_update_storage_value_offsett_uint256_to_uint256  slot value) s₀ s₉ := by
+  unfold update_storage_value_offsett_uint256_to_uint256_concrete_of_code A_update_storage_value_offsett_uint256_to_uint256
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/validator_revert_address.lean b/Generated/erc20shim/ERC20Shim/validator_revert_address.lean
new file mode 100644
index 0000000..93f93f0
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/validator_revert_address.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506
+
+import Generated.erc20shim.ERC20Shim.validator_revert_address_gen
+
+import Generated.erc20shim.ERC20Shim.validator_revert_address_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common 
+
+lemma validator_revert_address_abs_of_code {s₀ s₉ : State} { value} {fuel : Nat} :
+  execCall fuel validator_revert_address [] (s₀, [value]) = s₉ →
+  Spec (A_validator_revert_address  value) s₀ s₉
+:= λ h ↦ validator_revert_address_abs_of_concrete (validator_revert_address_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/validator_revert_address_gen.lean b/Generated/erc20shim/ERC20Shim/validator_revert_address_gen.lean
new file mode 100644
index 0000000..124de7a
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/validator_revert_address_gen.lean
@@ -0,0 +1,129 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common 
+
+def validator_revert_address : FunctionDefinition := <f
+    function validator_revert_address(value) -> 
+    
+{
+    let _1 := sub(shl(160, 1), 1)
+    let _2 := and(value, _1)
+    let _3 := eq(value, _2)
+    let _4 := iszero(_3)
+    if _4 
+    {
+        let _5 := 0
+        let _6 := _5
+        revert(_5, _5)
+    }
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def validator_revert_address_concrete_of_code
+: {
+    C :
+      _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} { value fuel},
+         execCall fuel validator_revert_address [] (s₀, [value]) = s₉ →
+         Spec (C  value) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉  value fuel
+  unfold validator_revert_address
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMSub']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMAnd']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMEq']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  rw [EVMIszero']
+  try simp
+  
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_8073281237182003506_abs_of_code if_8073281237182003506 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/validator_revert_address_user.lean b/Generated/erc20shim/ERC20Shim/validator_revert_address_user.lean
new file mode 100644
index 0000000..6853d66
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/validator_revert_address_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506
+
+import Generated.erc20shim.ERC20Shim.validator_revert_address_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common 
+
+def A_validator_revert_address  (value : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma validator_revert_address_abs_of_concrete {s₀ s₉ : State} { value} :
+  Spec (validator_revert_address_concrete_of_code.1  value) s₀ s₉ →
+  Spec (A_validator_revert_address  value) s₀ s₉ := by
+  unfold validator_revert_address_concrete_of_code A_validator_revert_address
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/validator_revert_uint256.lean b/Generated/erc20shim/ERC20Shim/validator_revert_uint256.lean
new file mode 100644
index 0000000..90229d7
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/validator_revert_uint256.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229
+
+import Generated.erc20shim.ERC20Shim.validator_revert_uint256_gen
+
+import Generated.erc20shim.ERC20Shim.validator_revert_uint256_user
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common 
+
+lemma validator_revert_uint256_abs_of_code {s₀ s₉ : State} { value} {fuel : Nat} :
+  execCall fuel validator_revert_uint256 [] (s₀, [value]) = s₉ →
+  Spec (A_validator_revert_uint256  value) s₀ s₉
+:= λ h ↦ validator_revert_uint256_abs_of_concrete (validator_revert_uint256_concrete_of_code.2 h)
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/validator_revert_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/validator_revert_uint256_gen.lean
new file mode 100644
index 0000000..6df6a22
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/validator_revert_uint256_gen.lean
@@ -0,0 +1,107 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common 
+
+def validator_revert_uint256 : FunctionDefinition := <f
+    function validator_revert_uint256(value) -> 
+    
+{
+    let _1 := 0
+    if _1 
+    {
+        let _2 := _1
+        let _3 := _1
+        revert(_1, _1)
+    }
+}
+    
+>
+
+set_option maxRecDepth 4000
+set_option maxHeartbeats 300000
+
+def validator_revert_uint256_concrete_of_code
+: {
+    C :
+      _ → 
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} { value fuel},
+         execCall fuel validator_revert_uint256 [] (s₀, [value]) = s₉ →
+         Spec (C  value) s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉  value fuel
+  unfold validator_revert_uint256
+
+  unfold Spec
+  rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize Def _ _ _ = f; aesop
+  · generalize Def _ _ _ = f; aesop
+  swap
+  generalize hok : Ok evm store = s₀
+  intros h _
+  revert h
+
+  unfold execCall
+  unfold call
+  unfold params body rets
+  conv => simp_match
+  conv => pattern List.map _ _; simp
+  conv => pattern mkOk _; rw [← hok]; simp
+  conv => pattern setStore _; rw [← hok]; simp
+
+  generalize hs₁ : initcall _ _ _ = s₁
+  let_unfold s₁
+  generalize hbody : exec _ _ _ = s₂
+  revert hbody
+  generalize hs₉ : multifill' _ _ = s₉'
+
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  -- abstraction offsetting
+  rw [cons]
+  generalize hxs : Block _ = xs
+  abstract if_1438067688173587229_abs_of_code if_1438067688173587229 with ss hs
+  try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro ss (And.intro hs ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  subst xs
+  
+  -- finish offsetting
+  subst hs₉
+  intros hbody
+  subst hbody
+  subst hs₁
+  rw [← hok]
+  repeat {rw [lookup_insert' (by aesop)]}
+  repeat {rw [lookup_insert_of_ne (by decide)]}
+  try rw [lookup_initcall_1]
+  try rw [lookup_initcall_2 ?_]
+  try rw [lookup_initcall_3 ?_]
+  try rw [lookup_initcall_4 ?_]
+  try rw [lookup_initcall_5 ?_]
+  all_goals try decide
+  let_unfold s₂
+  simp [multifill']
+  try {rw [reviveJump_insert (by aesop)]}
+  repeat {rw [lookup_insert' (by aesop)]}
+  try simp
+  rw [hok]
+  intros h
+  exact h
+
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/validator_revert_uint256_user.lean b/Generated/erc20shim/ERC20Shim/validator_revert_uint256_user.lean
new file mode 100644
index 0000000..752829a
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/validator_revert_uint256_user.lean
@@ -0,0 +1,24 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229
+
+import Generated.erc20shim.ERC20Shim.validator_revert_uint256_gen
+
+
+namespace Generated.erc20shim.ERC20Shim
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common 
+
+def A_validator_revert_uint256  (value : Literal) (s₀ s₉ : State) : Prop := sorry
+
+lemma validator_revert_uint256_abs_of_concrete {s₀ s₉ : State} { value} :
+  Spec (validator_revert_uint256_concrete_of_code.1  value) s₀ s₉ →
+  Spec (A_validator_revert_uint256  value) s₀ s₉ := by
+  unfold validator_revert_uint256_concrete_of_code A_validator_revert_uint256
+  sorry
+
+end
+
+end Generated.erc20shim.ERC20Shim
diff --git a/vc/stack.yaml b/vc/stack.yaml
index 4d91b54..b51bbf9 100644
--- a/vc/stack.yaml
+++ b/vc/stack.yaml
@@ -17,8 +17,8 @@
 #
 # resolver: ./custom-snapshot.yaml
 # resolver: https://example.com/snapshots/2018-01-01.yaml
-resolver:
-  url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/20/11.yaml
+resolver: lts-20.11
+# https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/20/11.yaml
 
 # User packages to be built.
 # Various formats can be used as shown in the example below.
@@ -66,5 +66,3 @@ packages:
 # Allow a newer minor version of GHC than the snapshot specifies
 # compiler-check: newer-minor
 
-configure-options:
-  $targets: []

From 8966ea25492d590f2601a7fcd87d9fa74e2b7c54 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Tue, 6 Aug 2024 14:25:16 +0200
Subject: [PATCH 02/89] totalSupply verification

---
 Generated/erc20shim/ERC20Shim/Variables.lean      | 15 +++++++++++++++
 .../erc20shim/ERC20Shim/fun_totalSupply_user.lean |  7 ++++---
 2 files changed, 19 insertions(+), 3 deletions(-)
 create mode 100644 Generated/erc20shim/ERC20Shim/Variables.lean

diff --git a/Generated/erc20shim/ERC20Shim/Variables.lean b/Generated/erc20shim/ERC20Shim/Variables.lean
new file mode 100644
index 0000000..75340a1
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Variables.lean
@@ -0,0 +1,15 @@
+import Clear.UInt256
+
+namespace Generated.erc20shim.ERC20Shim
+
+structure PrivateAddresses where
+    balances    : UInt256
+    allowances  : UInt256
+    totalSupply : UInt256
+    name        : UInt256
+    symbol      : UInt256
+
+def ERC20Private : PrivateAddresses :=
+  { balances := 0, allowances := 1, totalSupply := 2, name := 3, symbol := 4 }
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
index 50a105b..a649948 100644
--- a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
@@ -2,7 +2,7 @@ import Clear.ReasoningPrinciple
 
 
 import Generated.erc20shim.ERC20Shim.fun_totalSupply_gen
-
+import Generated.erc20shim.ERC20Shim.Variables
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -10,13 +10,14 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-def A_fun_totalSupply (var_ : Identifier)  (s₀ s₉ : State) : Prop := sorry
+def A_fun_totalSupply (var_ : Identifier)  (s₀ s₉ : State) : Prop :=
+  s₉ = s₀⟦var_ ↦ s₀.evm.sload ERC20Private.totalSupply ⟧
 
 lemma fun_totalSupply_abs_of_concrete {s₀ s₉ : State} {var_ } :
   Spec (fun_totalSupply_concrete_of_code.1 var_ ) s₀ s₉ →
   Spec (A_fun_totalSupply var_ ) s₀ s₉ := by
   unfold fun_totalSupply_concrete_of_code A_fun_totalSupply
-  sorry
+  aesop_spec
 
 end
 

From bb2c323b70e431b3ab5bd52276f86a8b4261e411 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Thu, 22 Aug 2024 16:17:07 +0200
Subject: [PATCH 03/89] Explicitly match none case

---
 Clear/PrimOps.lean | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Clear/PrimOps.lean b/Clear/PrimOps.lean
index 319934a..12ff0d4 100644
--- a/Clear/PrimOps.lean
+++ b/Clear/PrimOps.lean
@@ -50,12 +50,12 @@ def primCall (s : State) : PrimOp → List Literal → State × List Literal
   | .Sar, [a,b]               => (s, [UInt256.sar a b])
   | .Keccak256, [a,b]         =>
     match s.evm.keccak256 a b with
-    | .some (val, evm') => (s.setEvm evm', [val])
+    | .some a => (s.setEvm a.snd, [a.fst])
     -- This is the hash collision case. It's essentially an unrecoverable
     -- error, and we model it similar to how we model infinite loops, except we
     -- put the error in the EVM instead, so we don't have to bother with it in
     -- the interpreter.
-    | _ => (s.setEvm s.evm.addHashCollision, [0])
+    | .none => (s.setEvm s.evm.addHashCollision, [0])
   | .Address, []              => (s, [s.evm.execution_env.code_owner])
   | .Balance, [a]             => (s, [s.evm.balanceOf a])
   | .Origin, []               => (s, [s.evm.execution_env.sender])
@@ -129,7 +129,7 @@ lemma EVMByte'           : primCall s .Byte [a,b]                    = (s, [UInt
 lemma EVMShl'            : primCall s .Shl [a,b]                     = (s, [Fin.shiftLeft b a]) := rfl
 lemma EVMShr'            : primCall s .Shr [a,b]                     = (s, [Fin.shiftRight b a]) := rfl
 lemma EVMSar'            : primCall s .Sar [a,b]                     = (s, [UInt256.sar a b]) := rfl
-lemma EVMKeccak256'      : primCall s .Keccak256 [a,b]               = match s.evm.keccak256 a b with | .some (val, evm') => (s.setEvm evm', [val]) | _ => (s.setEvm s.evm.addHashCollision, [0]) := rfl
+lemma EVMKeccak256'      : primCall s .Keccak256 [a,b]               = match s.evm.keccak256 a b with | .some a => (s.setEvm a.snd, [a.fst]) | .none => (s.setEvm s.evm.addHashCollision, [0]) := rfl
 lemma EVMAddress'        : primCall s .Address []                    = (s, ([s.evm.execution_env.code_owner] : List Literal)) := rfl
 lemma EVMBalance'        : primCall s .Balance [a]                   = (s, [s.evm.balanceOf a]) := rfl
 lemma EVMOrigin'         : primCall s .Origin []                     = (s, ([s.evm.execution_env.sender] : List Literal)) := rfl

From bef6cf976b7ad1895977856a76453ff39070ef26 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Thu, 22 Aug 2024 16:17:45 +0200
Subject: [PATCH 04/89] Additional Address lemmas

---
 Clear/EVMState.lean | 105 +++++++++++++++++++++++++++++++++++++++++---
 Clear/UInt256.lean  |   6 ++-
 2 files changed, 103 insertions(+), 8 deletions(-)

diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index 96f1092..9fa9075 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -28,19 +28,110 @@ def ByteArray.byteArrayToUInt256 (μ₀ : UInt256) (size : ℕ) (Id : ByteArray)
   let r : (ℕ × UInt256) := Array.foldl step ((size - 1) * 8, 0) arr1
   r.2
 
-
 namespace Clear
 
--- 2^160 https://www.wolframalpha.com/input?i=2%5E160
-def Address.size : Nat := 1461501637330902918203684832716283019655932542976
-
+def Address.size : Nat := 2 ^ 160
 abbrev Address : Type := Fin Address.size
 
 instance : Inhabited Address := ⟨Fin.ofNat 0⟩
+instance : NeZero Address.size := ⟨by decide⟩
+
+namespace Address
+
+def top : ℕ := (⊤ : Address).val
+
+lemma top_def : top = 2 ^ 160 - 1 := by
+  unfold top
+  rw [Fin.top_eq_last]
+  simp
+
+lemma top_def' : top = 1461501637330902918203684832716283019655932542975 := by
+  rw [top_def]; simp
+
+lemma size_def : size = 1461501637330902918203684832716283019655932542976 := by
+  unfold size; simp
+
+def ofNat (n : ℕ) : Address := Fin.ofNat n
+def ofUInt256 (u : UInt256) : Address := Fin.ofNat (u.val % size)
+
+instance {n : Nat} : OfNat Address n := ⟨ofNat n⟩
+instance : NeZero top := ⟨by decide⟩
+
+lemma zero_lt_top  : 0 < top := by decide
+lemma zero_le_top  : 0 ≤ top := le_of_lt zero_lt_top
+
+lemma zero_lt_size : 0 < size := by decide
+lemma zero_le_size : 0 ≤ size := le_of_lt zero_lt_size
+
+lemma one_lt_top  : 1 < top := by decide
+lemma one_le_top  : 1 ≤ top := le_of_lt one_lt_top
+
+lemma one_lt_size : 1 < size := by decide
+lemma one_le_size : 1 ≤ size := le_of_lt one_lt_size
+
+lemma top_eq_pred_size : top = size - 1 := by
+  unfold size top
+  rw [Fin.top_eq_last]
+  simp
+
+lemma top_eq_pred_size_ofUInt256 : top.toUInt256 = size.toUInt256 - 1 := by
+  unfold size top
+  rw [Fin.top_eq_last]
+  simp
+  decide
+
+lemma succ_top_eq_size : top + 1 = size := by
+  rw [top_eq_pred_size, Nat.sub_add_cancel (le_of_lt one_lt_size)]
+
+lemma top_lt_size : top < size := by
+  rw [← succ_top_eq_size]; simp
+
+lemma top_le_size : top ≤ size := le_of_lt top_lt_size
+
+lemma size_lt_UInt256_size : size < UInt256.size := by decide
+lemma size_le_UInt256_size : size ≤ UInt256.size := le_of_lt size_lt_UInt256_size
+
+lemma top_lt_UInt256_size : top < UInt256.size := by decide
+lemma top_le_UInt256_size : top ≤ UInt256.size := le_of_lt top_lt_UInt256_size
+
+lemma ofUInt256_lt_UInt256_size {u : UInt256} : ↑(ofUInt256 u) < UInt256.size := by
+  unfold ofUInt256 Fin.ofNat
+  simp; rw [← size_def]; simp
+  simp_rw [← UInt256.size_def]
+  trans size
+  · exact Nat.mod_lt u (LT.lt.gt zero_lt_size)
+  · exact size_lt_UInt256_size
+
+lemma ofUInt256_eq_mod (u : UInt256) : ↑(ofUInt256 u) = u.val % size := by
+  unfold ofUInt256 Fin.ofNat
+  simp_rw [← top_def', succ_top_eq_size]
+  simp
 
-def Address.ofNat {n : ℕ} : Address := Fin.ofNat n
-def Address.ofUInt256 (v : UInt256) : Address := Fin.ofNat (v.val  % Address.size)
-instance {n : Nat} : OfNat Address n := ⟨Fin.ofNat n⟩
+lemma and_size_eq_ofUInt256 {u : UInt256}
+  : Fin.land u (size.toUInt256 - 1) = ofUInt256 u := by
+  rw [ Fin.natCast_def ]
+  simp_rw [ Nat.mod_eq_of_lt ofUInt256_lt_UInt256_size ]
+
+  rw [← top_eq_pred_size_ofUInt256]
+  unfold Fin.land
+  simp [-UInt256.size]; rw [← UInt256.size_def]
+  -- this ought to be in mathlib...
+  have Nat.land_eq_and (p q : Nat) : p.land q = p &&& q := rfl
+  rw [ Nat.land_eq_and u.val
+     , Nat.mod_eq_of_lt top_lt_UInt256_size
+     , top_def
+     , Nat.and_pow_two_is_mod u.val 160
+     , ← size
+     ]
+  have : u.val % size < UInt256.size := by
+    trans size
+    · apply Nat.mod_lt u.val
+      exact LT.lt.gt zero_lt_size
+    · exact size_lt_UInt256_size
+  simp_rw [Nat.mod_eq_of_lt this]
+  symm; exact ofUInt256_eq_mod u
+
+end Address
 
 instance byteArrayDecEq : DecidableEq ByteArray := λ xs ys => by {
   rcases xs with ⟨ xs1 ⟩ ; rcases ys with ⟨ ys1 ⟩
diff --git a/Clear/UInt256.lean b/Clear/UInt256.lean
index 390a6de..3191eb6 100644
--- a/Clear/UInt256.lean
+++ b/Clear/UInt256.lean
@@ -11,7 +11,7 @@ import Mathlib.Tactic
 
 -- 2^256
 @[simp]
-def UInt256.size : ℕ := 115792089237316195423570985008687907853269984665640564039457584007913129639936
+def UInt256.size : ℕ := 2 ^ 256
 
 instance : NeZero UInt256.size := ⟨by decide⟩
 
@@ -27,6 +27,10 @@ instance : NatCast UInt256 := ⟨Fin.ofNat⟩
 abbrev Nat.toUInt256 : ℕ → UInt256 := Fin.ofNat
 abbrev UInt8.toUInt256 (a : UInt8) : UInt256 := a.toNat.toUInt256
 
+lemma UInt256.size_def
+  : UInt256.size = 115792089237316195423570985008687907853269984665640564039457584007913129639936 := by
+  unfold size; simp
+
 def Bool.toUInt256 (b : Bool) : UInt256 := if b then 1 else 0
 
 @[simp]

From a154fbd934339f54c180687ae7708accbd2f9469 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Mon, 26 Aug 2024 13:32:24 +0200
Subject: [PATCH 05/89] EVM state reasoning lemmas

---
 Clear/State.lean | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/Clear/State.lean b/Clear/State.lean
index 29d23cc..2d709b9 100644
--- a/Clear/State.lean
+++ b/Clear/State.lean
@@ -633,6 +633,43 @@ lemma lookup_initcall_5 (ha : ve ≠ va) (hb : ve ≠ vb) (hc : ve ≠ vc) (hd :
   rw [lookup_insert']
   aesop
 
+@[simp]
+lemma get_evm_of_ok : (Ok evm store).evm = evm
+:= by
+  unfold evm
+  simp
+
+lemma get_evm_of_isOk (h : isOk s) : ∃ evm, s.evm = evm
+:= by
+  let ⟨evm, store, h'⟩ := State_of_isOk h
+  exists evm
+  rw [h']
+  simp
+
+@[simp]
+lemma evm_get_set_of_ok : ((Ok evm store).setEvm evm').evm = evm'
+:= by
+  unfold setEvm evm
+  simp
+
+@[simp]
+lemma evm_get_set_of_isOk (h : isOk s) : (s.setEvm evm').evm = evm'
+:= by
+  unfold setEvm evm
+  rcases s <;> simp <;> try contradiction
+
+@[simp]
+lemma setEvm_insert_comm : s⟦var ↦ val⟧.setEvm evm' = (s.setEvm evm')⟦var ↦ val⟧
+:= by
+  rcases s <;> [(try simp only); aesop_spec; aesop_spec]
+  rfl
+
+-- @[simp]
+lemma insert_setEvm_insert : (s.setEvm evm')⟦var ↦ val⟧ = s⟦var ↦ val⟧.setEvm evm'
+:= by
+  rcases s <;> [(try simp only); aesop_spec; aesop_spec]
+  rfl
+
 end
 
 end State

From e9f9951485c5588bb17cfe6390407f1bf6079e23 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Thu, 22 Aug 2024 16:18:03 +0200
Subject: [PATCH 06/89] Verify helper for accessing dynamic arrays

---
 ...pping_address_uint256_of_address_user.lean | 36 +++++++++++++++++--
 1 file changed, 33 insertions(+), 3 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index d5574bc..9527d18 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -10,13 +10,43 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop := sorry
+def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
+  let s₁ := s₀ 🇪⟦ s₀.evm.mstore 0x00 (Address.ofUInt256 key) ⟧
+  let s₂ := s₁ 🇪⟦ s₁.evm.mstore 0x20 slot ⟧
+  match s₂.evm.keccak256 0x00 0x40 with
+  | some ⟨addr, evm⟩ => s₉ = s₂ 🇪⟦ evm ⟧⟦ dataSlot ↦ addr ⟧
+  | none => s₉.evm.hash_collision = True
+
+-- Helper reifications
+lemma shift_eq_size : Fin.shiftLeft (n := UInt256.size) 1 160 = Address.size := by
+  constructor
+
+lemma EVMAddrSize' {s : State} : (s, [Fin.shiftLeft 1 160]) = (s, [Address.size.toUInt256]) := by
+  simp
+  exact shift_eq_size
 
 lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
   Spec (mapping_index_access_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
   Spec (A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
-  unfold mapping_index_access_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_uint256_of_address
-  sorry
+  unfold mapping_index_access_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_uint256_of_address  
+  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+  apply spec_eq
+  clr_funargs
+
+  rw [ EVMSub', EVMShl', EVMAddrSize' ]; simp
+  rw [ Address.and_size_eq_ofUInt256 ]
+  rw [ multifill_cons, multifill_nil ]
+  simp
+
+  clr_varstore
+
+  generalize prep_def : (mstore evm 0 ↑↑(Address.ofUInt256 key)).mstore 32 slot = state_prep
+
+  cases state_prep.keccak256 0 64
+  · aesop_spec
+  · simp
+    unfold setEvm State.insert
+    aesop_spec
 
 end
 

From 561e7f80ab54d3eb1e71bdc9213157e408477667 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Tue, 10 Sep 2024 12:16:28 +0200
Subject: [PATCH 07/89] [wip] Useful lemmas, mostly regarding memory

---
 Clear/Abstraction.lean                        |   35 +-
 Clear/EVMState.lean                           | 1536 ++++++++++++++++-
 Clear/State.lean                              |    4 +
 Clear/UInt256.lean                            |   21 +-
 Clear/Utilities.lean                          |   19 +
 Clear/Wheels.lean                             |   10 +
 Generated/erc20shim/ERC20Shim/Predicate.lean  |   67 +
 Generated/erc20shim/ERC20Shim/Variables.lean  |   12 +
 .../ERC20Shim/fun_balanceOf_user.lean         |   39 +-
 .../ERC20Shim/fun_totalSupply_user.lean       |   15 +-
 ...pping_address_uint256_of_address_user.lean |  139 +-
 11 files changed, 1850 insertions(+), 47 deletions(-)
 create mode 100644 Generated/erc20shim/ERC20Shim/Predicate.lean

diff --git a/Clear/Abstraction.lean b/Clear/Abstraction.lean
index d7111c7..5ed24cb 100644
--- a/Clear/Abstraction.lean
+++ b/Clear/Abstraction.lean
@@ -3,6 +3,7 @@ import Clear.ExecLemmas
 import Clear.OutOfFuelLemmas
 import Clear.JumpLemmas
 import Clear.YulNotation
+import Clear.Wheels
 
 namespace Clear.Abstraction
 
@@ -18,7 +19,7 @@ variable {s s₀ s₁ sEnd : State}
 
 -- | General form for relational specs (concrete and abstract).
 @[aesop safe 0 unfold (rule_sets := [Clear.aesop_spec])]
-def Spec (R : State → State → Prop) (s₀ s₁ : State) : Prop :=
+def Spec (R : State → State → Prop) (s₀ s₁ : State) :=
   match s₀ with
     | OutOfFuel => ❓ s₁
     | Checkpoint c => s₁.isJump c
@@ -31,6 +32,30 @@ lemma Spec_ok_unfold {P : State → State → Prop} :
     unfold Spec
     aesop
 
+-- | Specs that are somewhat pure
+@[aesop safe 0 unfold (rule_sets := [Clear.aesop_spec])]
+def PureSpec (R : State → State → Prop) : State → State → Prop :=
+  Spec (R ∩ (preserved on evm))
+
+lemma PureSpec_ok_unfold {P : State → State → Prop} :
+  ∀ {s s' : State}, s.isOk → ¬ ❓ s' → PureSpec P s s' → (P ∩ (preserved on evm)) s s' := by
+    intros s s' h h'
+    unfold PureSpec Spec
+    aesop
+
+-- | Specs for code that might result in hash collision
+@[aesop safe 0 unfold (rule_sets := [Clear.aesop_spec])]
+def CollidingSpec (R : State → State → Prop) (s₀ s₁ : State) : Prop :=
+  if s₀.evm.hash_collision
+  then ❓ s₁
+  else ¬ s₁.evm.hash_collision → Spec R s₀ s₁
+
+lemma CollidingSpec_ok_unfold {P : State → State → Prop} :
+  ∀ {s s' : State}, s.isOk → ¬ ❓ s' → ¬ s'.evm.hash_collision → CollidingSpec P s s' → P s s' := by
+    intros s s' h h' h''
+    unfold CollidingSpec Spec
+    aesop
+
 open Lean Elab Tactic in
 elab "clr_spec" "at" h:ident : tactic => do
   evalTactic <| ← `(tactic| (
@@ -46,6 +71,12 @@ lemma not_isOutOfFuel_Spec (spec : Spec R s₀ s₁) (h : ¬ isOutOfFuel s₁) :
   intros hs₀
   aesop_spec
 
+-- | No hash collision  propagates backwards through specs.
+-- lemma not_hashCollision_Spec
+--   (spec : CollidingSpec R s₀ s₁) (h : ¬ s₁.evm.hasHashCollision) : ¬ s₀.evm.hasHashCollision := by
+--   intros hs₀
+--   aesop_spec
+
 -- ============================================================================
 --  TACTICS
 -- ============================================================================
@@ -151,7 +182,7 @@ elab "clr_funargs" "at" h:ident : tactic => do
     simp only [multifill_cons, multifill_nil', isOk_insert, isOk_Ok, isOutOfFuel_Ok,
       not_false_eq_true, imp_false, Ok.injEq, and_imp, forall_apply_eq_imp_iff₂,
       forall_apply_eq_imp_iff] at $h:ident
-    repeat (rw [←State.insert] at $h:ident)    
+    repeat (rw [←State.insert] at $h:ident)
   ))
 
 end Clear
diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index 9fa9075..b02170d 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -1,8 +1,16 @@
 import Mathlib.Data.Finmap
 import Mathlib.Data.Fin.Basic
+import Mathlib.Data.List.Intervals
 import Clear.Ast
 import Clear.Instr
 import Clear.UInt256
+import Clear.Wheels
+
+set_option linter.setOption false
+set_option pp.coercions false
+
+set_option maxHeartbeats 700000
+set_option maxRecDepth 800
 
 open Clear Instr UInt256
 
@@ -160,8 +168,10 @@ def Account.updateStorage (act : Account) (k v : UInt256) : Account :=
 
 -- definition of the machine state
 
+abbrev Memory := Finmap (λ _ : UInt256 ↦ UInt8)
+
 structure MachineState : Type where
-  memory        : Finmap (λ _ : UInt256 => UInt8)
+  memory        : Memory
   max_address   : UInt256
   gas_available : UInt256
   return_data   : List UInt256
@@ -171,21 +181,172 @@ instance : Inhabited MachineState := ⟨ MachineState.mk ∅ 0 0 [] ⟩
 
 -- @langfield: Nit, but definitions should be camelCase.
 
-def UInt256.offsets : List UInt256 :=
+def UInt256.offsets : List ℕ :=
   [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,
   17,18,19,20,21,22,23,24,25,26,27,28,29,30,31]
 
+lemma UInt256.offsets_def : offsets = List.range 32 := by
+  repeat rw [ List.range_succ_eq_map ]
+  unfold offsets
+  simp
+
+lemma max_of_offsets_lt_32 : offsets.maximum < 32 := by decide
+lemma min_of_offsets_eq_0 : offsets.minimum = 0 := by decide
+
+lemma mem_offsets : ∀ {n}, n ∈ offsets ↔ n < 32 := by
+  intro n
+  rw [offsets_def]
+  simp
+
+@[simp]
+lemma mem_offsets_of_lt_32 : ∀ {n}, n < 32 → n ∈ offsets :=
+  mem_offsets.mpr
+
+lemma lt_32_of_mem_offsets : ∀ {n}, n ∈ offsets → n < 32 :=
+  mem_offsets.mp
+
+-- List.Ico not yet in mathlib
+lemma UInt256.offsets_eq_Ico : offsets = List.Ico 0 32 := by
+  unfold List.Ico
+  rw [ List.range'_eq_map_range, offsets_def ]
+  simp
+
+-- lemma UInt256.offsets_at_addr :
+--   ∀ (addr : UInt256),
+--   offsets.map (addr + ↑·) = List.Ico addr.val (addr.val + 32) := by
+--   intro addr
+--   rw [offsets_eq_Ico, List.Ico.map_add 0 32 addr, zero_add, add_comm]
+
+lemma UInt256.mem_offsets_iff_mem_Ico : ∀ {n}, n ∈ offsets ↔ n ∈ Set.Ico 0 32 := by
+  intro n
+  apply Iff.intro
+  · intro mem
+    simp
+    exact mem_offsets.mp mem
+  · intro mem
+    simp at mem
+    exact mem_offsets.mpr mem
+
+lemma UInt256.offsetted_addresses (addr : UInt256) : ∀ {n},
+  (h : n ∈ offsets) → addr + ↑n ∈ offsets.map (addr + ↑·) := by
+  intro n h
+  exact List.mem_map_of_mem (addr + ↑·) h
+
+-- lemma UInt256.word_addresses (addr : UInt256) :
+--   Set.MapsTo (addr + ↑·) (Set.Ico 0 32) (Set.Ico addr (addr + 32)) := by
+--   have : (addr + ↑·) '' (Set.Ico 0 32) = Set.Ico addr (addr + 32) := by
+--     dsimp [Set.image]
+--     conv => rhs; rw [← Set.Ico_def]
+
+--     sorry
+
+--   rw [← this]
+--   exact Set.mapsTo_image (addr + ↑·) (Set.Ico 0 32)
+
+
+-- lemma UInt256.same_address_of_offsetted_addresses (addr addr': UInt256) {n} :
+--   (h : n ∈ offsets) →
+--   addr' + ↑n ∈ offsets.map (addr + ↑·) →
+--   addr' = addr := by
+--   intro h mem
+--   simp at mem
+--   sorry
+
+-- lemma UInt256.addresses_of (addr : UInt256) {a} :
+--   a ∈ offsets.map (addr + ↑·) ↔ a ∈ Set.Ico addr (addr + 32) := by
+--   sorry
+
+namespace UInt256
+
+def range' (start : UInt256) (len : ℕ) (step : UInt256 := 1) : List UInt256 :=
+  match start, len with
+  | _, 0 => []
+  | s, n + 1 => s :: range' (s + step) n step
+
+@[simp]
+lemma range'_zero {s step : UInt256} : range' s 0 step = [] := by
+  unfold range'
+  rfl
+
+@[simp]
+lemma range'_one {s step : UInt256} : range' s 1 step = [s] := by
+  unfold range'
+  simp
+
+lemma range'_succ (start : UInt256) (len : ℕ) (step : UInt256) :
+  range' start (len + 1) step =
+    start :: range' (start + step) len step := by
+  conv =>
+    lhs
+    unfold range'
+    simp
+
+-- lemma range'_succ' (start : UInt256) (len : ℕ) (step : UInt256) (k : ℕ) [NeZero k] :
+--   range' start (len + k) step =
+--     start :: range' (start + step) (len + k - 1) step := by
+--   admit
+
+lemma map_add_range' (a) : ∀ s n step,
+  List.map (a + ·) (range' s n step) =
+    range' (a + s) n step
+  | _, 0, _ => by simp
+  | s, n+1, step => by
+    unfold range'
+    simp [map_add_range', add_assoc]
+
+def offsets_at (addr : UInt256) : List UInt256 :=
+  range' addr 32 1
+
+def words_at (addr : UInt256) (n : ℕ) : List UInt256 :=
+  range' addr n 32
+
+end UInt256
+
+lemma splice_toBytes! (v : UInt256) : toBytes! v =
+  [ (toBytes! v)[0],   (toBytes! v)[1],   (toBytes! v)[2],   (toBytes! v)[3]
+  , (toBytes! v)[4],   (toBytes! v)[5],   (toBytes! v)[6],   (toBytes! v)[7]
+  , (toBytes! v)[8],   (toBytes! v)[9],   (toBytes! v)[10],  (toBytes! v)[11]
+  , (toBytes! v)[12],  (toBytes! v)[13],  (toBytes! v)[14],  (toBytes! v)[15]
+  , (toBytes! v)[16],  (toBytes! v)[17],  (toBytes! v)[18],  (toBytes! v)[19]
+  , (toBytes! v)[20],  (toBytes! v)[21],  (toBytes! v)[22],  (toBytes! v)[23]
+  , (toBytes! v)[24],  (toBytes! v)[25],  (toBytes! v)[26],  (toBytes! v)[27]
+  , (toBytes! v)[28],  (toBytes! v)[29],  (toBytes! v)[30],  (toBytes! v)[31]
+  ] := by
+  apply List.ext_get
+  · simp
+  · intro n h₁ h₂
+    simp at h₂
+    have h_offset := mem_offsets_of_lt_32 h₂
+    fin_cases h_offset
+    all_goals aesop
+
+abbrev Entry := UInt256 × UInt8
+
+@[simp]
+def memInsert (entry : Entry) (mem : Memory) : Memory :=
+  Function.uncurry mem.insert entry
+
+@[simp]
+def mkEntries (addr data : UInt256) : List Entry :=
+  let addrs := offsets.map (addr + ↑·)
+  addrs.zip (UInt256.toBytes! data)
+
+def Memory.maxWords := 3618502788666131106986593281521497120414687020801267626233049500247285301247
+
+def Memory.maxWords_def : Memory.maxWords = (⊤ : UInt256) / 32 := by
+  rw [maxWords, Fin.top_eq_last]
+  simp
+
 def MachineState.updateMemory (m : MachineState) (addr v : UInt256) : MachineState :=
-  {m with memory := let offsets := List.range 32
-                    let addrs   := offsets.map (·+addr)
-                    let inserts := addrs.zipWith Finmap.insert (UInt256.toBytes! v)
-                    inserts.foldl (init := m.memory) (flip id)
+  {m with memory := List.foldr (init := m.memory) memInsert <| mkEntries addr v
           max_address := max addr m.max_address }
 
-lemma cheeky_proof {a b : Int} : (if a > b then a else b) = max a b := by rw [max_comm, max_def_lt]
+def Memory.lookupByte (m : Memory) (addr : UInt256) : UInt8 :=
+  (m.lookup addr).get!
 
-def MachineState.lookupMemory (m : MachineState) (addr : UInt256) : UInt256 :=
-  UInt256.fromBytes! (List.map (fun i => (m.memory.lookup (addr + i)).get!) UInt256.offsets)
+def Memory.lookupWord (m : Memory) (addr : UInt256) : UInt256 :=
+--  UInt256.fromBytes! (offsets.map λ i ↦ (m.memory.lookup (addr + i)).get!)
+  UInt256.fromBytes! $ offsets.map $ m.lookupByte ∘ (addr + ↑·)
 
 def MachineState.setReturnData (m : MachineState) (r : List UInt256) : MachineState :=
   {m with return_data := r}
@@ -193,7 +354,6 @@ def MachineState.setReturnData (m : MachineState) (r : List UInt256) : MachineSt
 def MachineState.msize (m : MachineState) : UInt256 :=
   m.max_address
 
-
 -- definition of the blocks
 
 structure BlockHeader : Type where
@@ -254,6 +414,11 @@ instance : Inhabited EVMState :=
 
 abbrev EVM := EVMState
 
+def preserved : EVMState → EVMState → Prop :=
+  (Eq on EVMState.account_map) ∩
+  (Eq on EVMState.hash_collision) ∩
+  (Eq on EVMState.execution_env)
+
 -- functions for querying balance
 
 namespace EVMState
@@ -263,7 +428,12 @@ section
 open Array ByteArray
 
 -- | Add an error to the EVMState indicating that we hit a hash collision in `keccak256`.
-def addHashCollision (σ : EVMState) : EVMState := { σ with hash_collision := True }
+def addHashCollision (σ : EVMState) : EVMState := { σ with hash_collision := true }
+
+-- def hasHashCollision (σ : EVMState) : Prop := σ.hash_collision = true
+
+-- instance : DecidablePred hasHashCollision := λ σ ↦
+--   decidable_of_bool σ.hash_collision (by unfold hasHashCollision; simp)
 
 def lookupAccount (σ : EVMState) (addr : Address) : Option Account :=
   σ.account_map.lookup addr
@@ -293,14 +463,20 @@ def calldatacopy (σ : EVMState) (mstart datastart s : UInt256) : EVMState :=
   let r := arr.foldl (λ (sa , j) i => (EVMState.updateMemory sa j i.val, j + 1)) (σ , mstart)
   r.1
 
-def mkInterval (ms : MachineState) (p n : UInt256) : List UInt256 :=
-  let i : ℕ := p.val
-  let f : ℕ := n.val
-  let m     := (List.range' i f).map Fin.ofNat
-  m.map ms.lookupMemory
+def mkInterval (ms : Memory) (p : UInt256) (n : ℕ) : List UInt256 :=
+  (words_at p n).map ms.lookupWord
+
+def mkInterval' (ms : Memory) (start last : UInt256) : List UInt8 :=
+  List.map ms.lookupByte <| range' start (last - start)
+
+lemma interval'_eq_interval {ms} {start last} (d : ℕ) :
+  (d_ne_zero : d ≠ 0) → (div : (d * 32) * Fin.div (last - start) (Nat.toUInt256 d * 32) = last - start) →
+  List.map (Nat.toUInt256 ∘ fromBytes!) (List.toChunks 32 (mkInterval' ms start last)) =
+    mkInterval ms start d := by
+  sorry
 
 def keccak256 (σ : EVMState) (p n : UInt256) : Option (UInt256 × EVMState) :=
-  let interval : List UInt256 := mkInterval σ.machine_state p n
+  let interval : List UInt256 := List.map (Nat.toUInt256 ∘ fromBytes!) (List.toChunks 32 (mkInterval' σ.machine_state.memory p n))
   match Finmap.lookup interval σ.keccak_map with
   | .some val => .some (val, σ)
   | .none     =>
@@ -381,7 +557,7 @@ def selfbalance (σ : EVMState) : UInt256 :=
 -- memory and storage operations
 
 def mload (σ : EVMState) (spos : UInt256) : UInt256 :=
-  σ.machine_state.lookupMemory spos
+  σ.machine_state.memory.lookupWord spos
 
 def mstore (σ : EVMState) (spos sval : UInt256) : EVMState :=
   σ.updateMemory spos sval
@@ -432,4 +608,1328 @@ def evm_revert (σ : EVMState) (mstart s : UInt256) : EVMState :=
 
 end
 
+section Memory
+
+variable {addr addr' : UInt256}
+variable {ms : MachineState}
+variable {val val' : UInt256}
+variable {entry : Entry}
+variable {es es' : List Entry}
+
+@[simp]
+lemma frontflip : (λ b a ↦ memInsert a b) = flip memInsert := by
+  unfold flip
+  ext
+  simp
+
+@[simp]
+lemma backflip : (λ b a ↦ flip memInsert a b) = memInsert := by
+  unfold flip
+  ext
+  simp
+
+lemma foldr_mem_nil {init : Memory} :
+  List.foldr memInsert (List.foldr memInsert init []) [] = init := by
+  simp
+
+lemma memInsert_memInsert {m : Memory} {a b : UInt8} :
+  memInsert ⟨addr, a⟩ (memInsert ⟨addr, b⟩ m) =
+    memInsert ⟨addr, a⟩ m := by
+  simp
+
+lemma memInsert_memInsert_of_ne {m : Memory} {a b : UInt8} :
+  (h : addr' ≠ addr) →
+  memInsert ⟨addr, a⟩ (memInsert ⟨addr', b⟩ m) =
+    memInsert ⟨addr', b⟩ (memInsert ⟨addr, a⟩ m) := by
+  intro h
+  simp
+  exact Finmap.insert_insert_of_ne m h
+
+lemma foldr_memInsert_reverse {init : Memory} :
+  List.foldr memInsert init (mkEntries addr val) =
+    List.foldr memInsert init (mkEntries addr val).reverse := by
+  simp only [mkEntries]
+  rw [ splice_toBytes! val ]
+  unfold offsets
+
+  simp only [List.map, List.zip, List.zipWith, List.reverse, List.reverseAux]
+  simp only [Nat.cast_ofNat, Nat.cast_one, Nat.cast_zero]
+  rw [List.foldr_cons]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[1]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[2]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[2]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[3]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[3]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[3]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[4]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[4]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[4]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[4]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[5]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[5]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[5]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[5]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[5]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[6]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[6]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[6]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[6]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[6]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[6]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[7]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[7]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[7]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[7]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[7]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[7]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[7]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[8]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[8]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[8]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[8]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[8]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[8]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[8]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[8]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[9]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[9]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[9]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[9]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[9]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[9]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[9]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[9]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[9]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[10]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[10]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[10]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[10]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[10]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[10]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[10]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[10]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[10]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[10]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[11]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[11]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[11]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[11]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[11]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[11]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[11]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[11]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[11]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[11]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[11]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[12]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[12]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[12]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[12]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[12]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[12]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[12]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[12]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[12]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[12]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[12]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[12]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[13]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[13]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[13]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[13]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[13]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[13]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[13]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[13]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[13]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[13]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[13]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[13]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[13]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[14]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[14]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[14]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[14]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[14]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[14]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[14]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[14]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[14]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[14]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[14]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[14]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[14]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[14]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[15]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[15]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[15]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[15]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[15]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[15]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[15]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[15]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[15]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[15]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[15]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[15]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[15]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[15]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[15]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[16]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[17]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[18]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[19]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[20]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[21]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[22]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[23]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[24]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[25]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[26]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[27]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[28]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[29]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[30]) (by simp)
+     ]
+  rw [ List.foldr_cons
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     , memInsert_memInsert_of_ne (b := (toBytes! val)[31]) (by simp)
+     ]
+  rw [ ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     , ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     , ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     , ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     , ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     , ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     , ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     , ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     , ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     , ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     , ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     , ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     , ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     , ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     , ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     , ← List.foldr_cons (f := memInsert), ← List.foldr_cons (f := memInsert)
+     ]
+
+lemma foldl_memInsert_reverse {init : Memory} :
+  List.foldl (flip memInsert) init (mkEntries addr val) =
+    List.foldl (flip memInsert) init (mkEntries addr val).reverse := by
+  rw [ List.foldl_reverse, backflip, foldr_memInsert_reverse, List.foldr_reverse, frontflip]
+
+lemma foldr_memInsert_eq_foldl_memInsert {init : Memory} :
+  List.foldr memInsert init (mkEntries addr val) =
+    List.foldl (flip memInsert) init (mkEntries addr val) := by
+  rw [ foldr_memInsert_reverse, List.foldr_reverse, frontflip]
+
+end Memory
+
+section MachineState
+
+variable {addr addr' : UInt256}
+variable {ms : MachineState}
+variable {val val' : UInt256}
+variable {entry : Entry}
+variable {es es' : List Entry}
+
+lemma update_update :
+  (ms.updateMemory addr val).updateMemory addr val' = ms.updateMemory addr val' := by
+  unfold MachineState.updateMemory
+  simp
+
+  rw [ ← mkEntries, ← mkEntries ]
+  rw [ foldr_memInsert_eq_foldl_memInsert ]
+
+  conv => rhs; rw [ foldr_memInsert_eq_foldl_memInsert, foldl_memInsert_reverse ]
+  rw [ mkEntries, mkEntries ]
+
+  rw [ splice_toBytes! val, splice_toBytes! val' ]
+  unfold offsets
+
+  unfold flip
+  simp only [List.map, List.zip, List.zipWith]
+  simp only [Nat.cast_ofNat, Nat.cast_one, Nat.cast_zero]
+
+  rw [ List.foldr_cons, List.foldl_cons, memInsert_memInsert]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 2) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 3) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 3) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 4) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 4) (by simp), memInsert_memInsert_of_ne (addr := addr + 4) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 5) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 5) (by simp), memInsert_memInsert_of_ne (addr := addr + 5) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 5) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 6) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 6) (by simp), memInsert_memInsert_of_ne (addr := addr + 6) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 6) (by simp), memInsert_memInsert_of_ne (addr := addr + 6) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 7) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 7) (by simp), memInsert_memInsert_of_ne (addr := addr + 7) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 7) (by simp), memInsert_memInsert_of_ne (addr := addr + 7) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 7) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 8) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 8) (by simp), memInsert_memInsert_of_ne (addr := addr + 8) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 8) (by simp), memInsert_memInsert_of_ne (addr := addr + 8) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 8) (by simp), memInsert_memInsert_of_ne (addr := addr + 8) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 9) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 9) (by simp), memInsert_memInsert_of_ne (addr := addr + 9) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 9) (by simp), memInsert_memInsert_of_ne (addr := addr + 9) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 9) (by simp), memInsert_memInsert_of_ne (addr := addr + 9) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 9) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 10) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 10) (by simp), memInsert_memInsert_of_ne (addr := addr + 10) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 10) (by simp), memInsert_memInsert_of_ne (addr := addr + 10) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 10) (by simp), memInsert_memInsert_of_ne (addr := addr + 10) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 10) (by simp), memInsert_memInsert_of_ne (addr := addr + 10) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 11) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 11) (by simp), memInsert_memInsert_of_ne (addr := addr + 11) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 11) (by simp), memInsert_memInsert_of_ne (addr := addr + 11) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 11) (by simp), memInsert_memInsert_of_ne (addr := addr + 11) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 11) (by simp), memInsert_memInsert_of_ne (addr := addr + 11) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 11) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 12) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 12) (by simp), memInsert_memInsert_of_ne (addr := addr + 12) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 12) (by simp), memInsert_memInsert_of_ne (addr := addr + 12) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 12) (by simp), memInsert_memInsert_of_ne (addr := addr + 12) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 12) (by simp), memInsert_memInsert_of_ne (addr := addr + 12) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 12) (by simp), memInsert_memInsert_of_ne (addr := addr + 12) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 13) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 13) (by simp), memInsert_memInsert_of_ne (addr := addr + 13) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 13) (by simp), memInsert_memInsert_of_ne (addr := addr + 13) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 13) (by simp), memInsert_memInsert_of_ne (addr := addr + 13) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 13) (by simp), memInsert_memInsert_of_ne (addr := addr + 13) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 13) (by simp), memInsert_memInsert_of_ne (addr := addr + 13) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 13) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 14) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 14) (by simp), memInsert_memInsert_of_ne (addr := addr + 14) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 14) (by simp), memInsert_memInsert_of_ne (addr := addr + 14) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 14) (by simp), memInsert_memInsert_of_ne (addr := addr + 14) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 14) (by simp), memInsert_memInsert_of_ne (addr := addr + 14) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 14) (by simp), memInsert_memInsert_of_ne (addr := addr + 14) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 14) (by simp), memInsert_memInsert_of_ne (addr := addr + 14) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 15) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 15) (by simp), memInsert_memInsert_of_ne (addr := addr + 15) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 15) (by simp), memInsert_memInsert_of_ne (addr := addr + 15) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 15) (by simp), memInsert_memInsert_of_ne (addr := addr + 15) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 15) (by simp), memInsert_memInsert_of_ne (addr := addr + 15) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 15) (by simp), memInsert_memInsert_of_ne (addr := addr + 15) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 15) (by simp), memInsert_memInsert_of_ne (addr := addr + 15) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 15) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 16) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 16) (by simp), memInsert_memInsert_of_ne (addr := addr + 16) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 16) (by simp), memInsert_memInsert_of_ne (addr := addr + 16) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 16) (by simp), memInsert_memInsert_of_ne (addr := addr + 16) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 16) (by simp), memInsert_memInsert_of_ne (addr := addr + 16) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 16) (by simp), memInsert_memInsert_of_ne (addr := addr + 16) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 16) (by simp), memInsert_memInsert_of_ne (addr := addr + 16) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 16) (by simp), memInsert_memInsert_of_ne (addr := addr + 16) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 17) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 17) (by simp), memInsert_memInsert_of_ne (addr := addr + 17) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 17) (by simp), memInsert_memInsert_of_ne (addr := addr + 17) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 17) (by simp), memInsert_memInsert_of_ne (addr := addr + 17) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 17) (by simp), memInsert_memInsert_of_ne (addr := addr + 17) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 17) (by simp), memInsert_memInsert_of_ne (addr := addr + 17) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 17) (by simp), memInsert_memInsert_of_ne (addr := addr + 17) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 17) (by simp), memInsert_memInsert_of_ne (addr := addr + 17) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 17) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 18) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 18) (by simp), memInsert_memInsert_of_ne (addr := addr + 18) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 18) (by simp), memInsert_memInsert_of_ne (addr := addr + 18) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 18) (by simp), memInsert_memInsert_of_ne (addr := addr + 18) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 18) (by simp), memInsert_memInsert_of_ne (addr := addr + 18) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 18) (by simp), memInsert_memInsert_of_ne (addr := addr + 18) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 18) (by simp), memInsert_memInsert_of_ne (addr := addr + 18) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 18) (by simp), memInsert_memInsert_of_ne (addr := addr + 18) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 18) (by simp), memInsert_memInsert_of_ne (addr := addr + 18) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 19) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 19) (by simp), memInsert_memInsert_of_ne (addr := addr + 19) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 19) (by simp), memInsert_memInsert_of_ne (addr := addr + 19) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 19) (by simp), memInsert_memInsert_of_ne (addr := addr + 19) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 19) (by simp), memInsert_memInsert_of_ne (addr := addr + 19) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 19) (by simp), memInsert_memInsert_of_ne (addr := addr + 19) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 19) (by simp), memInsert_memInsert_of_ne (addr := addr + 19) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 19) (by simp), memInsert_memInsert_of_ne (addr := addr + 19) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 19) (by simp), memInsert_memInsert_of_ne (addr := addr + 19) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 19) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 20) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 20) (by simp), memInsert_memInsert_of_ne (addr := addr + 20) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 20) (by simp), memInsert_memInsert_of_ne (addr := addr + 20) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 20) (by simp), memInsert_memInsert_of_ne (addr := addr + 20) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 20) (by simp), memInsert_memInsert_of_ne (addr := addr + 20) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 20) (by simp), memInsert_memInsert_of_ne (addr := addr + 20) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 20) (by simp), memInsert_memInsert_of_ne (addr := addr + 20) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 20) (by simp), memInsert_memInsert_of_ne (addr := addr + 20) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 20) (by simp), memInsert_memInsert_of_ne (addr := addr + 20) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 20) (by simp), memInsert_memInsert_of_ne (addr := addr + 20) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 21) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 21) (by simp), memInsert_memInsert_of_ne (addr := addr + 21) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 21) (by simp), memInsert_memInsert_of_ne (addr := addr + 21) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 21) (by simp), memInsert_memInsert_of_ne (addr := addr + 21) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 21) (by simp), memInsert_memInsert_of_ne (addr := addr + 21) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 21) (by simp), memInsert_memInsert_of_ne (addr := addr + 21) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 21) (by simp), memInsert_memInsert_of_ne (addr := addr + 21) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 21) (by simp), memInsert_memInsert_of_ne (addr := addr + 21) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 21) (by simp), memInsert_memInsert_of_ne (addr := addr + 21) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 21) (by simp), memInsert_memInsert_of_ne (addr := addr + 21) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 21) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 22) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 22) (by simp), memInsert_memInsert_of_ne (addr := addr + 22) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 22) (by simp), memInsert_memInsert_of_ne (addr := addr + 22) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 22) (by simp), memInsert_memInsert_of_ne (addr := addr + 22) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 22) (by simp), memInsert_memInsert_of_ne (addr := addr + 22) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 22) (by simp), memInsert_memInsert_of_ne (addr := addr + 22) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 22) (by simp), memInsert_memInsert_of_ne (addr := addr + 22) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 22) (by simp), memInsert_memInsert_of_ne (addr := addr + 22) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 22) (by simp), memInsert_memInsert_of_ne (addr := addr + 22) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 22) (by simp), memInsert_memInsert_of_ne (addr := addr + 22) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 22) (by simp), memInsert_memInsert_of_ne (addr := addr + 22) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 23) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 23) (by simp), memInsert_memInsert_of_ne (addr := addr + 23) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 23) (by simp), memInsert_memInsert_of_ne (addr := addr + 23) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 23) (by simp), memInsert_memInsert_of_ne (addr := addr + 23) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 23) (by simp), memInsert_memInsert_of_ne (addr := addr + 23) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 23) (by simp), memInsert_memInsert_of_ne (addr := addr + 23) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 23) (by simp), memInsert_memInsert_of_ne (addr := addr + 23) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 23) (by simp), memInsert_memInsert_of_ne (addr := addr + 23) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 23) (by simp), memInsert_memInsert_of_ne (addr := addr + 23) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 23) (by simp), memInsert_memInsert_of_ne (addr := addr + 23) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 23) (by simp), memInsert_memInsert_of_ne (addr := addr + 23) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 23) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 24) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 24) (by simp), memInsert_memInsert_of_ne (addr := addr + 24) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 24) (by simp), memInsert_memInsert_of_ne (addr := addr + 24) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 24) (by simp), memInsert_memInsert_of_ne (addr := addr + 24) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 24) (by simp), memInsert_memInsert_of_ne (addr := addr + 24) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 24) (by simp), memInsert_memInsert_of_ne (addr := addr + 24) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 24) (by simp), memInsert_memInsert_of_ne (addr := addr + 24) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 24) (by simp), memInsert_memInsert_of_ne (addr := addr + 24) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 24) (by simp), memInsert_memInsert_of_ne (addr := addr + 24) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 24) (by simp), memInsert_memInsert_of_ne (addr := addr + 24) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 24) (by simp), memInsert_memInsert_of_ne (addr := addr + 24) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 24) (by simp), memInsert_memInsert_of_ne (addr := addr + 24) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 25) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 25) (by simp), memInsert_memInsert_of_ne (addr := addr + 25) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 25) (by simp), memInsert_memInsert_of_ne (addr := addr + 25) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 25) (by simp), memInsert_memInsert_of_ne (addr := addr + 25) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 25) (by simp), memInsert_memInsert_of_ne (addr := addr + 25) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 25) (by simp), memInsert_memInsert_of_ne (addr := addr + 25) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 25) (by simp), memInsert_memInsert_of_ne (addr := addr + 25) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 25) (by simp), memInsert_memInsert_of_ne (addr := addr + 25) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 25) (by simp), memInsert_memInsert_of_ne (addr := addr + 25) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 25) (by simp), memInsert_memInsert_of_ne (addr := addr + 25) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 25) (by simp), memInsert_memInsert_of_ne (addr := addr + 25) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 25) (by simp), memInsert_memInsert_of_ne (addr := addr + 25) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 25) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 26) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 26) (by simp), memInsert_memInsert_of_ne (addr := addr + 26) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 26) (by simp), memInsert_memInsert_of_ne (addr := addr + 26) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 26) (by simp), memInsert_memInsert_of_ne (addr := addr + 26) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 26) (by simp), memInsert_memInsert_of_ne (addr := addr + 26) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 26) (by simp), memInsert_memInsert_of_ne (addr := addr + 26) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 26) (by simp), memInsert_memInsert_of_ne (addr := addr + 26) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 26) (by simp), memInsert_memInsert_of_ne (addr := addr + 26) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 26) (by simp), memInsert_memInsert_of_ne (addr := addr + 26) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 26) (by simp), memInsert_memInsert_of_ne (addr := addr + 26) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 26) (by simp), memInsert_memInsert_of_ne (addr := addr + 26) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 26) (by simp), memInsert_memInsert_of_ne (addr := addr + 26) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 26) (by simp), memInsert_memInsert_of_ne (addr := addr + 26) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 27) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 27) (by simp), memInsert_memInsert_of_ne (addr := addr + 27) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 27) (by simp), memInsert_memInsert_of_ne (addr := addr + 27) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 27) (by simp), memInsert_memInsert_of_ne (addr := addr + 27) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 27) (by simp), memInsert_memInsert_of_ne (addr := addr + 27) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 27) (by simp), memInsert_memInsert_of_ne (addr := addr + 27) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 27) (by simp), memInsert_memInsert_of_ne (addr := addr + 27) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 27) (by simp), memInsert_memInsert_of_ne (addr := addr + 27) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 27) (by simp), memInsert_memInsert_of_ne (addr := addr + 27) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 27) (by simp), memInsert_memInsert_of_ne (addr := addr + 27) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 27) (by simp), memInsert_memInsert_of_ne (addr := addr + 27) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 27) (by simp), memInsert_memInsert_of_ne (addr := addr + 27) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 27) (by simp), memInsert_memInsert_of_ne (addr := addr + 27) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 27) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 28) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 28) (by simp), memInsert_memInsert_of_ne (addr := addr + 28) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 28) (by simp), memInsert_memInsert_of_ne (addr := addr + 28) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 28) (by simp), memInsert_memInsert_of_ne (addr := addr + 28) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 28) (by simp), memInsert_memInsert_of_ne (addr := addr + 28) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 28) (by simp), memInsert_memInsert_of_ne (addr := addr + 28) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 28) (by simp), memInsert_memInsert_of_ne (addr := addr + 28) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 28) (by simp), memInsert_memInsert_of_ne (addr := addr + 28) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 28) (by simp), memInsert_memInsert_of_ne (addr := addr + 28) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 28) (by simp), memInsert_memInsert_of_ne (addr := addr + 28) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 28) (by simp), memInsert_memInsert_of_ne (addr := addr + 28) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 28) (by simp), memInsert_memInsert_of_ne (addr := addr + 28) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 28) (by simp), memInsert_memInsert_of_ne (addr := addr + 28) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 28) (by simp), memInsert_memInsert_of_ne (addr := addr + 28) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 29) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 29) (by simp), memInsert_memInsert_of_ne (addr := addr + 29) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 29) (by simp), memInsert_memInsert_of_ne (addr := addr + 29) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 29) (by simp), memInsert_memInsert_of_ne (addr := addr + 29) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 29) (by simp), memInsert_memInsert_of_ne (addr := addr + 29) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 29) (by simp), memInsert_memInsert_of_ne (addr := addr + 29) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 29) (by simp), memInsert_memInsert_of_ne (addr := addr + 29) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 29) (by simp), memInsert_memInsert_of_ne (addr := addr + 29) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 29) (by simp), memInsert_memInsert_of_ne (addr := addr + 29) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 29) (by simp), memInsert_memInsert_of_ne (addr := addr + 29) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 29) (by simp), memInsert_memInsert_of_ne (addr := addr + 29) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 29) (by simp), memInsert_memInsert_of_ne (addr := addr + 29) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 29) (by simp), memInsert_memInsert_of_ne (addr := addr + 29) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 29) (by simp), memInsert_memInsert_of_ne (addr := addr + 29) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 29) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 30) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 30) (by simp), memInsert_memInsert_of_ne (addr := addr + 30) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 30) (by simp), memInsert_memInsert_of_ne (addr := addr + 30) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 30) (by simp), memInsert_memInsert_of_ne (addr := addr + 30) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 30) (by simp), memInsert_memInsert_of_ne (addr := addr + 30) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 30) (by simp), memInsert_memInsert_of_ne (addr := addr + 30) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 30) (by simp), memInsert_memInsert_of_ne (addr := addr + 30) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 30) (by simp), memInsert_memInsert_of_ne (addr := addr + 30) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 30) (by simp), memInsert_memInsert_of_ne (addr := addr + 30) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 30) (by simp), memInsert_memInsert_of_ne (addr := addr + 30) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 30) (by simp), memInsert_memInsert_of_ne (addr := addr + 30) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 30) (by simp), memInsert_memInsert_of_ne (addr := addr + 30) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 30) (by simp), memInsert_memInsert_of_ne (addr := addr + 30) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 30) (by simp), memInsert_memInsert_of_ne (addr := addr + 30) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 30) (by simp), memInsert_memInsert_of_ne (addr := addr + 30) (by simp)
+     , memInsert_memInsert ]
+  rw [ List.foldr_cons, List.foldl_cons
+     , memInsert_memInsert_of_ne (by simp), memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 31) (by simp), memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 31) (by simp), memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 31) (by simp), memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 31) (by simp), memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 31) (by simp), memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 31) (by simp), memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 31) (by simp), memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 31) (by simp), memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 31) (by simp), memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 31) (by simp), memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 31) (by simp), memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 31) (by simp), memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 31) (by simp), memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 31) (by simp), memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert_of_ne (addr := addr + 31) (by simp)
+     , memInsert_memInsert ]
+
+  rw [List.foldr_nil]
+  repeat rw [← List.foldl_cons]
+  simp only [List.reverse, List.reverseAux]
+
+lemma update_update_of_ne :
+  (h : ∀ {a}, a ∈ offsets_at addr' → a ∉ offsets_at addr) →
+  (ms.updateMemory addr val).updateMemory addr' val' =
+    (ms.updateMemory addr' val').updateMemory addr val := by
+  intro h
+  unfold MachineState.updateMemory
+  simp
+  apply And.intro
+
+  swap
+  rw [← max_assoc, max_comm addr' addr, max_assoc]
+
+  rw [ ← mkEntries, ← mkEntries ]
+  sorry
+
+lemma lt_toBytes_length_of_mem_offset :
+  ∀ {offset}, (v : UInt256) → (offset ∈ offsets) → offset < (toBytes! v).length := by
+  unfold offsets
+  simp
+
+lemma lookupBytes_nil :
+  ∀ {addr},
+  [].map (ms.memory.lookupByte ∘ (addr + ↑·)) = [] := by
+  simp
+
+lemma lookupBytes_cons :
+  ∀ {addr} {offset : ℕ} {os : List ℕ},
+  (offset :: os).map ((ms.updateMemory addr val).memory.lookupByte ∘ (addr + ↑·)) =
+    (ms.updateMemory addr val).memory.lookupByte (addr + ↑offset)
+    :: os.map ((ms.updateMemory addr val).memory.lookupByte ∘ (addr + ↑·)) := by
+  intro addr offset os
+  exact List.map_cons
+    ((ms.updateMemory addr val).memory.lookupByte ∘ (addr + ↑·))
+    offset
+    os
+
+-- TODO: in newer mathlib
+@[simp] theorem get!_some {α} [Inhabited α] {a : α} : (some a).get! = a := rfl
+
+-- lemma lookupByte_updateMemory :
+--   ∀ {addr},
+--   (ms.updateMemory addr val).memory.lookupByte addr =
+--     (UInt256.toBytes! val)[0] := by
+--   intro addr
+--   unfold MachineState.updateMemory Memory.lookupByte
+--   simp
+--   rw [ List.zipWith_foldl_eq_zip_foldl ]
+--   conv => lhs; rw [splice_toBytes! val]
+--   unfold offsets
+--   simp only [List.map, List.zip, List.zipWith, List.foldl, flip, id]
+--   norm_cast
+--   rw [ Fin.add_zero addr ]
+--   simp
+
+lemma lookupByte_update_of_ne :
+  ∀ {addr addr' : UInt256},
+  (h : addr' ∉ offsets.map (addr + ↑·)) →
+  (ms.updateMemory addr val).memory.lookupByte addr' =
+    ms.memory.lookupByte addr' := by
+  intro addr addr' h
+  unfold MachineState.updateMemory Memory.lookupByte
+  simp
+  rw [splice_toBytes! val]
+  unfold offsets
+  simp [memInsert, List.foldr]
+
+  unfold offsets at h
+  simp at h
+  repeat rw [← ne_eq] at h
+  let ⟨_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_,_⟩ := h
+
+  rw [ Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne
+     , Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne
+     , Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne
+     , Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne
+     , Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne
+     , Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne
+     , Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne
+     , Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne
+     , Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne
+     , Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne
+     , Finmap.lookup_insert_of_ne, Finmap.lookup_insert_of_ne
+     ]
+
+  all_goals assumption
+
+lemma lookupByte_at_offset_update :
+  ∀ {addr} {n}, (mem: n ∈ offsets) →
+  (ms.updateMemory addr val).memory.lookupByte (addr + ↑n) =
+    (UInt256.toBytes! val)[n]'(lt_toBytes_length_of_mem_offset val mem) := by
+  intro addr n mem
+  unfold MachineState.updateMemory Memory.lookupByte
+  simp
+  conv => lhs; rw [splice_toBytes! val]
+  unfold offsets
+  simp only [List.foldr]
+  norm_cast
+  fin_cases mem
+  · rw [ Nat.cast_zero, Fin.add_zero addr ]
+    simp
+  · rw [ Nat.cast_one ]
+    simp
+  all_goals simp only [ Nat.cast_ofNat, memInsert, Fin.isValue, List.getElem_eq_get
+                      , Function.uncurry_apply_pair, add_zero, ne_eq, add_right_eq_self
+                      , Fin.reduceEq, not_false_eq_true, Finmap.lookup_insert_of_ne
+                      , add_right_inj, Finmap.lookup_insert, get!_some
+                      ]
+
+lemma lookupByte_at_offset_update_of_ne {addr addr' : UInt256} :
+  ∀ {n}, (mem: n ∈ offsets) →
+  (h : addr' + ↑n ∉ offsets.map (addr + ↑·)) →
+  (ms.updateMemory addr val).memory.lookupByte (addr' + ↑n) =
+    ms.memory.lookupByte (addr' + ↑n) := by
+  intro n _ _
+  apply lookupByte_update_of_ne (addr' := addr' + ↑n)
+  assumption
+
+lemma lookupWord_update : ∀ {addr},
+  (ms.updateMemory addr val).memory.lookupWord addr = val := by
+  intro addr
+  unfold Memory.lookupWord offsets
+  repeat rw [ lookupBytes_cons, lookupByte_at_offset_update (by simp) ]
+  rw [ List.map_nil
+     , ← splice_toBytes!
+     , fromBytes!_toBytes!
+     ]
+
+lemma lookupWord_update_of_ne {addr addr' : UInt256} :
+  (h : ∀ {n}, (mem: n ∈ offsets) → addr' + ↑n ∉ offsets.map (addr + ↑·)) →
+  (ms.updateMemory addr val).memory.lookupWord addr' = ms.memory.lookupWord addr' := by
+  intro h
+
+  unfold Memory.lookupWord
+
+  rw [ ← List.map_comp_map
+     , Function.comp_apply
+     , ← List.map_comp_map
+     , Function.comp_apply
+     ]
+  simp only [List.map]
+
+  rw [ lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     , lookupByte_at_offset_update_of_ne (by simp) (h (by simp))
+     ]
+
+lemma lookupWord_update_of_next {addr : UInt256} :
+  (ms.updateMemory addr val).memory.lookupWord (addr + 32) = ms.memory.lookupWord (addr + 32) := by
+  refine lookupWord_update_of_ne (addr := addr) (addr' := addr + 32) ?h
+  intro n mem
+  fin_cases mem <;> (norm_cast; simp; intro x x_mem)
+  · fin_cases x_mem <;> norm_cast
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+  · fin_cases x_mem <;> (norm_cast; try rw [add_assoc]; simp)
+
+lemma addr_no_overlap : ∀ {k : ℕ},
+  (h : k < Memory.maxWords) →
+  addr + (k + 1) * 32 ∉ offsets.map (addr + ↑·) := by
+  intro k h
+  simp
+  intro x x_mem
+  apply ne_of_lt
+  norm_cast
+
+  apply lt_of_le_of_lt (b := Nat.cast 31)
+  · rw [Fin.natCast_le_natCast (by linarith [lt_32_of_mem_offsets x_mem]) (by simp)]
+    apply Nat.le_of_lt_succ
+    exact lt_32_of_mem_offsets x_mem
+  · have succ_k_words_lt_size :
+      (k + 1) * 32 ≤ 115792089237316195423570985008687907853269984665640564039457584007913129639935 := by
+      trans Memory.maxWords * 32
+      · simp
+        rw [Nat.succ_le]
+        exact h
+      · rw [Memory.maxWords]
+        simp
+    rw [Fin.natCast_lt_natCast (by simp) succ_k_words_lt_size]
+    apply Nat.lt_of_lt_of_le
+    · show (31 < 32); simp
+    · linarith
+
+end MachineState
+
+variable {addr addr' p : UInt256}
+variable {evm : EVM}
+variable {val val' : UInt256}
+
+lemma mstore_mstore :
+  mstore (mstore evm p val) p val' = mstore evm p val' := by
+  unfold mstore updateMemory
+  simp
+  exact update_update
+
+lemma mstore_mstore_of_ne :
+  mstore (mstore evm addr val) addr' val' =
+    mstore (mstore evm addr' val') addr val := by
+  unfold mstore updateMemory
+  simp
+  refine update_update_of_ne ?_
+  sorry
+
+lemma lookup_mstore :
+  (mstore evm p val).machine_state.memory.lookupWord p = val := by
+  unfold mstore updateMemory
+  simp
+  rw [lookupWord_update]
+
+lemma lookup_mstore_of_ne {addr addr' : UInt256} :
+  (h : ∀ {n}, (mem: n ∈ offsets) → addr' + ↑n ∉ offsets.map (addr + ↑·)) →
+  (mstore evm addr val).machine_state.memory.lookupWord addr' =
+    evm.machine_state.memory.lookupWord addr' := by
+  intro h
+  unfold mstore updateMemory
+  rw [lookupWord_update_of_ne h]
+
+lemma lookup_mstore_of_next :
+  ∀ {k}, (h : k < Memory.maxWords) →
+  (mstore evm p val).machine_state.memory.lookupWord (p + (k + 1) * 32) =
+    evm.machine_state.memory.lookupWord (p + (k + 1) * 32) := by
+  sorry
+
+section Interval
+
+variable {p : UInt256}
+variable {n : ℕ}
+variable {evm : EVM}
+variable {ms : MachineState}
+variable {val : UInt256}
+
+lemma interval_of_0_eq_nil :
+  mkInterval ms.memory p 0 = [] := by
+  unfold mkInterval words_at
+  simp
+
+lemma interval_eq_lookup_cons : ∀ {n},
+  mkInterval ms.memory p (n + 1) =
+    ms.memory.lookupWord p :: mkInterval ms.memory (p + 32) n := by
+  intro n
+  unfold mkInterval words_at
+  rw [range'_succ p n, List.map_cons]
+
+-- theorem List.range'_succ (s n step) :
+--   List.range' s (n + 1) step = s :: List.range' (s + step) n step := by
+--   simp [List.range', Nat.add_succ, Nat.mul_succ]
+
+-- lemma out_of_range :
+--   ∀ {n}, (h : n ≤ Memory.maxWords) →
+--   mkInterval (mstore evm p val).machine_state.memory (p + 32) n =
+--     mkInterval evm.machine_state.memory (p + 32) n := by
+--   intro n h
+--   induction n generalizing p with
+--   | zero => rw [interval_of_0_eq_nil, interval_of_0_eq_nil]
+--   | succ n' ih =>
+--     have : (2 : UInt256) * 32 = (1 + 1) * 32 := sorry
+--     rw [ interval_eq_lookup_cons
+--        , ← one_mul 32, ← zero_add 1, ← Nat.cast_zero
+--        , lookup_mstore_of_next (p := p) (k := 0) (by simp [Memory.maxWords])
+--        , Nat.cast_zero, zero_add 1, one_mul 32
+--        , add_assoc, ← two_mul 32
+--        , this ]
+--     rw (config := {occs := .pos [1]}) [ ← Nat.cast_one ]
+--     rw [
+--        ]
+
+lemma interval_of_mstore_eq_val_cons :
+  mkInterval (mstore evm p val).machine_state.memory p (n + 1) =
+    val :: mkInterval (mstore evm p val).machine_state.memory (p + 32) n := by
+  rw [ interval_eq_lookup_cons, lookup_mstore ]
+
+lemma interval_of_mstore_eq_val_cons' :
+  ∀ {n}, (h : n < Memory.maxWords) →
+  mkInterval (mstore evm p val).machine_state.memory p (n + 1) =
+    val :: mkInterval evm.machine_state.memory (p + 32) n := by
+  sorry
+  -- intro n h
+  -- induction n generalizing p with
+  -- | zero => admit
+  -- | succ n' =>
+  --   rw [ interval_eq_lookup_cons, lookup_mstore, out_of_range (le_of_lt h) ]
+
+end Interval
+
 end Clear.EVMState
diff --git a/Clear/State.lean b/Clear/State.lean
index 2d709b9..5d44041 100644
--- a/Clear/State.lean
+++ b/Clear/State.lean
@@ -389,6 +389,10 @@ lemma overwrite?_insert : (s.overwrite? (s'.insert var x)) = s.overwrite? s'
   unfold insert overwrite?
   rcases s' <;> simp
 
+lemma insert_of_ok : (Ok evm store)⟦var ↦ val⟧ = Ok evm (store.insert var val)
+:= by
+  rfl
+
 -- | Looking up a variable you've just inserted gives you the value you inserted.
 @[simp]
 lemma lookup_insert : (Ok evm store)⟦var ↦ x⟧[var]!! = x
diff --git a/Clear/UInt256.lean b/Clear/UInt256.lean
index 3191eb6..7464f26 100644
--- a/Clear/UInt256.lean
+++ b/Clear/UInt256.lean
@@ -17,9 +17,6 @@ instance : NeZero UInt256.size := ⟨by decide⟩
 
 abbrev UInt256 := Fin UInt256.size
 
-instance : SizeOf UInt256 where
-  sizeOf := 1
-
 instance (n : ℕ) : OfNat UInt256 n := ⟨Fin.ofNat n⟩
 instance : Inhabited UInt256 := ⟨0⟩
 instance : NatCast UInt256 := ⟨Fin.ofNat⟩
@@ -27,6 +24,17 @@ instance : NatCast UInt256 := ⟨Fin.ofNat⟩
 abbrev Nat.toUInt256 : ℕ → UInt256 := Fin.ofNat
 abbrev UInt8.toUInt256 (a : UInt8) : UInt256 := a.toNat.toUInt256
 
+def UInt256.top : ℕ := (⊤ : UInt256).val
+
+lemma UInt256.top_def : UInt256.top = 2 ^ 256 - 1 := by
+  unfold top
+  rw [Fin.top_eq_last]
+  simp
+
+lemma UInt256.top_def'
+  : UInt256.top = 115792089237316195423570985008687907853269984665640564039457584007913129639935 := by
+  rw [UInt256.top_def]; simp
+
 lemma UInt256.size_def
   : UInt256.size = 115792089237316195423570985008687907853269984665640564039457584007913129639936 := by
   unfold size; simp
@@ -239,6 +247,13 @@ def toBytes! (n : UInt256) : List UInt8 := zeroPadBytes 32 (toBytes' n)
 @[simp]
 lemma length_toBytes! {n : UInt256} : (toBytes! n).length = 32 := zeroPadBytes_len (toBytes'_UInt256_le n.2)
 
+lemma fromBytes!_toBytes! : ∀ {n}, ↑(fromBytes! (toBytes! n)) = n := by
+  intro n
+  unfold fromBytes!
+  rw [ ← length_toBytes! (n := n) ]
+  unfold toBytes!
+  simp
+
 lemma UInt256_pow_def {a b : UInt256} : a ^ b = a ^ b.val := by
   rfl
 
diff --git a/Clear/Utilities.lean b/Clear/Utilities.lean
index 434a984..afa4070 100644
--- a/Clear/Utilities.lean
+++ b/Clear/Utilities.lean
@@ -29,6 +29,25 @@ lemma spec_eq {P P' : State → State  → Prop} {s₀ s₉ : State} :
     simp only
     exact h
 
+@[aesop safe apply (rule_sets := [Clear.aesop_spec])]
+lemma collision_spec_eq {P P' : State → State  → Prop} {s₀ s₉ : State} :
+  (¬ s₉.evm.hash_collision → Spec P s₀ s₉ → Spec P' s₀ s₉) → CollidingSpec P s₀ s₉ → CollidingSpec P' s₀ s₉ := by
+  unfold CollidingSpec
+  intro S'_of_S
+  split
+  simp
+  intro Spec_of_c c
+  exact S'_of_S c (Spec_of_c c) 
+
+@[aesop safe apply (rule_sets := [Clear.aesop_spec])]
+lemma collision_spec_eq' {P P' : State → State  → Prop} {s₀ s₉ : State} :
+  (¬ s₉.evm.hash_collision → ¬❓ s₉ → P s₀ s₉ →  P' s₀ s₉) → CollidingSpec P s₀ s₉ → CollidingSpec P' s₀ s₉ := by
+  intro P'_of_P
+  apply collision_spec_eq
+  intro c
+  apply spec_eq
+  exact P'_of_P c
+
 @[simp]
 lemma checkpt_insert_elim {var} {val} {j} : (.Checkpoint j)⟦var ↦ val⟧ = .Checkpoint j := by
   simp only [State.insert]
diff --git a/Clear/Wheels.lean b/Clear/Wheels.lean
index de70965..c07c533 100644
--- a/Clear/Wheels.lean
+++ b/Clear/Wheels.lean
@@ -1,7 +1,17 @@
 import Aesop
 
+import Mathlib.Data.Rel
 import Mathlib.Tactic.ApplyAt
 
+instance instRelInter {α β} : Inter (Rel α β) where
+  inter r s := λ a b ↦ r a b ∧ s a b
+
+def Rel.inter {α β} (r : α → β → Prop) (s : α → β → Prop) : α → β → Prop :=
+  λ a b ↦ r a b ∧ s a b
+
+instance instFunInter {α β : Type} : Inter (α → β → Prop) where
+  inter r s := λ a b ↦ r a b ∧ s a b
+
 declare_aesop_rule_sets [Clear.aesop_ok, Clear.aesop_spec, Clear.aesop_varstore]
 
 set_option hygiene false in
diff --git a/Generated/erc20shim/ERC20Shim/Predicate.lean b/Generated/erc20shim/ERC20Shim/Predicate.lean
new file mode 100644
index 0000000..c387439
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Predicate.lean
@@ -0,0 +1,67 @@
+import Mathlib.Data.Finmap
+
+import Clear.State
+
+import Generated.erc20shim.ERC20Shim.Variables
+
+open Clear
+
+namespace Generated.erc20shim.ERC20Shim
+
+abbrev BalanceMap := Finmap (λ _ : Address ↦ UInt256)
+abbrev AllowanceMap := Finmap (λ _ : Address × Address ↦ UInt256)
+
+structure ERC20 where
+  supply : UInt256
+  balances : BalanceMap
+  allowances : AllowanceMap
+
+-- structure HasBalance (balances : BalanceMap) (account : Address) (s : State) where
+--   address : Address
+--   keccak : s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some address
+--   balance : some (s.evm.sload address) = balances.lookup account
+
+abbrev HasBalance (balances : BalanceMap) (account : Address) (s : State) :=
+  ∃ address,
+  s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some address ∧
+  some (s.evm.sload address) = balances.lookup account
+
+namespace HasBalance
+
+variable {balances : BalanceMap} {account : Address} {s : State}
+
+-- theorem keccak (address(h : HasBalance balances account s) :
+--   ∃ address, s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some address := 
+--   let ⟨addr, keccak, _⟩ := h
+--   ⟨addr, keccak⟩
+
+-- theorem balance (h : HasBalance balances account s) :
+--   ∃ address, some (s.evm.sload address) = balances.lookup account :=
+--   let ⟨addr, _, balance⟩ := h
+--   ⟨addr, balance⟩
+
+end HasBalance
+
+-- structure HasAllowance (allowances : AllowanceMap) (owner : Address) (spender : Address) (s : State) where
+--   address : Address
+--   keccak : s.evm.keccak_map.lookup [ ↑owner, ↑spender, ERC20Private.allowances ] = some address
+--   allowance : some (s.evm.sload address) = allowances.lookup ⟨owner, spender⟩
+
+def HasAllowance (allowances : AllowanceMap) (owner : Address) (spender : Address) (s : State) : Prop :=
+  ∃ address,
+  s.evm.keccak_map.lookup [ ↑owner, ↑spender, ERC20Private.allowances ] = some address ∧
+  some (s.evm.sload address) = allowances.lookup ⟨owner, spender⟩
+
+-- def balance_predicate (erc20 : ERC20) (s : State) : Prop :=
+--   ∀ account,
+--   account ∈ erc20.balances → HasBalance erc20.balances account s
+
+-- def balance_predicate (erc20 : ERC20) (s : State) : ? :=
+--   ∀ account,
+--   account ∈ erc20.balances → HasBalance erc20.balances account s
+
+def allowance_predicate (erc20 : ERC20) (s : State) : Prop :=
+  ∀ (owner spender : Address),
+  ⟨owner, spender⟩ ∈ erc20.allowances → HasAllowance erc20.allowances owner spender s
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/Variables.lean b/Generated/erc20shim/ERC20Shim/Variables.lean
index 75340a1..b7d0a1e 100644
--- a/Generated/erc20shim/ERC20Shim/Variables.lean
+++ b/Generated/erc20shim/ERC20Shim/Variables.lean
@@ -1,4 +1,10 @@
+import Mathlib.Data.Finmap
+import Clear.Ast
+import Clear.EVMState
 import Clear.UInt256
+import Clear.State
+
+open Clear
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -12,4 +18,10 @@ structure PrivateAddresses where
 def ERC20Private : PrivateAddresses :=
   { balances := 0, allowances := 1, totalSupply := 2, name := 3, symbol := 4 }
 
+
+def ERC20Pred (balances : Finmap (λ (_ : Address) ↦ UInt256)) (s : State) : Prop :=
+  ∀ account, account ∈ balances →
+  ∃ addr, s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some addr ∧
+  some (s.evm.sload addr) = balances.lookup account
+
 end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index daddd88..a97536c 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -1,9 +1,9 @@
 import Clear.ReasoningPrinciple
 
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
-
+-- import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
 import Generated.erc20shim.ERC20Shim.fun_balanceOf_gen
 
+import Generated.erc20shim.ERC20Shim.Predicate
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -11,13 +11,42 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop := sorry
+def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop :=
+  ∀ erc20, balance_predicate erc20 s₀ → balance_predicate erc20 s₉
+
+  -- ∃ (s : State) (addr : UInt256), (s₉ = s⟦ var ↦ s.evm.sload addr ⟧)
 
 lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   Spec (fun_balanceOf_concrete_of_code.1 var var_account) s₀ s₉ →
   Spec (A_fun_balanceOf var var_account) s₀ s₉ := by
-  unfold fun_balanceOf_concrete_of_code A_fun_balanceOf
-  sorry
+  unfold fun_balanceOf_concrete_of_code A_fun_balanceOf  
+  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+  apply spec_eq
+  clr_funargs
+
+  intro hasFuel index_access erc20 pred_s₀
+
+  rcases index_access with ⟨sₖ, mapping, h'⟩
+  -- clr_spec at mapping
+
+  -- have sₖ_isOk : isOk sₖ := mapping_of_ok mapping (by simp)
+  -- rcases sₖ with ⟨evmₖ, _⟩ | _ | _ <;> try contradiction
+  -- use (Ok evmₖ varstore)
+
+  -- simp at *
+  -- rw [ ← State.insert_of_ok, ← State.insert_of_ok
+  --    , State.lookup_insert
+  --    ] at h'
+  -- symm at h'
+
+  -- by_cases h : evmₖ.hash_collision = true
+  -- · use 0
+  --   rw [ lookup_addr_fail mapping h] at h'
+  --   assumption
+  -- · rcases lookup_addr_ok mapping (by aesop) with ⟨addr, lookup_eq_addr⟩
+  --   use addr
+  --   rw [ lookup_eq_addr ] at h'
+  --   assumption
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
index a649948..637e33a 100644
--- a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
@@ -17,7 +17,20 @@ lemma fun_totalSupply_abs_of_concrete {s₀ s₉ : State} {var_ } :
   Spec (fun_totalSupply_concrete_of_code.1 var_ ) s₀ s₉ →
   Spec (A_fun_totalSupply var_ ) s₀ s₉ := by
   unfold fun_totalSupply_concrete_of_code A_fun_totalSupply
-  aesop_spec
+  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+  apply spec_eq  
+  clr_funargs
+  intro hasFuel
+
+  unfold reviveJump
+  simp
+
+  rw [ ← State.insert_of_ok,  ← State.insert_of_ok,  ← State.insert_of_ok ]  
+  clr_varstore
+  intro h
+  unfold ERC20Private; dsimp only
+  symm
+  assumption
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index 9527d18..780f94f 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -3,6 +3,8 @@ import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_gen
 
+import Generated.erc20shim.ERC20Shim.Predicate
+import Generated.erc20shim.ERC20Shim.Variables
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -10,13 +12,92 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
-  let s₁ := s₀ 🇪⟦ s₀.evm.mstore 0x00 (Address.ofUInt256 key) ⟧
-  let s₂ := s₁ 🇪⟦ s₁.evm.mstore 0x20 slot ⟧
-  match s₂.evm.keccak256 0x00 0x40 with
-  | some ⟨addr, evm⟩ => s₉ = s₂ 🇪⟦ evm ⟧⟦ dataSlot ↦ addr ⟧
-  | none => s₉.evm.hash_collision = True
+abbrev AddressMap := Finmap (λ _ : Address ↦ UInt256)
 
+def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
+  let account := Address.ofUInt256 key
+  ∀ {map : AddressMap}, account ∈ map →
+  ∃ address,
+  s₀.evm.keccak_map.lookup [ ↑account , slot ] = some address ∧
+  some (s₀.evm.sload address) = map.lookup account →
+  s₉ = s₀ ⟦ dataSlot ↦ address ⟧
+
+  -- account ∈ erc20.balances →
+  -- ∃ address, s₀.evm.keccak_map.lookup [ ↑account,  ERC20Private.balances ] = some address →
+  -- s₉ = s₀ ⟦ dataSlot ↦ address ⟧ 
+
+  -- let s₁ := s₀ 🇪⟦ s₀.evm.mstore 0x00 (Address.ofUInt256 key) ⟧
+  -- let s₂ := s₁ 🇪⟦ s₁.evm.mstore 0x20 slot ⟧
+  -- match s₂.evm.keccak256 0x00 0x40 with
+  -- | some ⟨addr, evm⟩ => s₉ = s₂ 🇪⟦ evm ⟧⟦ dataSlot ↦ addr ⟧
+  -- | none => s₉ = s₂ 🇪⟦ s₂.evm.addHashCollision ⟧
+
+-- lemma mapping_of_ok {dataSlot : Identifier} {slot key : Literal} {s₀ s₉ : State}
+--   : A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key s₀ s₉ →
+--     isOk s₀ → isOk s₉ := by
+--   intro mapping s₀_ok
+--   unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
+
+--   have : s₀🇪⟦mstore s₀.evm 0 ↑↑(Address.ofUInt256 key)⟧.isOk := by
+--     rw [isOk_setEvm]
+--     assumption
+
+--   simp at mapping
+--   rw [ evm_get_set_of_isOk s₀_ok
+--      , evm_get_set_of_isOk this
+--      ] at mapping
+
+--   -- split at mapping
+--   -- <;> apply_fun isOk at mapping
+--   -- <;> try rw [ isOk_insert ] at mapping
+--   -- <;> [simp only [ isOk_setEvm ] at mapping; simp only [ isOk_setEvm ] at mapping]
+--   -- <;> exact mapping.to_iff.mpr s₀_ok
+
+--   split at mapping <;> apply_fun isOk at mapping
+--   · rw [ isOk_insert ] at mapping
+--     rw [ isOk_setEvm, isOk_setEvm, isOk_setEvm] at mapping
+--     exact mapping.to_iff.mpr s₀_ok
+--   · rw [ isOk_setEvm, isOk_setEvm, isOk_setEvm] at mapping
+--     exact mapping.to_iff.mpr s₀_ok
+
+-- lemma lookup_addr_fail {dataSlot : Identifier} {slot key : Literal} {s₀ s₉ : State}
+--   : A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key s₀ s₉ →
+--     s₉.evm.hash_collision = true → 
+--     s₉[dataSlot]!! = 0 := by
+--   intro r_addr h
+--   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+
+--   clr_funargs
+
+--   unfold A_mapping_index_access_mapping_address_uint256_of_address at r_addr
+--   simp at r_addr
+  
+--   sorry
+
+-- lemma lookup_addr_ok {dataSlot : Identifier} {slot key : Literal} {s₀ s₉ : State}
+--   : A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key s₀ s₉ →
+--     s₉.evm.hash_collision = false → 
+--     ∃ addr, s₉[dataSlot]!! = addr := by
+--   intro r_addr
+--   sorry
+
+  -- unfold A_mapping_index_access_mapping_address_uint256_of_address at r_addr
+  -- simp at r_addr
+  
+  
+  -- unfold setEvm at r_addr
+  -- simp at r_addr
+  -- generalize prep_def
+  --   : (mstore s₀.evm 0 ↑↑(Address.ofUInt256 key)).mstore 32 slot = state_prep
+  --   at r_addr
+
+  -- cases (b.evm.keccak256 0x00 0x40) with
+  -- | none =>
+
+  --   use 0
+  --   sorry
+  -- | some a => sorry
+  
 -- Helper reifications
 lemma shift_eq_size : Fin.shiftLeft (n := UInt256.size) 1 160 = Address.size := by
   constructor
@@ -26,27 +107,49 @@ lemma EVMAddrSize' {s : State} : (s, [Fin.shiftLeft 1 160]) = (s, [Address.size.
   exact shift_eq_size
 
 lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
-  Spec (mapping_index_access_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
-  Spec (A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
-  unfold mapping_index_access_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_uint256_of_address  
+  CollidingSpec (mapping_index_access_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
+  CollidingSpec (A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
+  unfold mapping_index_access_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_uint256_of_address
   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
-  apply spec_eq
+  apply collision_spec_eq'
+  
+  intro noCollision hasFuel
+  
   clr_funargs
 
   rw [ EVMSub', EVMShl', EVMAddrSize' ]; simp
   rw [ Address.and_size_eq_ofUInt256 ]
   rw [ multifill_cons, multifill_nil ]
   simp
-
+  
   clr_varstore
 
-  generalize prep_def : (mstore evm 0 ↑↑(Address.ofUInt256 key)).mstore 32 slot = state_prep
-
-  cases state_prep.keccak256 0 64
-  · aesop_spec
-  · simp
-    unfold setEvm State.insert
-    aesop_spec
+  generalize acconut_def : Address.ofUInt256 key = account
+  
+  intro prog erc20 account_mem_balances
+  
+  rcases (Finmap.mem_iff.mp account_mem_balances) with ⟨bal, h_bal⟩
+  sorry
+  -- use address
+  -- intro h_lookup
+  -- generalize prep_def : (mstore evm 0 ↑↑account).mstore 32 slot = state_prep
+
+  -- have : Option.isSome $ state_prep.keccak256 0 64 := by
+  --   unfold keccak256
+  --   unfold mkInterval
+  --   unfold MachineState.lookupMemory
+  --   unfold_let
+ 
+  --   rw [ ← prep_def ]
+  --   unfold mstore updateMemory
+  --   sorry
+
+  -- cases this
+  -- · simp
+  --   sorry
+  -- · simp
+  --   unfold setEvm State.insert
+  --   aesop_spec
 
 end
 

From e7480611020755df786facf786fa3b3ad5edb90e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Thu, 26 Sep 2024 17:42:21 +0200
Subject: [PATCH 08/89] keccak based proof

---
 ...pping_address_uint256_of_address_user.lean | 69 +++++++++++--------
 1 file changed, 40 insertions(+), 29 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index 780f94f..a922a3c 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -14,17 +14,19 @@ open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemma
 
 abbrev AddressMap := Finmap (λ _ : Address ↦ UInt256)
 
+set_option linter.setOption false
+set_option pp.coercions false
+
 def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
   let account := Address.ofUInt256 key
   ∀ {map : AddressMap}, account ∈ map →
-  ∃ address,
-  s₀.evm.keccak_map.lookup [ ↑account , slot ] = some address ∧
-  some (s₀.evm.sload address) = map.lookup account →
+  ∀ address,
+  s₀.evm.keccak_map.lookup [ ↑account , slot ] = some address →
   s₉ = s₀ ⟦ dataSlot ↦ address ⟧
 
   -- account ∈ erc20.balances →
   -- ∃ address, s₀.evm.keccak_map.lookup [ ↑account,  ERC20Private.balances ] = some address →
-  -- s₉ = s₀ ⟦ dataSlot ↦ address ⟧ 
+  -- s₉ = s₀ ⟦ dataSlot ↦ address ⟧
 
   -- let s₁ := s₀ 🇪⟦ s₀.evm.mstore 0x00 (Address.ofUInt256 key) ⟧
   -- let s₂ := s₁ 🇪⟦ s₁.evm.mstore 0x20 slot ⟧
@@ -62,7 +64,7 @@ def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identi
 
 -- lemma lookup_addr_fail {dataSlot : Identifier} {slot key : Literal} {s₀ s₉ : State}
 --   : A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key s₀ s₉ →
---     s₉.evm.hash_collision = true → 
+--     s₉.evm.hash_collision = true →
 --     s₉[dataSlot]!! = 0 := by
 --   intro r_addr h
 --   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
@@ -71,20 +73,20 @@ def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identi
 
 --   unfold A_mapping_index_access_mapping_address_uint256_of_address at r_addr
 --   simp at r_addr
-  
+
 --   sorry
 
 -- lemma lookup_addr_ok {dataSlot : Identifier} {slot key : Literal} {s₀ s₉ : State}
 --   : A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key s₀ s₉ →
---     s₉.evm.hash_collision = false → 
+--     s₉.evm.hash_collision = false →
 --     ∃ addr, s₉[dataSlot]!! = addr := by
 --   intro r_addr
 --   sorry
 
   -- unfold A_mapping_index_access_mapping_address_uint256_of_address at r_addr
   -- simp at r_addr
-  
-  
+
+
   -- unfold setEvm at r_addr
   -- simp at r_addr
   -- generalize prep_def
@@ -97,7 +99,7 @@ def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identi
   --   use 0
   --   sorry
   -- | some a => sorry
-  
+
 -- Helper reifications
 lemma shift_eq_size : Fin.shiftLeft (n := UInt256.size) 1 160 = Address.size := by
   constructor
@@ -107,39 +109,48 @@ lemma EVMAddrSize' {s : State} : (s, [Fin.shiftLeft 1 160]) = (s, [Address.size.
   exact shift_eq_size
 
 lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
-  CollidingSpec (mapping_index_access_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
-  CollidingSpec (A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
+  Spec (mapping_index_access_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
+  Spec (A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
   unfold mapping_index_access_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_uint256_of_address
   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
-  apply collision_spec_eq'
-  
-  intro noCollision hasFuel
-  
+  apply spec_eq
+
+  intro hasFuel
   clr_funargs
 
   rw [ EVMSub', EVMShl', EVMAddrSize' ]; simp
   rw [ Address.and_size_eq_ofUInt256 ]
   rw [ multifill_cons, multifill_nil ]
   simp
-  
+
   clr_varstore
 
   generalize acconut_def : Address.ofUInt256 key = account
-  
-  intro prog erc20 account_mem_balances
-  
+
+  intro prog erc20 account_mem_balances address hasAddress
+
   rcases (Finmap.mem_iff.mp account_mem_balances) with ⟨bal, h_bal⟩
-  sorry
+
   -- use address
   -- intro h_lookup
-  -- generalize prep_def : (mstore evm 0 ↑↑account).mstore 32 slot = state_prep
-
-  -- have : Option.isSome $ state_prep.keccak256 0 64 := by
-  --   unfold keccak256
-  --   unfold mkInterval
-  --   unfold MachineState.lookupMemory
-  --   unfold_let
- 
+  generalize prep_def : (mstore evm 0 ↑↑account).mstore 32 slot = state_prep
+
+  have : Option.isSome $ state_prep.keccak256 0 64 := by
+    unfold keccak256
+    rw [← prep_def, interval'_eq_interval 2 two_ne_zero (by norm_cast)]
+
+
+    rw [ mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
+       , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
+       , interval_of_0_eq_nil
+       ]
+    unfold_let
+    rw [hasAddress]
+
+
+  sorry
+-- mkInterval (mstore evm x v) x = v :: (mkInterval evm (x + 32))
+  -- mkInterval evm n n = []
   --   rw [ ← prep_def ]
   --   unfold mstore updateMemory
   --   sorry

From 1b79eb4188098a360b0d8831d9ce19fb30381e94 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Fri, 27 Sep 2024 16:25:26 +1200
Subject: [PATCH 09/89] Remove unneeded `aesop` Fixes build of `State.lean`

---
 Clear/State.lean | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Clear/State.lean b/Clear/State.lean
index 5d44041..88a718d 100644
--- a/Clear/State.lean
+++ b/Clear/State.lean
@@ -405,7 +405,6 @@ lemma lookup_insert' (h : isOk s) : s⟦var ↦ x⟧[var]!! = x
 := by
   unfold insert lookup!
   rcases s <;> simp at *
-  aesop
 
 -- | Inserting with the same key twice overwrites.
 @[simp]

From ee2c85ca0220e820576d9e9287ad08b59ebb124d Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Fri, 27 Sep 2024 17:36:40 +1200
Subject: [PATCH 10/89] Add `mstore_preserves_keccak_map` lemma and use it to
 progress the proof

Note: this commit was made making some use of `claude-3.5-sonnet` using Cursor (https://www.cursor.com/).
---
 Clear/EVMState.lean                                         | 6 ++++++
 ...ndex_access_mapping_address_uint256_of_address_user.lean | 1 +
 2 files changed, 7 insertions(+)

diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index b02170d..4031e5b 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -1871,6 +1871,12 @@ lemma lookup_mstore_of_next :
     evm.machine_state.memory.lookupWord (p + (k + 1) * 32) := by
   sorry
 
+lemma mstore_preserves_keccak_map :
+  (mstore evm addr val).keccak_map = evm.keccak_map := by
+  unfold mstore
+  unfold updateMemory
+  simp
+
 section Interval
 
 variable {p : UInt256}
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index a922a3c..337fe3f 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -145,6 +145,7 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
        , interval_of_0_eq_nil
        ]
     unfold_let
+    rw [mstore_preserves_keccak_map, mstore_preserves_keccak_map]
     rw [hasAddress]
 
 

From 805f3cdb4170e82fdc1890ae96a8ebbf366edae7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Fri, 27 Sep 2024 19:57:53 +0200
Subject: [PATCH 11/89] Spec and proof for the address keccak helper

---
 ...pping_address_uint256_of_address_user.lean | 129 +++---------------
 1 file changed, 18 insertions(+), 111 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index 337fe3f..ed19468 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -22,83 +22,7 @@ def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identi
   ∀ {map : AddressMap}, account ∈ map →
   ∀ address,
   s₀.evm.keccak_map.lookup [ ↑account , slot ] = some address →
-  s₉ = s₀ ⟦ dataSlot ↦ address ⟧
-
-  -- account ∈ erc20.balances →
-  -- ∃ address, s₀.evm.keccak_map.lookup [ ↑account,  ERC20Private.balances ] = some address →
-  -- s₉ = s₀ ⟦ dataSlot ↦ address ⟧
-
-  -- let s₁ := s₀ 🇪⟦ s₀.evm.mstore 0x00 (Address.ofUInt256 key) ⟧
-  -- let s₂ := s₁ 🇪⟦ s₁.evm.mstore 0x20 slot ⟧
-  -- match s₂.evm.keccak256 0x00 0x40 with
-  -- | some ⟨addr, evm⟩ => s₉ = s₂ 🇪⟦ evm ⟧⟦ dataSlot ↦ addr ⟧
-  -- | none => s₉ = s₂ 🇪⟦ s₂.evm.addHashCollision ⟧
-
--- lemma mapping_of_ok {dataSlot : Identifier} {slot key : Literal} {s₀ s₉ : State}
---   : A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key s₀ s₉ →
---     isOk s₀ → isOk s₉ := by
---   intro mapping s₀_ok
---   unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
-
---   have : s₀🇪⟦mstore s₀.evm 0 ↑↑(Address.ofUInt256 key)⟧.isOk := by
---     rw [isOk_setEvm]
---     assumption
-
---   simp at mapping
---   rw [ evm_get_set_of_isOk s₀_ok
---      , evm_get_set_of_isOk this
---      ] at mapping
-
---   -- split at mapping
---   -- <;> apply_fun isOk at mapping
---   -- <;> try rw [ isOk_insert ] at mapping
---   -- <;> [simp only [ isOk_setEvm ] at mapping; simp only [ isOk_setEvm ] at mapping]
---   -- <;> exact mapping.to_iff.mpr s₀_ok
-
---   split at mapping <;> apply_fun isOk at mapping
---   · rw [ isOk_insert ] at mapping
---     rw [ isOk_setEvm, isOk_setEvm, isOk_setEvm] at mapping
---     exact mapping.to_iff.mpr s₀_ok
---   · rw [ isOk_setEvm, isOk_setEvm, isOk_setEvm] at mapping
---     exact mapping.to_iff.mpr s₀_ok
-
--- lemma lookup_addr_fail {dataSlot : Identifier} {slot key : Literal} {s₀ s₉ : State}
---   : A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key s₀ s₉ →
---     s₉.evm.hash_collision = true →
---     s₉[dataSlot]!! = 0 := by
---   intro r_addr h
---   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
-
---   clr_funargs
-
---   unfold A_mapping_index_access_mapping_address_uint256_of_address at r_addr
---   simp at r_addr
-
---   sorry
-
--- lemma lookup_addr_ok {dataSlot : Identifier} {slot key : Literal} {s₀ s₉ : State}
---   : A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key s₀ s₉ →
---     s₉.evm.hash_collision = false →
---     ∃ addr, s₉[dataSlot]!! = addr := by
---   intro r_addr
---   sorry
-
-  -- unfold A_mapping_index_access_mapping_address_uint256_of_address at r_addr
-  -- simp at r_addr
-
-
-  -- unfold setEvm at r_addr
-  -- simp at r_addr
-  -- generalize prep_def
-  --   : (mstore s₀.evm 0 ↑↑(Address.ofUInt256 key)).mstore 32 slot = state_prep
-  --   at r_addr
-
-  -- cases (b.evm.keccak256 0x00 0x40) with
-  -- | none =>
-
-  --   use 0
-  --   sorry
-  -- | some a => sorry
+  s₉[dataSlot]!! = address
 
 -- Helper reifications
 lemma shift_eq_size : Fin.shiftLeft (n := UInt256.size) 1 160 = Address.size := by
@@ -114,7 +38,6 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
   unfold mapping_index_access_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_uint256_of_address
   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
   apply spec_eq
-
   intro hasFuel
   clr_funargs
 
@@ -126,42 +49,26 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
   clr_varstore
 
   generalize acconut_def : Address.ofUInt256 key = account
-
   intro prog erc20 account_mem_balances address hasAddress
 
-  rcases (Finmap.mem_iff.mp account_mem_balances) with ⟨bal, h_bal⟩
-
-  -- use address
-  -- intro h_lookup
   generalize prep_def : (mstore evm 0 ↑↑account).mstore 32 slot = state_prep
-
-  have : Option.isSome $ state_prep.keccak256 0 64 := by
-    unfold keccak256
-    rw [← prep_def, interval'_eq_interval 2 two_ne_zero (by norm_cast)]
-
-
-    rw [ mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
-       , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
-       , interval_of_0_eq_nil
-       ]
-    unfold_let
-    rw [mstore_preserves_keccak_map, mstore_preserves_keccak_map]
-    rw [hasAddress]
-
-
-  sorry
--- mkInterval (mstore evm x v) x = v :: (mkInterval evm (x + 32))
-  -- mkInterval evm n n = []
-  --   rw [ ← prep_def ]
-  --   unfold mstore updateMemory
-  --   sorry
-
-  -- cases this
-  -- · simp
-  --   sorry
-  -- · simp
-  --   unfold setEvm State.insert
-  --   aesop_spec
+  unfold keccak256 at prog
+  rw [ interval'_eq_interval 2 two_ne_zero (by norm_cast)
+     , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
+     , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
+     , interval_of_0_eq_nil
+     ] at prog
+  unfold_let at prog
+  rw [ mstore_preserves_keccak_map, mstore_preserves_keccak_map
+     , hasAddress
+     ] at prog
+  simp at prog
+  unfold setEvm State.insert State.lookup! at prog
+  simp at prog
+
+  rw [← prog]
+  unfold State.lookup!
+  simp
 
 end
 

From 6697b11104b9d2e7fabf9a67b37a3f89e8228d72 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Tue, 1 Oct 2024 08:31:12 +0200
Subject: [PATCH 12/89] [wip] balance of

---
 .../ERC20Shim/fun_balanceOf_user.lean         | 49 +++++++++----------
 ...pping_address_uint256_of_address_user.lean |  2 +-
 2 files changed, 23 insertions(+), 28 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index a97536c..a8911ed 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -12,41 +12,36 @@ section
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
 def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop :=
-  ∀ erc20, balance_predicate erc20 s₀ → balance_predicate erc20 s₉
-
-  -- ∃ (s : State) (addr : UInt256), (s₉ = s⟦ var ↦ s.evm.sload addr ⟧)
+  let account := Address.ofUInt256 var_account
+  ∀ {erc20 : ERC20}, account ∈ erc20.balances →
+  ∀ bal_addr,
+  s₀.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some bal_addr →
+  erc20.balances.lookup account = some (s₀.evm.sload bal_addr) →
+  s₉[var]!! = s₀.evm.sload bal_addr
 
 lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   Spec (fun_balanceOf_concrete_of_code.1 var var_account) s₀ s₉ →
   Spec (A_fun_balanceOf var var_account) s₀ s₉ := by
-  unfold fun_balanceOf_concrete_of_code A_fun_balanceOf  
+  unfold fun_balanceOf_concrete_of_code A_fun_balanceOf
+
   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
   apply spec_eq
   clr_funargs
 
-  intro hasFuel index_access erc20 pred_s₀
-
-  rcases index_access with ⟨sₖ, mapping, h'⟩
-  -- clr_spec at mapping
-
-  -- have sₖ_isOk : isOk sₖ := mapping_of_ok mapping (by simp)
-  -- rcases sₖ with ⟨evmₖ, _⟩ | _ | _ <;> try contradiction
-  -- use (Ok evmₖ varstore)
-
-  -- simp at *
-  -- rw [ ← State.insert_of_ok, ← State.insert_of_ok
-  --    , State.lookup_insert
-  --    ] at h'
-  -- symm at h'
-
-  -- by_cases h : evmₖ.hash_collision = true
-  -- · use 0
-  --   rw [ lookup_addr_fail mapping h] at h'
-  --   assumption
-  -- · rcases lookup_addr_ok mapping (by aesop) with ⟨addr, lookup_eq_addr⟩
-  --   use addr
-  --   rw [ lookup_eq_addr ] at h'
-  --   assumption
+  intro hasFuel ⟨s, keccak, prog⟩ erc20 hasBal bal_addr hasAddr loadAddr
+  clr_varstore
+
+  unfold A_mapping_index_access_mapping_address_uint256_of_address at keccak
+  simp at keccak
+  clr_spec at keccak
+  
+  obtain ⟨is_ok, lookup⟩ := keccak hasBal bal_addr hasAddr
+  obtain ⟨evmₛ, varstareₛ, ok_state⟩ := State_of_isOk is_ok
+  rw [lookup, ok_state] at prog
+  rw [← prog]
+  
+  unfold State.lookup!
+  simp
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index ed19468..1145df3 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -22,7 +22,7 @@ def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identi
   ∀ {map : AddressMap}, account ∈ map →
   ∀ address,
   s₀.evm.keccak_map.lookup [ ↑account , slot ] = some address →
-  s₉[dataSlot]!! = address
+  s₉.isOk ∧ s₉[dataSlot]!! = address
 
 -- Helper reifications
 lemma shift_eq_size : Fin.shiftLeft (n := UInt256.size) 1 160 = Address.size := by

From 666be98718af8eda62f677d9a953616ca7a099f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Tue, 1 Oct 2024 21:00:07 +0200
Subject: [PATCH 13/89] Other kind of isPure

---
 Clear/EVMState.lean  | 34 ++++++++++++++++++++++++++++++++++
 Clear/Utilities.lean | 39 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 73 insertions(+)

diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index 4031e5b..b946b39 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -419,6 +419,40 @@ def preserved : EVMState → EVMState → Prop :=
   (Eq on EVMState.hash_collision) ∩
   (Eq on EVMState.execution_env)
 
+def preserves_account_map :
+  {evm evm' : EVMState} → preserved evm evm' → evm.account_map = evm'.account_map := by
+  intro evm evm' h
+  exact h.1.1
+
+def preserves_collision :
+  {evm evm' : EVMState} → preserved evm evm' → evm.hash_collision = evm'.hash_collision := by
+  intro _ _ h
+  exact h.1.2
+
+def preserves_execution_env :
+  {evm evm' : EVMState} → preserved evm evm' → evm.execution_env = evm'.execution_env := by
+  intro _ _ h
+  exact h.2
+
+@[simp]
+lemma preserved_rfl {e : EVM} : preserved e e := by
+  unfold preserved
+  dsimp [(· ∩ ·)]
+  simp
+
+@[simp]
+lemma preserved_trans {e₀ e₁ e₂ : EVM} :
+  preserved e₀ e₁ → preserved e₁ e₂ → preserved e₀ e₂ := by
+  unfold preserved
+  dsimp [(· ∩ ·)]
+  intro h₀ h₁
+  have acc := Eq.trans (preserves_account_map h₀) (preserves_account_map h₁)
+  have col := Eq.trans (preserves_collision h₀) (preserves_collision h₁)
+  have env := Eq.trans (preserves_execution_env h₀) (preserves_execution_env h₁)
+  apply And.intro
+  apply And.intro
+  all_goals assumption
+
 -- functions for querying balance
 
 namespace EVMState
diff --git a/Clear/Utilities.lean b/Clear/Utilities.lean
index afa4070..51b6d05 100644
--- a/Clear/Utilities.lean
+++ b/Clear/Utilities.lean
@@ -101,4 +101,43 @@ lemma evm_eq_symm_of_isPure_ok_ok {evm evm'} {vs vs'} (h : isPure (Ok evm vs) (O
   symm
   aesop_spec
 
+def preservesEvm (s₀ : State) (s₁ : State) : Prop :=
+  match s₀, s₁ with
+  | .Ok e₀ _, .Ok e₁ _ => preserved e₀ e₁
+  | _, _ => True
+
+@[simp]
+lemma preservesEvm_rfl {s : State} : preservesEvm s s := by
+  unfold preservesEvm preserved
+  dsimp [(· ∩ ·)]
+  cases s <;> simp
+
+@[simp]
+lemma preservesEvm_trans {s₀ s₁ s₂} :
+  isOk s₁ → preservesEvm s₀ s₁ → preservesEvm s₁ s₂ → preservesEvm s₀ s₂ := by
+  unfold preservesEvm
+  match s₀ with
+  | .OutOfFuel | .Checkpoint _ => simp
+  | .Ok e₀ σ₀ =>
+    match s₂ with
+    | .OutOfFuel | .Checkpoint _ => simp
+    | .Ok e₂ σ₂ =>
+      match s₁ with
+      | .OutOfFuel | .Checkpoint _ => simp
+      | .Ok e₁ σ₁ =>
+        simp
+        exact preserved_trans
+
+@[simp]
+lemma sload_eq_of_preservesEvm {s s' : State} {a : UInt256} :
+  isOk s → isOk s' → preservesEvm s s' →
+  s.evm.sload a = s'.evm.sload a := by
+  unfold isOk preservesEvm
+  cases s <;> cases s' <;> simp
+  intro h
+  unfold EVMState.sload EVMState.lookupAccount
+  rw [ preserves_account_map h
+     , preserves_execution_env h
+     ]
+
 end Clear.Utilities

From 7df27aec00000d00d410039e40711dea137ede32 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Wed, 2 Oct 2024 16:10:46 +0200
Subject: [PATCH 14/89] Add more preserved lemmas, finish balanceOf with it

---
 Clear/EVMState.lean                           | 22 +++++++++++++++++++
 Clear/Utilities.lean                          | 14 ++++++++++++
 .../ERC20Shim/fun_balanceOf_user.lean         |  7 +++++-
 ...pping_address_uint256_of_address_user.lean | 14 +++++++++---
 4 files changed, 53 insertions(+), 4 deletions(-)

diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index b946b39..6aa5baa 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -434,12 +434,29 @@ def preserves_execution_env :
   intro _ _ h
   exact h.2
 
+lemma preserved_def {e₀ e₁ : EVM} : preserved e₀ e₁ =
+  (e₀.account_map = e₁.account_map ∧
+  e₀.hash_collision = e₁.hash_collision ∧
+  e₀.execution_env = e₁.execution_env) := by
+  unfold preserved
+  dsimp [(· ∩ ·)]
+  simp [Function.onFun, and_assoc]
+
 @[simp]
 lemma preserved_rfl {e : EVM} : preserved e e := by
   unfold preserved
   dsimp [(· ∩ ·)]
   simp
 
+lemma preserved_symm {e₀ e₁ : EVM} : preserved e₀ e₁ = preserved e₁ e₀ := by
+  rw [preserved_def, preserved_def]
+  ext
+  apply Iff.intro <;> {
+    intro ⟨acc, col, env⟩
+    symm at acc col env
+    exact ⟨acc, col, env⟩
+  }
+
 @[simp]
 lemma preserved_trans {e₀ e₁ e₂ : EVM} :
   preserved e₀ e₁ → preserved e₁ e₂ → preserved e₀ e₂ := by
@@ -640,6 +657,11 @@ def evm_return (σ : EVMState) (mstart s : UInt256) : EVMState :=
 def evm_revert (σ : EVMState) (mstart s : UInt256) : EVMState :=
   σ.evm_return mstart s
 
+lemma mstore_preserves {evm} {pos val} : preserved evm (evm.mstore pos val) := by
+  unfold mstore updateMemory
+  rw [preserved_def]
+  simp
+
 end
 
 section Memory
diff --git a/Clear/Utilities.lean b/Clear/Utilities.lean
index 51b6d05..5900514 100644
--- a/Clear/Utilities.lean
+++ b/Clear/Utilities.lean
@@ -106,6 +106,20 @@ def preservesEvm (s₀ : State) (s₁ : State) : Prop :=
   | .Ok e₀ _, .Ok e₁ _ => preserved e₀ e₁
   | _, _ => True
 
+lemma preservesEvm_eq (s₀ : State) (s₁ : State) : preserved s₀.evm s₁.evm → preservesEvm s₀ s₁ := by
+  unfold preservesEvm
+  cases s₀ <;> cases s₁ <;> simp
+
+lemma preservesEvm_of_isOk {s₀ s₁ : State} :
+  s₀.isOk → s₁.isOk → preservesEvm s₀ s₁ →
+  (s₀.evm.account_map = s₁.evm.account_map ∧
+  s₀.evm.hash_collision = s₁.evm.hash_collision ∧
+  s₀.evm.execution_env = s₁.evm.execution_env) := by
+  unfold isOk preservesEvm
+  cases s₀ <;> cases s₁ <;> simp
+  rw [preserved_def]
+  intro _; assumption
+
 @[simp]
 lemma preservesEvm_rfl {s : State} : preservesEvm s s := by
   unfold preservesEvm preserved
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index a8911ed..89a16bf 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -35,13 +35,18 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   simp at keccak
   clr_spec at keccak
   
-  obtain ⟨is_ok, lookup⟩ := keccak hasBal bal_addr hasAddr
+  obtain ⟨preserves, is_ok, lookup⟩ := keccak hasBal bal_addr hasAddr
   obtain ⟨evmₛ, varstareₛ, ok_state⟩ := State_of_isOk is_ok
   rw [lookup, ok_state] at prog
   rw [← prog]
   
   unfold State.lookup!
   simp
+  have : sload _ bal_addr = sload s.evm bal_addr := sload_eq_of_preservesEvm (by simp) is_ok preserves
+  symm
+  rw [ok_state] at this
+  simp at this
+  exact this
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index 1145df3..48eb017 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -22,7 +22,7 @@ def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identi
   ∀ {map : AddressMap}, account ∈ map →
   ∀ address,
   s₀.evm.keccak_map.lookup [ ↑account , slot ] = some address →
-  s₉.isOk ∧ s₉[dataSlot]!! = address
+  preservesEvm s₀ s₉ ∧ s₉.isOk ∧ s₉[dataSlot]!! = address
 
 -- Helper reifications
 lemma shift_eq_size : Fin.shiftLeft (n := UInt256.size) 1 160 = Address.size := by
@@ -66,10 +66,18 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
   unfold setEvm State.insert State.lookup! at prog
   simp at prog
 
+
   rw [← prog]
   unfold State.lookup!
-  simp
 
-end
+  apply And.intro
+  · apply preservesEvm_eq
+    simp
+    apply preserved_trans (e₁ := mstore evm 0 ↑↑account)
+    · exact mstore_preserves
+    · exact mstore_preserves
+  · simp
+
+  end
 
 end Generated.erc20shim.ERC20Shim

From ddde452c0360c44933e4e8e2e485d8654db1a7e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Thu, 3 Oct 2024 13:10:30 +0200
Subject: [PATCH 15/89] Remove unused preds from proofs

---
 Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean    | 9 ++++++---
 ...x_access_mapping_address_uint256_of_address_user.lean | 6 +++---
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index 89a16bf..432432f 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -13,7 +13,10 @@ open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemma
 
 def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop :=
   let account := Address.ofUInt256 var_account
-  ∀ {erc20 : ERC20}, account ∈ erc20.balances →
+  ∀ {erc20 : ERC20},
+  -- this: `account ∈ erc20.balances`
+  -- can be derived from: `erc20.balances.lookup account = some (s₀.evm.sload bal_addr)`
+  -- by Finmap.mem_of_lookup_eq_some
   ∀ bal_addr,
   s₀.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some bal_addr →
   erc20.balances.lookup account = some (s₀.evm.sload bal_addr) →
@@ -28,14 +31,14 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   apply spec_eq
   clr_funargs
 
-  intro hasFuel ⟨s, keccak, prog⟩ erc20 hasBal bal_addr hasAddr loadAddr
+  intro hasFuel ⟨s, keccak, prog⟩ erc20 bal_addr hasAddr loadAddr
   clr_varstore
 
   unfold A_mapping_index_access_mapping_address_uint256_of_address at keccak
   simp at keccak
   clr_spec at keccak
   
-  obtain ⟨preserves, is_ok, lookup⟩ := keccak hasBal bal_addr hasAddr
+  obtain ⟨preserves, is_ok, lookup⟩ := keccak hasAddr
   obtain ⟨evmₛ, varstareₛ, ok_state⟩ := State_of_isOk is_ok
   rw [lookup, ok_state] at prog
   rw [← prog]
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index 48eb017..ebda759 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -19,8 +19,8 @@ set_option pp.coercions false
 
 def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
   let account := Address.ofUInt256 key
-  ∀ {map : AddressMap}, account ∈ map →
-  ∀ address,
+  -- ∀ {map : AddressMap}, account ∈ map →
+  ∀ {address},
   s₀.evm.keccak_map.lookup [ ↑account , slot ] = some address →
   preservesEvm s₀ s₉ ∧ s₉.isOk ∧ s₉[dataSlot]!! = address
 
@@ -49,7 +49,7 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
   clr_varstore
 
   generalize acconut_def : Address.ofUInt256 key = account
-  intro prog erc20 account_mem_balances address hasAddress
+  intro prog address hasAddress
 
   generalize prep_def : (mstore evm 0 ↑↑account).mstore 32 slot = state_prep
   unfold keccak256 at prog

From 313e842cfd1c6e6b69528fe7462b451b3e08d674 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Fri, 4 Oct 2024 16:17:44 +0200
Subject: [PATCH 16/89] ERC20 predicate

---
 Generated/erc20shim/ERC20Shim/Predicate.lean | 93 ++++++++++----------
 Generated/erc20shim/ERC20Shim/Variables.lean | 26 +++++-
 2 files changed, 67 insertions(+), 52 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/Predicate.lean b/Generated/erc20shim/ERC20Shim/Predicate.lean
index c387439..9f3211a 100644
--- a/Generated/erc20shim/ERC20Shim/Predicate.lean
+++ b/Generated/erc20shim/ERC20Shim/Predicate.lean
@@ -1,10 +1,11 @@
 import Mathlib.Data.Finmap
 
 import Clear.State
+import Clear.Utilities
 
 import Generated.erc20shim.ERC20Shim.Variables
 
-open Clear
+open Clear State Utilities
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -16,52 +17,48 @@ structure ERC20 where
   balances : BalanceMap
   allowances : AllowanceMap
 
--- structure HasBalance (balances : BalanceMap) (account : Address) (s : State) where
---   address : Address
---   keccak : s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some address
---   balance : some (s.evm.sload address) = balances.lookup account
-
-abbrev HasBalance (balances : BalanceMap) (account : Address) (s : State) :=
-  ∃ address,
-  s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some address ∧
-  some (s.evm.sload address) = balances.lookup account
-
-namespace HasBalance
-
-variable {balances : BalanceMap} {account : Address} {s : State}
-
--- theorem keccak (address(h : HasBalance balances account s) :
---   ∃ address, s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some address := 
---   let ⟨addr, keccak, _⟩ := h
---   ⟨addr, keccak⟩
-
--- theorem balance (h : HasBalance balances account s) :
---   ∃ address, some (s.evm.sload address) = balances.lookup account :=
---   let ⟨addr, _, balance⟩ := h
---   ⟨addr, balance⟩
-
-end HasBalance
-
--- structure HasAllowance (allowances : AllowanceMap) (owner : Address) (spender : Address) (s : State) where
---   address : Address
---   keccak : s.evm.keccak_map.lookup [ ↑owner, ↑spender, ERC20Private.allowances ] = some address
---   allowance : some (s.evm.sload address) = allowances.lookup ⟨owner, spender⟩
-
-def HasAllowance (allowances : AllowanceMap) (owner : Address) (spender : Address) (s : State) : Prop :=
-  ∃ address,
-  s.evm.keccak_map.lookup [ ↑owner, ↑spender, ERC20Private.allowances ] = some address ∧
-  some (s.evm.sload address) = allowances.lookup ⟨owner, spender⟩
-
--- def balance_predicate (erc20 : ERC20) (s : State) : Prop :=
---   ∀ account,
---   account ∈ erc20.balances → HasBalance erc20.balances account s
-
--- def balance_predicate (erc20 : ERC20) (s : State) : ? :=
---   ∀ account,
---   account ∈ erc20.balances → HasBalance erc20.balances account s
-
-def allowance_predicate (erc20 : ERC20) (s : State) : Prop :=
-  ∀ (owner spender : Address),
-  ⟨owner, spender⟩ ∈ erc20.allowances → HasAllowance erc20.allowances owner spender s
+structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
+  hasSupply : s.evm.sload ERC20Private.totalSupply = erc20.supply
+
+  hasBalance :
+    ∀ {account}, (account ∈ erc20.balances) →
+    ∃ (address : UInt256),
+    s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some address ∧
+    -- address ∈ s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ]
+    erc20.balances.lookup account = some (s.evm.sload address)
+    -- equivalent statements
+    -- s.evm.sload address ∈ erc20.balances.lookup account
+    -- ⟨account, s.evm.sload address⟩ ∈ erc20.balances.entries
+
+  hasAllowance :
+    ∀ {owner spender}, (⟨owner, spender⟩ ∈ erc20.allowances) →
+    ∃ (address  : UInt256) (intermediate : UInt256),
+    s.evm.keccak_map.lookup [ ↑owner , ERC20Private.allowances ] = some intermediate →
+    s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address →
+    erc20.allowances.lookup ⟨owner, spender⟩ = some (s.evm.sload address)
+
+lemma IsERC20_of_insert {erc20} {s : State} :
+  ∀ {var val}, IsERC20 erc20 s → IsERC20 erc20 (s⟦var↦val⟧) := by
+  intro var val is_erc
+  constructor <;> rw [State.evm_insert]
+  · exact is_erc.hasSupply
+  · exact is_erc.hasBalance
+  · exact is_erc.hasAllowance
+
+lemma IsERC20_of_ok_forall_store {erc20} {evm} {s₀ s₁} :
+  IsERC20 erc20 (Ok evm s₀) → IsERC20 erc20 (Ok evm s₁) := by
+  intro is_erc
+  constructor <;> (rw [State.evm]; simp)
+  · exact is_erc.hasSupply
+  · exact is_erc.hasBalance
+  · exact is_erc.hasAllowance
+
+lemma IsERC20_of_ok_of_preserved {erc20} {store} {σ₀ σ₁} (h : preserved σ₀ σ₁) : 
+  IsERC20 erc20 (Ok σ₀ store) → IsERC20 erc20 (Ok σ₁ store) := by
+  sorry
+  
+lemma IsERC20_of_preservesEvm {erc20} {s₀ s₁} :
+  preservesEvm s₀ s₁ → IsERC20 erc20 s₀ → IsERC20 erc20 s₁ := by
+  sorry
 
 end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/Variables.lean b/Generated/erc20shim/ERC20Shim/Variables.lean
index b7d0a1e..829781e 100644
--- a/Generated/erc20shim/ERC20Shim/Variables.lean
+++ b/Generated/erc20shim/ERC20Shim/Variables.lean
@@ -18,10 +18,28 @@ structure PrivateAddresses where
 def ERC20Private : PrivateAddresses :=
   { balances := 0, allowances := 1, totalSupply := 2, name := 3, symbol := 4 }
 
+namespace Variables
 
-def ERC20Pred (balances : Finmap (λ (_ : Address) ↦ UInt256)) (s : State) : Prop :=
-  ∀ account, account ∈ balances →
-  ∃ addr, s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some addr ∧
-  some (s.evm.sload addr) = balances.lookup account
+lemma balances_def : ERC20Private.balances = 0 := by
+  unfold ERC20Private
+  simp only
+
+lemma allowances_def : ERC20Private.allowances = 1 := by
+  unfold ERC20Private
+  simp only
+
+lemma totalSupply_def : ERC20Private.totalSupply = 2 := by
+  unfold ERC20Private
+  simp only
+
+lemma name_def : ERC20Private.name = 3 := by
+  unfold ERC20Private
+  simp only
+
+lemma symbol_def : ERC20Private.symbol = 4 := by
+  unfold ERC20Private
+  simp only
+
+end Variables
 
 end Generated.erc20shim.ERC20Shim

From 25dc2aaed3506c08d4dc6dbfaed30c10df17bea7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Fri, 4 Oct 2024 16:18:13 +0200
Subject: [PATCH 17/89] Total supply that works with ERC20 predicate

---
 .../ERC20Shim/fun_totalSupply_user.lean       | 30 ++++++++++++-------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
index 637e33a..d6cdf7c 100644
--- a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
@@ -2,6 +2,7 @@ import Clear.ReasoningPrinciple
 
 
 import Generated.erc20shim.ERC20Shim.fun_totalSupply_gen
+import Generated.erc20shim.ERC20Shim.Predicate
 import Generated.erc20shim.ERC20Shim.Variables
 
 namespace Generated.erc20shim.ERC20Shim
@@ -10,8 +11,9 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-def A_fun_totalSupply (var_ : Identifier)  (s₀ s₉ : State) : Prop :=
-  s₉ = s₀⟦var_ ↦ s₀.evm.sload ERC20Private.totalSupply ⟧
+def A_fun_totalSupply (var_ : Identifier) (s₀ s₉ : State) : Prop :=
+  ∀ {erc20}, IsERC20 erc20 s₀ →
+  IsERC20 erc20 s₉ ∧ s₉ = s₀⟦var_ ↦ erc20.supply⟧
 
 lemma fun_totalSupply_abs_of_concrete {s₀ s₉ : State} {var_ } :
   Spec (fun_totalSupply_concrete_of_code.1 var_ ) s₀ s₉ →
@@ -20,17 +22,23 @@ lemma fun_totalSupply_abs_of_concrete {s₀ s₉ : State} {var_ } :
   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
   apply spec_eq  
   clr_funargs
-  intro hasFuel
+  intro hasFuel code erc20 is_erc20
 
-  unfold reviveJump
-  simp
-
-  rw [ ← State.insert_of_ok,  ← State.insert_of_ok,  ← State.insert_of_ok ]  
+  unfold reviveJump at code
+  simp at code
+  rw [ ← State.insert_of_ok,  ← State.insert_of_ok ] at code
+  rw [ ← State.insert_of_ok ]
   clr_varstore
-  intro h
-  unfold ERC20Private; dsimp only
-  symm
-  assumption
+
+  have := is_erc20.hasSupply
+  simp at this
+  rw [← Variables.totalSupply_def, this] at code
+
+  apply And.intro
+  · rw [← code]
+    exact IsERC20_of_insert is_erc20
+  · symm
+    assumption
 
 end
 

From 032ec1ca499c29967d8cdccfe43951f72551b2c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Fri, 4 Oct 2024 16:19:45 +0200
Subject: [PATCH 18/89] [wip] rewark balance_of using ERC20 predicate

---
 Generated/erc20shim/ERC20Shim/Predicate.lean  | 11 +++++
 .../ERC20Shim/fun_balanceOf_user.lean         | 40 ++++++++++++-------
 ...pping_address_uint256_of_address_user.lean |  3 +-
 3 files changed, 38 insertions(+), 16 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/Predicate.lean b/Generated/erc20shim/ERC20Shim/Predicate.lean
index 9f3211a..2658135 100644
--- a/Generated/erc20shim/ERC20Shim/Predicate.lean
+++ b/Generated/erc20shim/ERC20Shim/Predicate.lean
@@ -17,6 +17,8 @@ structure ERC20 where
   balances : BalanceMap
   allowances : AllowanceMap
 
+#check Address.ofUInt256
+
 structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
   hasSupply : s.evm.sload ERC20Private.totalSupply = erc20.supply
 
@@ -24,8 +26,17 @@ structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
     ∀ {account}, (account ∈ erc20.balances) →
     ∃ (address : UInt256),
     s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some address ∧
+
     -- address ∈ s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ]
+
     erc20.balances.lookup account = some (s.evm.sload address)
+
+  balD :
+    erc20.balances.keys = 
+      let fn x := x
+      { (fn address) | ∃ account, account ∈ erc20.balances ∧
+                                  address = s.evm.keccak_map.keys
+
     -- equivalent statements
     -- s.evm.sload address ∈ erc20.balances.lookup account
     -- ⟨account, s.evm.sload address⟩ ∈ erc20.balances.entries
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index 432432f..3432aee 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -12,15 +12,10 @@ section
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
 def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop :=
+  ∀ {erc20}, IsERC20 erc20 s₀ →
   let account := Address.ofUInt256 var_account
-  ∀ {erc20 : ERC20},
-  -- this: `account ∈ erc20.balances`
-  -- can be derived from: `erc20.balances.lookup account = some (s₀.evm.sload bal_addr)`
-  -- by Finmap.mem_of_lookup_eq_some
-  ∀ bal_addr,
-  s₀.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some bal_addr →
-  erc20.balances.lookup account = some (s₀.evm.sload bal_addr) →
-  s₉[var]!! = s₀.evm.sload bal_addr
+  IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
+  s₉[var]!! ∈ erc20.balances.lookup account
 
 lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   Spec (fun_balanceOf_concrete_of_code.1 var var_account) s₀ s₉ →
@@ -30,19 +25,36 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
   apply spec_eq
   clr_funargs
+  intro hasFuel ⟨s, keccak, code⟩ erc20 is_erc20
 
-  intro hasFuel ⟨s, keccak, prog⟩ erc20 bal_addr hasAddr loadAddr
   clr_varstore
 
   unfold A_mapping_index_access_mapping_address_uint256_of_address at keccak
   simp at keccak
   clr_spec at keccak
-  
-  obtain ⟨preserves, is_ok, lookup⟩ := keccak hasAddr
+
+  have : Address.ofUInt256 var_account ∈ erc20.balances := sorry
+  obtain ⟨address, hasAddress, hasBalance⟩ := is_erc20.hasBalance this
+  obtain ⟨preserves, is_ok, lookup⟩ := keccak hasAddress
   obtain ⟨evmₛ, varstareₛ, ok_state⟩ := State_of_isOk is_ok
-  rw [lookup, ok_state] at prog
-  rw [← prog]
-  
+
+  unfold reviveJump at code
+  simp [ok_state] at code lookup
+
+  rw [ ← State.insert_of_ok,  ← State.insert_of_ok, lookup ] at code
+  clr_varstore
+
+  have preserves_final : preservesEvm (Ok evm varstore) (Ok evmₛ varstore⟦var↦sload evmₛ address⟧) := by
+    -- preservesEvm s₀ s₉ := by
+    sorry
+  apply And.intro
+  rw [← code]
+  exact IsERC20_of_preservesEvm preserves_final is_erc20
+
+  apply And.intro
+  rw [lookup, ok_state] at code
+  rw [← code]
+
   unfold State.lookup!
   simp
   have : sload _ bal_addr = sload s.evm bal_addr := sload_eq_of_preservesEvm (by simp) is_ok preserves
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index ebda759..b09d9ac 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -18,9 +18,8 @@ set_option linter.setOption false
 set_option pp.coercions false
 
 def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
-  let account := Address.ofUInt256 key
-  -- ∀ {map : AddressMap}, account ∈ map →
   ∀ {address},
+  let account := Address.ofUInt256 key
   s₀.evm.keccak_map.lookup [ ↑account , slot ] = some address →
   preservesEvm s₀ s₉ ∧ s₉.isOk ∧ s₉[dataSlot]!! = address
 

From 5853aebcfca5aceee8bbdbfd711d17e1591ebd34 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Mon, 7 Oct 2024 18:49:38 +1300
Subject: [PATCH 19/89] Progess `balanceOf` proof

---
 .../ERC20Shim/fun_balanceOf_user.lean         | 32 +++++++++++--------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index 3432aee..442eaee 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -36,7 +36,7 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   have : Address.ofUInt256 var_account ∈ erc20.balances := sorry
   obtain ⟨address, hasAddress, hasBalance⟩ := is_erc20.hasBalance this
   obtain ⟨preserves, is_ok, lookup⟩ := keccak hasAddress
-  obtain ⟨evmₛ, varstareₛ, ok_state⟩ := State_of_isOk is_ok
+  obtain ⟨evmₛ, varstoreₛ, ok_state⟩ := State_of_isOk is_ok
 
   unfold reviveJump at code
   simp [ok_state] at code lookup
@@ -45,23 +45,29 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   clr_varstore
 
   have preserves_final : preservesEvm (Ok evm varstore) (Ok evmₛ varstore⟦var↦sload evmₛ address⟧) := by
-    -- preservesEvm s₀ s₉ := by
-    sorry
+    aesop
   apply And.intro
   rw [← code]
   exact IsERC20_of_preservesEvm preserves_final is_erc20
 
   apply And.intro
-  rw [lookup, ok_state] at code
-  rw [← code]
-
-  unfold State.lookup!
-  simp
-  have : sload _ bal_addr = sload s.evm bal_addr := sload_eq_of_preservesEvm (by simp) is_ok preserves
-  symm
-  rw [ok_state] at this
-  simp at this
-  exact this
+  · rw [←code]
+    unfold preservesEvm
+    aesop
+  · rw [← code]
+    have : Ok evmₛ varstore⟦var↦sload evmₛ address⟧[var]!! = sload evmₛ address := by aesop
+    rw [this]
+    simp
+    rw [hasBalance]
+    have hPreserved : preserved (Ok evm varstore).evm evmₛ := by
+      unfold preservesEvm at preserves_final
+      aesop
+    have : sload (Ok evm varstore).evm address = sload evmₛ address := by
+      unfold EVMState.sload EVMState.lookupAccount
+      rw [ preserves_account_map hPreserved
+        , preserves_execution_env hPreserved
+        ]
+    rw [this]
 
 end
 

From c08c17c1464c5242b8306d26c9389588fe46cee7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Mon, 7 Oct 2024 21:12:36 +0200
Subject: [PATCH 20/89] Updated predicate, some lemmas

---
 Clear/EVMState.lean                          | 12 ++++++++
 Clear/Utilities.lean                         | 20 +++++++++----
 Generated/erc20shim/ERC20Shim/Predicate.lean | 30 ++++++++++++--------
 Generated/erc20shim/ERC20Shim/Variables.lean | 13 +++++----
 4 files changed, 52 insertions(+), 23 deletions(-)

diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index 6aa5baa..ee8c38a 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -607,6 +607,11 @@ def selfbalance (σ : EVMState) : UInt256 :=
 
 -- memory and storage operations
 
+def storage (σ : EVMState) : Finmap (λ _ : UInt256 ↦ UInt256) :=
+  match σ.lookupAccount σ.execution_env.code_owner with
+  | .some act => act.storage
+  | .none => ∅
+
 def mload (σ : EVMState) (spos : UInt256) : UInt256 :=
   σ.machine_state.memory.lookupWord spos
 
@@ -662,6 +667,13 @@ lemma mstore_preserves {evm} {pos val} : preserved evm (evm.mstore pos val) := b
   rw [preserved_def]
   simp
 
+lemma sload_eq_of_preserved {σ₀ σ₁} {pos} (h : preserved σ₀ σ₁) :
+  sload σ₀ pos = sload σ₁ pos := by
+  unfold sload lookupAccount
+  rw [ preserves_account_map h
+     , preserves_execution_env h
+     ]
+
 end
 
 section Memory
diff --git a/Clear/Utilities.lean b/Clear/Utilities.lean
index 5900514..3ac5c9c 100644
--- a/Clear/Utilities.lean
+++ b/Clear/Utilities.lean
@@ -142,16 +142,24 @@ lemma preservesEvm_trans {s₀ s₁ s₂} :
         simp
         exact preserved_trans
 
-@[simp]
+lemma preservesEvm_symm {s₀ s₁} : preservesEvm s₀ s₁ = preservesEvm s₁ s₀ := by
+  unfold preservesEvm
+  cases s₀ <;> cases s₁ <;> simp
+  exact Eq.to_iff preserved_symm
+
+lemma preservesEvm_of_insert {s₀ s₁} {var val} :
+  preservesEvm s₀ s₁ ↔ preservesEvm s₀ (s₁⟦var ↦ val⟧) := by
+  unfold preservesEvm
+  cases s₀ <;> cases s₁ <;> simp
+  swap
+  unfold State.insert; simp
+  unfold State.insert; simp
+
 lemma sload_eq_of_preservesEvm {s s' : State} {a : UInt256} :
   isOk s → isOk s' → preservesEvm s s' →
   s.evm.sload a = s'.evm.sload a := by
   unfold isOk preservesEvm
   cases s <;> cases s' <;> simp
-  intro h
-  unfold EVMState.sload EVMState.lookupAccount
-  rw [ preserves_account_map h
-     , preserves_execution_env h
-     ]
+  exact EVMState.sload_eq_of_preserved
 
 end Clear.Utilities
diff --git a/Generated/erc20shim/ERC20Shim/Predicate.lean b/Generated/erc20shim/ERC20Shim/Predicate.lean
index 2658135..f42ebac 100644
--- a/Generated/erc20shim/ERC20Shim/Predicate.lean
+++ b/Generated/erc20shim/ERC20Shim/Predicate.lean
@@ -17,8 +17,6 @@ structure ERC20 where
   balances : BalanceMap
   allowances : AllowanceMap
 
-#check Address.ofUInt256
-
 structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
   hasSupply : s.evm.sload ERC20Private.totalSupply = erc20.supply
 
@@ -31,16 +29,6 @@ structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
 
     erc20.balances.lookup account = some (s.evm.sload address)
 
-  balD :
-    erc20.balances.keys = 
-      let fn x := x
-      { (fn address) | ∃ account, account ∈ erc20.balances ∧
-                                  address = s.evm.keccak_map.keys
-
-    -- equivalent statements
-    -- s.evm.sload address ∈ erc20.balances.lookup account
-    -- ⟨account, s.evm.sload address⟩ ∈ erc20.balances.entries
-
   hasAllowance :
     ∀ {owner spender}, (⟨owner, spender⟩ ∈ erc20.allowances) →
     ∃ (address  : UInt256) (intermediate : UInt256),
@@ -48,6 +36,21 @@ structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
     s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address →
     erc20.allowances.lookup ⟨owner, spender⟩ = some (s.evm.sload address)
 
+  storageDom :
+    (storage s.evm).keys =
+      { address | ∃ account,
+        account ∈ erc20.balances ∧
+        some address = s.evm.keccak_map.lookup [ ↑account, ERC20Private.balances ] } ∪
+      { address | ∃ owner spender,
+        ⟨owner, spender⟩ ∈ erc20.allowances ∧
+        ∃ intermediate, s.evm.keccak_map.lookup [ ↑owner , ERC20Private.allowances ] = some intermediate ∧
+        s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address } ∪
+      ERC20Private.toFinset
+
+    -- equivalent statements
+    -- s.evm.sload address ∈ erc20.balances.lookup account
+    -- ⟨account, s.evm.sload address⟩ ∈ erc20.balances.entries
+
 lemma IsERC20_of_insert {erc20} {s : State} :
   ∀ {var val}, IsERC20 erc20 s → IsERC20 erc20 (s⟦var↦val⟧) := by
   intro var val is_erc
@@ -55,6 +58,7 @@ lemma IsERC20_of_insert {erc20} {s : State} :
   · exact is_erc.hasSupply
   · exact is_erc.hasBalance
   · exact is_erc.hasAllowance
+  · exact is_erc.storageDom
 
 lemma IsERC20_of_ok_forall_store {erc20} {evm} {s₀ s₁} :
   IsERC20 erc20 (Ok evm s₀) → IsERC20 erc20 (Ok evm s₁) := by
@@ -63,6 +67,8 @@ lemma IsERC20_of_ok_forall_store {erc20} {evm} {s₀ s₁} :
   · exact is_erc.hasSupply
   · exact is_erc.hasBalance
   · exact is_erc.hasAllowance
+  · have := get_evm_of_ok ▸ is_erc.storageDom
+    exact this
 
 lemma IsERC20_of_ok_of_preserved {erc20} {store} {σ₀ σ₁} (h : preserved σ₀ σ₁) : 
   IsERC20 erc20 (Ok σ₀ store) → IsERC20 erc20 (Ok σ₁ store) := by
diff --git a/Generated/erc20shim/ERC20Shim/Variables.lean b/Generated/erc20shim/ERC20Shim/Variables.lean
index 829781e..cc02ef7 100644
--- a/Generated/erc20shim/ERC20Shim/Variables.lean
+++ b/Generated/erc20shim/ERC20Shim/Variables.lean
@@ -9,11 +9,14 @@ open Clear
 namespace Generated.erc20shim.ERC20Shim
 
 structure PrivateAddresses where
-    balances    : UInt256
-    allowances  : UInt256
-    totalSupply : UInt256
-    name        : UInt256
-    symbol      : UInt256
+  balances    : UInt256
+  allowances  : UInt256
+  totalSupply : UInt256
+  name        : UInt256
+  symbol      : UInt256
+
+def PrivateAddresses.toFinset (p : PrivateAddresses) : Finset UInt256 :=
+  { p.balances, p.allowances, p.totalSupply, p.name, p.symbol }
 
 def ERC20Private : PrivateAddresses :=
   { balances := 0, allowances := 1, totalSupply := 2, name := 3, symbol := 4 }

From 4ec609946f7ed5210e05e67ba01b3bc1c893cc75 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Tue, 8 Oct 2024 21:14:45 +0200
Subject: [PATCH 21/89] [wip]

---
 Clear/Abstraction.lean                        |  46 +++----
 Clear/EVMState.lean                           | 101 +++++++--------
 Clear/Utilities.lean                          | 115 +++++++++---------
 Generated/erc20shim/ERC20Shim/Predicate.lean  |  28 ++++-
 .../ERC20Shim/fun_balanceOf_user.lean         |  63 ++++++----
 ...pping_address_uint256_of_address_user.lean |  81 ++++++------
 6 files changed, 230 insertions(+), 204 deletions(-)

diff --git a/Clear/Abstraction.lean b/Clear/Abstraction.lean
index 5ed24cb..bd537d8 100644
--- a/Clear/Abstraction.lean
+++ b/Clear/Abstraction.lean
@@ -32,29 +32,29 @@ lemma Spec_ok_unfold {P : State → State → Prop} :
     unfold Spec
     aesop
 
--- | Specs that are somewhat pure
-@[aesop safe 0 unfold (rule_sets := [Clear.aesop_spec])]
-def PureSpec (R : State → State → Prop) : State → State → Prop :=
-  Spec (R ∩ (preserved on evm))
-
-lemma PureSpec_ok_unfold {P : State → State → Prop} :
-  ∀ {s s' : State}, s.isOk → ¬ ❓ s' → PureSpec P s s' → (P ∩ (preserved on evm)) s s' := by
-    intros s s' h h'
-    unfold PureSpec Spec
-    aesop
-
--- | Specs for code that might result in hash collision
-@[aesop safe 0 unfold (rule_sets := [Clear.aesop_spec])]
-def CollidingSpec (R : State → State → Prop) (s₀ s₁ : State) : Prop :=
-  if s₀.evm.hash_collision
-  then ❓ s₁
-  else ¬ s₁.evm.hash_collision → Spec R s₀ s₁
-
-lemma CollidingSpec_ok_unfold {P : State → State → Prop} :
-  ∀ {s s' : State}, s.isOk → ¬ ❓ s' → ¬ s'.evm.hash_collision → CollidingSpec P s s' → P s s' := by
-    intros s s' h h' h''
-    unfold CollidingSpec Spec
-    aesop
+-- -- | Specs that are somewhat pure
+-- @[aesop safe 0 unfold (rule_sets := [Clear.aesop_spec])]
+-- def PureSpec (R : State → State → Prop) : State → State → Prop :=
+--   Spec (R ∩ (preserved on evm))
+
+-- lemma PureSpec_ok_unfold {P : State → State → Prop} :
+--   ∀ {s s' : State}, s.isOk → ¬ ❓ s' → PureSpec P s s' → (P ∩ (preserved on evm)) s s' := by
+--     intros s s' h h'
+--     unfold PureSpec Spec
+--     aesop
+
+-- -- | Specs for code that might result in hash collision
+-- @[aesop safe 0 unfold (rule_sets := [Clear.aesop_spec])]
+-- def CollidingSpec (R : State → State → Prop) (s₀ s₁ : State) : Prop :=
+--   if s₀.evm.hash_collision
+--   then ❓ s₁
+--   else ¬ s₁.evm.hash_collision → Spec R s₀ s₁
+
+-- lemma CollidingSpec_ok_unfold {P : State → State → Prop} :
+--   ∀ {s s' : State}, s.isOk → ¬ ❓ s' → ¬ s'.evm.hash_collision → CollidingSpec P s s' → P s s' := by
+--     intros s s' h h' h''
+--     unfold CollidingSpec Spec
+--     aesop
 
 open Lean Elab Tactic in
 elab "clr_spec" "at" h:ident : tactic => do
diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index ee8c38a..f3304b5 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -414,61 +414,50 @@ instance : Inhabited EVMState :=
 
 abbrev EVM := EVMState
 
-def preserved : EVMState → EVMState → Prop :=
-  (Eq on EVMState.account_map) ∩
-  (Eq on EVMState.hash_collision) ∩
-  (Eq on EVMState.execution_env)
-
-def preserves_account_map :
-  {evm evm' : EVMState} → preserved evm evm' → evm.account_map = evm'.account_map := by
-  intro evm evm' h
-  exact h.1.1
-
-def preserves_collision :
-  {evm evm' : EVMState} → preserved evm evm' → evm.hash_collision = evm'.hash_collision := by
-  intro _ _ h
-  exact h.1.2
-
-def preserves_execution_env :
-  {evm evm' : EVMState} → preserved evm evm' → evm.execution_env = evm'.execution_env := by
-  intro _ _ h
-  exact h.2
-
-lemma preserved_def {e₀ e₁ : EVM} : preserved e₀ e₁ =
-  (e₀.account_map = e₁.account_map ∧
-  e₀.hash_collision = e₁.hash_collision ∧
-  e₀.execution_env = e₁.execution_env) := by
-  unfold preserved
-  dsimp [(· ∩ ·)]
-  simp [Function.onFun, and_assoc]
-
-@[simp]
-lemma preserved_rfl {e : EVM} : preserved e e := by
-  unfold preserved
-  dsimp [(· ∩ ·)]
-  simp
-
-lemma preserved_symm {e₀ e₁ : EVM} : preserved e₀ e₁ = preserved e₁ e₀ := by
-  rw [preserved_def, preserved_def]
+instance instPreorderFinmap : Preorder (Finmap (λ _ : List UInt256 ↦ UInt256)) where
+  le a b := a.keys ⊆ b.keys ∧ ∀ {key}, key ∈ a → a.lookup key = b.lookup key
+  le_refl := by aesop
+  le_trans := by aesop (add safe forward subset_trans)
+
+structure Preserved (a : EVMState) (b : EVMState) : Prop where
+  account_map : (Eq on EVMState.account_map) a b
+  hash_collision : (Eq on EVMState.hash_collision) a b
+  execution_env : (Eq on EVMState.execution_env) a b
+  keccak_map : a.keccak_map ≤ b.keccak_map
+
+lemma Preserved_def {σ₀ σ₁ : EVM} : Preserved σ₀ σ₁ =
+  (σ₀.account_map    = σ₁.account_map ∧
+   σ₀.hash_collision = σ₁.hash_collision ∧
+   σ₀.execution_env  = σ₁.execution_env ∧
+   σ₀.keccak_map     ≤ σ₁.keccak_map) := by
   ext
-  apply Iff.intro <;> {
-    intro ⟨acc, col, env⟩
-    symm at acc col env
-    exact ⟨acc, col, env⟩
-  }
+  apply Iff.intro
+  intro h
+  obtain ⟨_,_,_,_⟩ := h
+  all_goals tauto
+
+namespace Preserved
 
 @[simp]
-lemma preserved_trans {e₀ e₁ e₂ : EVM} :
-  preserved e₀ e₁ → preserved e₁ e₂ → preserved e₀ e₂ := by
-  unfold preserved
-  dsimp [(· ∩ ·)]
+lemma refl {e : EVM} : Preserved e e := by
+  constructor
+  all_goals simp
+
+lemma trans {e₀ e₁ e₂ : EVM} :
+  Preserved e₀ e₁ → Preserved e₁ e₂ → Preserved e₀ e₂ := by
   intro h₀ h₁
-  have acc := Eq.trans (preserves_account_map h₀) (preserves_account_map h₁)
-  have col := Eq.trans (preserves_collision h₀) (preserves_collision h₁)
-  have env := Eq.trans (preserves_execution_env h₀) (preserves_execution_env h₁)
-  apply And.intro
-  apply And.intro
-  all_goals assumption
+  have acc := Eq.trans h₀.account_map h₁.account_map
+  have col := Eq.trans h₀.hash_collision h₁.hash_collision
+  have env := Eq.trans h₀.execution_env h₁.execution_env
+  have kec := le_trans h₀.keccak_map h₁.keccak_map
+  constructor <;> assumption
+
+end Preserved
+
+instance instPreorderEVMState : Preorder EVMState where
+  le := Preserved
+  le_refl := @Preserved.refl
+  le_trans := @Preserved.trans
 
 -- functions for querying balance
 
@@ -662,16 +651,16 @@ def evm_return (σ : EVMState) (mstart s : UInt256) : EVMState :=
 def evm_revert (σ : EVMState) (mstart s : UInt256) : EVMState :=
   σ.evm_return mstart s
 
-lemma mstore_preserves {evm} {pos val} : preserved evm (evm.mstore pos val) := by
+lemma mstore_preserved {σ} {pos val} : Preserved σ (σ.mstore pos val) := by
   unfold mstore updateMemory
-  rw [preserved_def]
+  rw [Preserved_def]
   simp
 
-lemma sload_eq_of_preserved {σ₀ σ₁} {pos} (h : preserved σ₀ σ₁) :
+lemma sload_eq_of_preserved {σ₀ σ₁} {pos} (h : Preserved σ₀ σ₁) :
   sload σ₀ pos = sload σ₁ pos := by
   unfold sload lookupAccount
-  rw [ preserves_account_map h
-     , preserves_execution_env h
+  rw [ h.account_map
+     , h.execution_env
      ]
 
 end
diff --git a/Clear/Utilities.lean b/Clear/Utilities.lean
index 3ac5c9c..312b858 100644
--- a/Clear/Utilities.lean
+++ b/Clear/Utilities.lean
@@ -29,24 +29,24 @@ lemma spec_eq {P P' : State → State  → Prop} {s₀ s₉ : State} :
     simp only
     exact h
 
-@[aesop safe apply (rule_sets := [Clear.aesop_spec])]
-lemma collision_spec_eq {P P' : State → State  → Prop} {s₀ s₉ : State} :
-  (¬ s₉.evm.hash_collision → Spec P s₀ s₉ → Spec P' s₀ s₉) → CollidingSpec P s₀ s₉ → CollidingSpec P' s₀ s₉ := by
-  unfold CollidingSpec
-  intro S'_of_S
-  split
-  simp
-  intro Spec_of_c c
-  exact S'_of_S c (Spec_of_c c) 
-
-@[aesop safe apply (rule_sets := [Clear.aesop_spec])]
-lemma collision_spec_eq' {P P' : State → State  → Prop} {s₀ s₉ : State} :
-  (¬ s₉.evm.hash_collision → ¬❓ s₉ → P s₀ s₉ →  P' s₀ s₉) → CollidingSpec P s₀ s₉ → CollidingSpec P' s₀ s₉ := by
-  intro P'_of_P
-  apply collision_spec_eq
-  intro c
-  apply spec_eq
-  exact P'_of_P c
+-- @[aesop safe apply (rule_sets := [Clear.aesop_spec])]
+-- lemma collision_spec_eq {P P' : State → State  → Prop} {s₀ s₉ : State} :
+--   (¬ s₉.evm.hash_collision → Spec P s₀ s₉ → Spec P' s₀ s₉) → CollidingSpec P s₀ s₉ → CollidingSpec P' s₀ s₉ := by
+--   unfold CollidingSpec
+--   intro S'_of_S
+--   split
+--   simp
+--   intro Spec_of_c c
+--   exact S'_of_S c (Spec_of_c c) 
+
+-- @[aesop safe apply (rule_sets := [Clear.aesop_spec])]
+-- lemma collision_spec_eq' {P P' : State → State  → Prop} {s₀ s₉ : State} :
+--   (¬ s₉.evm.hash_collision → ¬❓ s₉ → P s₀ s₉ →  P' s₀ s₉) → CollidingSpec P s₀ s₉ → CollidingSpec P' s₀ s₉ := by
+--   intro P'_of_P
+--   apply collision_spec_eq
+--   intro c
+--   apply spec_eq
+--   exact P'_of_P c
 
 @[simp]
 lemma checkpt_insert_elim {var} {val} {j} : (.Checkpoint j)⟦var ↦ val⟧ = .Checkpoint j := by
@@ -66,7 +66,6 @@ lemma isPure_insert {s : State} {var val} : isPure s (s⟦var↦val⟧) := by
   unfold State.insert isPure
   aesop
 
-@[simp]
 lemma isPure_trans {s₀ s₁ s₂ : State} : isOk s₁ → isPure s₀ s₁ → isPure s₁ s₂ → isPure s₀ s₂ := by
   unfold isPure
   match s₀ with
@@ -82,7 +81,6 @@ lemma isPure_trans {s₀ s₁ s₂ : State} : isOk s₁ → isPure s₀ s₁ →
 lemma isPure_rfl {s : State} : isPure s s := by
   unfold isPure; aesop
 
-@[simp]
 lemma mload_eq_of_isPure {s s' : State} {a : UInt256} : isOk s → isOk s' → isPure s s' → State.mload a s = State.mload a s' := by
   unfold mload isOk isPure
   cases s <;> cases s' <;> aesop
@@ -103,63 +101,66 @@ lemma evm_eq_symm_of_isPure_ok_ok {evm evm'} {vs vs'} (h : isPure (Ok evm vs) (O
 
 def preservesEvm (s₀ : State) (s₁ : State) : Prop :=
   match s₀, s₁ with
-  | .Ok e₀ _, .Ok e₁ _ => preserved e₀ e₁
+  | .Ok e₀ _, .Ok e₁ _ => Preserved e₀ e₁
   | _, _ => True
 
-lemma preservesEvm_eq (s₀ : State) (s₁ : State) : preserved s₀.evm s₁.evm → preservesEvm s₀ s₁ := by
-  unfold preservesEvm
-  cases s₀ <;> cases s₁ <;> simp
-
-lemma preservesEvm_of_isOk {s₀ s₁ : State} :
-  s₀.isOk → s₁.isOk → preservesEvm s₀ s₁ →
+lemma preservesEvm_of_isOk {s₀ s₁ : State} (s₀_ok : s₀.isOk) (s₁_ok : s₁.isOk) :
+  preservesEvm s₀ s₁ →
   (s₀.evm.account_map = s₁.evm.account_map ∧
   s₀.evm.hash_collision = s₁.evm.hash_collision ∧
-  s₀.evm.execution_env = s₁.evm.execution_env) := by
-  unfold isOk preservesEvm
-  cases s₀ <;> cases s₁ <;> simp
-  rw [preserved_def]
+  s₀.evm.execution_env = s₁.evm.execution_env ∧
+  s₀.evm.keccak_map ≤ s₁.evm.keccak_map) := by
+  unfold preservesEvm
+  cases s₀ <;> cases s₁ <;> simp at *
+  rw [Preserved_def]
   intro _; assumption
 
+lemma Preserved_of_preservesEvm_of_Ok {σ₀ σ₁} {store₀ store₁} :
+  preservesEvm (Ok σ₀ store₀) (Ok σ₁ store₁) → Preserved σ₀ σ₁ := by
+  intro h
+  obtain ⟨_,_,_,_⟩ := preservesEvm_of_isOk isOk_Ok isOk_Ok h
+  constructor
+  all_goals assumption
+
 @[simp]
 lemma preservesEvm_rfl {s : State} : preservesEvm s s := by
-  unfold preservesEvm preserved
-  dsimp [(· ∩ ·)]
+  unfold preservesEvm
   cases s <;> simp
 
-@[simp]
-lemma preservesEvm_trans {s₀ s₁ s₂} :
-  isOk s₁ → preservesEvm s₀ s₁ → preservesEvm s₁ s₂ → preservesEvm s₀ s₂ := by
+lemma preservesEvm_trans {s₀ s₁ s₂} (h : s₁.isOk) :
+  preservesEvm s₀ s₁ → preservesEvm s₁ s₂ → preservesEvm s₀ s₂ := by
   unfold preservesEvm
-  match s₀ with
-  | .OutOfFuel | .Checkpoint _ => simp
-  | .Ok e₀ σ₀ =>
-    match s₂ with
-    | .OutOfFuel | .Checkpoint _ => simp
-    | .Ok e₂ σ₂ =>
-      match s₁ with
-      | .OutOfFuel | .Checkpoint _ => simp
-      | .Ok e₁ σ₁ =>
-        simp
-        exact preserved_trans
+  cases s₀ <;> cases s₁ <;> cases s₂ <;> simp_all
+  exact Preserved.trans
 
-lemma preservesEvm_symm {s₀ s₁} : preservesEvm s₀ s₁ = preservesEvm s₁ s₀ := by
+lemma preservesEvm_of_preserved (s₀ : State) (s₁ : State) :
+  Preserved s₀.evm s₁.evm → preservesEvm s₀ s₁ := by
   unfold preservesEvm
   cases s₀ <;> cases s₁ <;> simp
-  exact Eq.to_iff preserved_symm
 
+lemma sload_eq_of_preservesEvm
+  {s s' : State} {a : UInt256} (h : s.isOk) (h' : s'.isOk) (hss : preservesEvm s s') :
+  s.evm.sload a = s'.evm.sload a := by
+  unfold preservesEvm at hss
+  unfold isOk at h h'
+  cases s <;> cases s' <;> simp [evm] at *
+  exact EVMState.sload_eq_of_preserved hss
+
+@[aesop safe norm (rule_sets := [Clear.aesop_spec])]
 lemma preservesEvm_of_insert {s₀ s₁} {var val} :
-  preservesEvm s₀ s₁ ↔ preservesEvm s₀ (s₁⟦var ↦ val⟧) := by
+  preservesEvm (s₀⟦var ↦ val⟧) s₁ ↔ preservesEvm s₀ s₁ := by
   unfold preservesEvm
   cases s₀ <;> cases s₁ <;> simp
-  swap
   unfold State.insert; simp
   unfold State.insert; simp
 
-lemma sload_eq_of_preservesEvm {s s' : State} {a : UInt256} :
-  isOk s → isOk s' → preservesEvm s s' →
-  s.evm.sload a = s'.evm.sload a := by
-  unfold isOk preservesEvm
-  cases s <;> cases s' <;> simp
-  exact EVMState.sload_eq_of_preserved
+@[aesop safe norm (rule_sets := [Clear.aesop_spec])]
+lemma preservesEvm_of_insert' {s₀ s₁} {var val} :
+  preservesEvm s₀ (s₁⟦var ↦ val⟧) ↔ preservesEvm s₀ s₁ := by
+  unfold preservesEvm
+  cases s₀ <;> cases s₁ <;> simp
+  swap
+  unfold State.insert; simp
+  unfold State.insert; simp
 
 end Clear.Utilities
diff --git a/Generated/erc20shim/ERC20Shim/Predicate.lean b/Generated/erc20shim/ERC20Shim/Predicate.lean
index f42ebac..1e553c5 100644
--- a/Generated/erc20shim/ERC20Shim/Predicate.lean
+++ b/Generated/erc20shim/ERC20Shim/Predicate.lean
@@ -17,6 +17,11 @@ structure ERC20 where
   balances : BalanceMap
   allowances : AllowanceMap
 
+def acc (a : Option UInt256) : Prop :=
+  match a with
+  | some el => el ∉ ERC20Private.toFinset
+  | none => true
+
 structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
   hasSupply : s.evm.sload ERC20Private.totalSupply = erc20.supply
 
@@ -24,9 +29,6 @@ structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
     ∀ {account}, (account ∈ erc20.balances) →
     ∃ (address : UInt256),
     s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some address ∧
-
-    -- address ∈ s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ]
-
     erc20.balances.lookup account = some (s.evm.sload address)
 
   hasAllowance :
@@ -36,8 +38,9 @@ structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
     s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address →
     erc20.allowances.lookup ⟨owner, spender⟩ = some (s.evm.sload address)
 
+  -- mem : account ∉ erc20.balances
   storageDom :
-    (storage s.evm).keys =
+    s.evm.storage.keys =
       { address | ∃ account,
         account ∈ erc20.balances ∧
         some address = s.evm.keccak_map.lookup [ ↑account, ERC20Private.balances ] } ∪
@@ -47,6 +50,12 @@ structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
         s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address } ∪
       ERC20Private.toFinset
 
+  block_acc_range :
+    ∀ {account}, acc (s.evm.keccak_map.lookup [ ↑account, ERC20Private.balances ])
+
+  -- block_allowance_range :
+  --   ∀ {owner}, s.evm.keccak_map.lookup [ ↑owner, ERC20Private.allowances ] ∉ ERC20Private.toFinset
+
     -- equivalent statements
     -- s.evm.sload address ∈ erc20.balances.lookup account
     -- ⟨account, s.evm.sload address⟩ ∈ erc20.balances.entries
@@ -70,7 +79,7 @@ lemma IsERC20_of_ok_forall_store {erc20} {evm} {s₀ s₁} :
   · have := get_evm_of_ok ▸ is_erc.storageDom
     exact this
 
-lemma IsERC20_of_ok_of_preserved {erc20} {store} {σ₀ σ₁} (h : preserved σ₀ σ₁) : 
+lemma IsERC20_of_ok_of_Preserved {erc20} {store} {σ₀ σ₁} (h : Preserved σ₀ σ₁) : 
   IsERC20 erc20 (Ok σ₀ store) → IsERC20 erc20 (Ok σ₁ store) := by
   sorry
   
@@ -78,4 +87,13 @@ lemma IsERC20_of_preservesEvm {erc20} {s₀ s₁} :
   preservesEvm s₀ s₁ → IsERC20 erc20 s₀ → IsERC20 erc20 s₁ := by
   sorry
 
+lemma sload_of_IsERC20_outside {erc20} {s} (h : IsERC20 erc20 s) :
+  ∀ {addr}, addr ∉ s.evm.storage.keys → s.evm.sload addr = 0 := by
+  sorry
+
+lemma t {erc20} {s₀ s₁} (is_erc20 : IsERC20 erc20 s₀) (h : preservesEvm s₀ s₁) :
+  ∀ {addr}, addr ∉ s₀.evm.keccak_range ∧ addr ∈ s₁.evm.keccak_range →
+  addr ∉ s₀.evm.storage.keys := by
+  sorry
+
 end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index 442eaee..2d6906d 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -25,38 +25,57 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
   apply spec_eq
   clr_funargs
-  intro hasFuel ⟨s, keccak, code⟩ erc20 is_erc20
+  intro hasFuel ⟨s, mapping, code⟩ erc20 is_erc20
 
   clr_varstore
 
-  unfold A_mapping_index_access_mapping_address_uint256_of_address at keccak
-  simp at keccak
-  clr_spec at keccak
-
-  have : Address.ofUInt256 var_account ∈ erc20.balances := sorry
-  obtain ⟨address, hasAddress, hasBalance⟩ := is_erc20.hasBalance this
-  obtain ⟨preserves, is_ok, lookup⟩ := keccak hasAddress
-  obtain ⟨evmₛ, varstoreₛ, ok_state⟩ := State_of_isOk is_ok
+  -- what we can get right now from mapping function
+  unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
+  simp at mapping
+  clr_spec at mapping
+  obtain ⟨preservesEvm, s_isOk, keccak⟩ := mapping  
+  obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
 
+  -- simplify contract
   unfold reviveJump at code
-  simp [ok_state] at code lookup
-
-  rw [ ← State.insert_of_ok,  ← State.insert_of_ok, lookup ] at code
+  simp [s_eq_ok] at code
+  rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok ] at code
   clr_varstore
 
-  have preserves_final : preservesEvm (Ok evm varstore) (Ok evmₛ varstore⟦var↦sload evmₛ address⟧) := by
-    aesop
+  -- get underlying Preserved from preservesEvm
+  rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
+  have Preserved := Preserved_of_preservesEvm_of_Ok preservesEvm
+
+  -- have : Address.ofUInt256 var_account ∈ erc20.balances := sorry
+  -- obtain ⟨address, hasAddress, hasBalance⟩ := is_erc20.hasBalance this
+  -- obtain ⟨preserves, is_ok, lookup⟩ := keccak hasAddress
+  -- obtain ⟨evmₛ, varstoreₛ, ok_state⟩ := State_of_isOk is_ok
+
   apply And.intro
-  rw [← code]
-  exact IsERC20_of_preservesEvm preserves_final is_erc20
+  -- IsERC20 for the final state
+  exact IsERC20_of_preservesEvm (by aesop) is_erc20
 
+  rw [← code]
   apply And.intro
-  · rw [←code]
-    unfold preservesEvm
-    aesop
-  · rw [← code]
-    have : Ok evmₛ varstore⟦var↦sload evmₛ address⟧[var]!! = sload evmₛ address := by aesop
-    rw [this]
+  -- preservesEvm s₀ s₉
+  rw [ preservesEvm_of_insert' ]
+  exact preservesEvm_of_preserved _ _ Preserved
+
+  -- lookup balance
+  clr_varstore
+  by_cases mem : Address.ofUInt256 var_account ∈ erc20.balances
+  -- there is such account in balances
+  obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance mem
+  have lookup := keccak has_address
+  rw [lookup] at code ⊢
+  rw [ Finmap.mem_lookup_iff (s := erc20.balances), ← Finmap.lookup_eq_some_iff
+     , ← sload_eq_of_preserved Preserved
+     ]
+  have := State.get_evm_of_ok ▸ balance
+  exact this
+
+  -- there is *no* such account in balances
+  rw [this]
     simp
     rw [hasBalance]
     have hPreserved : preserved (Ok evm varstore).evm evmₛ := by
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index b09d9ac..5686289 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -18,10 +18,8 @@ set_option linter.setOption false
 set_option pp.coercions false
 
 def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
-  ∀ {address},
-  let account := Address.ofUInt256 key
-  s₀.evm.keccak_map.lookup [ ↑account , slot ] = some address →
-  preservesEvm s₀ s₉ ∧ s₉.isOk ∧ s₉[dataSlot]!! = address
+  preservesEvm s₀ s₉ ∧ s₉.isOk ∧
+  s₉.evm.keccak_map.lookup [ ↑(Address.ofUInt256 key), slot ] = some (s₉[dataSlot]!!)
 
 -- Helper reifications
 lemma shift_eq_size : Fin.shiftLeft (n := UInt256.size) 1 160 = Address.size := by
@@ -39,43 +37,44 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
   apply spec_eq
   intro hasFuel
   clr_funargs
-
-  rw [ EVMSub', EVMShl', EVMAddrSize' ]; simp
-  rw [ Address.and_size_eq_ofUInt256 ]
-  rw [ multifill_cons, multifill_nil ]
-  simp
-
-  clr_varstore
-
-  generalize acconut_def : Address.ofUInt256 key = account
-  intro prog address hasAddress
-
-  generalize prep_def : (mstore evm 0 ↑↑account).mstore 32 slot = state_prep
-  unfold keccak256 at prog
-  rw [ interval'_eq_interval 2 two_ne_zero (by norm_cast)
-     , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
-     , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
-     , interval_of_0_eq_nil
-     ] at prog
-  unfold_let at prog
-  rw [ mstore_preserves_keccak_map, mstore_preserves_keccak_map
-     , hasAddress
-     ] at prog
-  simp at prog
-  unfold setEvm State.insert State.lookup! at prog
-  simp at prog
-
-
-  rw [← prog]
-  unfold State.lookup!
-
-  apply And.intro
-  · apply preservesEvm_eq
-    simp
-    apply preserved_trans (e₁ := mstore evm 0 ↑↑account)
-    · exact mstore_preserves
-    · exact mstore_preserves
-  · simp
+  sorry
+
+  -- rw [ EVMSub', EVMShl', EVMAddrSize' ]; simp
+  -- rw [ Address.and_size_eq_ofUInt256 ]
+  -- rw [ multifill_cons, multifill_nil ]
+  -- simp
+
+  -- clr_varstore
+
+  -- generalize acconut_def : Address.ofUInt256 key = account
+  -- intro prog address hasAddress
+
+  -- generalize prep_def : (mstore evm 0 ↑↑account).mstore 32 slot = state_prep
+  -- unfold keccak256 at prog
+  -- rw [ interval'_eq_interval 2 two_ne_zero (by norm_cast)
+  --    , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
+  --    , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
+  --    , interval_of_0_eq_nil
+  --    ] at prog
+  -- unfold_let at prog
+  -- rw [ mstore_preserves_keccak_map, mstore_preserves_keccak_map
+  --    , hasAddress
+  --    ] at prog
+  -- simp at prog
+  -- unfold setEvm State.insert State.lookup! at prog
+  -- simp at prog
+
+
+  -- rw [← prog]
+  -- unfold State.lookup!
+
+  -- apply And.intro
+  -- · apply preservesEvm_eq
+  --   simp
+  --   apply preserved_trans (e₁ := mstore evm 0 ↑↑account)
+  --   · exact mstore_preserves
+  --   · exact mstore_preserves
+  -- · simp
 
   end
 

From 92219ee62fbd8722a7f86741a59a6a91c2a160f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Wed, 9 Oct 2024 20:11:11 +0200
Subject: [PATCH 22/89] more [wip]

---
 Clear/EVMState.lean                           | 17 +++-
 Generated/erc20shim/ERC20Shim/Predicate.lean  | 30 ++++---
 .../ERC20Shim/fun_balanceOf_user.lean         | 82 ++++++++++++++-----
 3 files changed, 95 insertions(+), 34 deletions(-)

diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index f3304b5..66f64ff 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -515,17 +515,19 @@ lemma interval'_eq_interval {ms} {start last} (d : ℕ) :
     mkInterval ms start d := by
   sorry
 
+#eval List.partition (λ _ ↦ false) ([] : List UInt256)
+
 def keccak256 (σ : EVMState) (p n : UInt256) : Option (UInt256 × EVMState) :=
   let interval : List UInt256 := List.map (Nat.toUInt256 ∘ fromBytes!) (List.toChunks 32 (mkInterval' σ.machine_state.memory p n))
   match Finmap.lookup interval σ.keccak_map with
   | .some val => .some (val, σ)
   | .none     =>
-    match σ.keccak_range.partition (λ x => x ∈ σ.used_range) with
-    | (_,(r :: rs)) =>
+    match σ.keccak_range.filter (· ∉ σ.used_range) with
+    | r :: rs =>
       .some (r, {σ with keccak_map := σ.keccak_map.insert interval r,
                         keccak_range := rs,
                         used_range := {r} ∪ σ.used_range })
-    | (_, []) => .none
+    | [] => .none
 
 -- code copy
 
@@ -663,6 +665,15 @@ lemma sload_eq_of_preserved {σ₀ σ₁} {pos} (h : Preserved σ₀ σ₁) :
      , h.execution_env
      ]
 
+lemma storage_eq_of_preserved {σ₀ σ₁} (h : Preserved σ₀ σ₁) :
+  σ₀.storage = σ₁.storage := by
+  unfold storage lookupAccount
+  rw [h.account_map, h.execution_env]
+
+lemma sload_of_not_mem_dom {evm : EVMState} :
+  ∀ {addr}, addr ∉ evm.storage.keys → evm.sload addr = 0 := by
+  sorry
+
 end
 
 section Memory
diff --git a/Generated/erc20shim/ERC20Shim/Predicate.lean b/Generated/erc20shim/ERC20Shim/Predicate.lean
index 1e553c5..d7d93a0 100644
--- a/Generated/erc20shim/ERC20Shim/Predicate.lean
+++ b/Generated/erc20shim/ERC20Shim/Predicate.lean
@@ -17,7 +17,10 @@ structure ERC20 where
   balances : BalanceMap
   allowances : AllowanceMap
 
-def acc (a : Option UInt256) : Prop :=
+set_option linter.setOption false
+set_option pp.coercions false
+
+def not_mem_private (a : Option UInt256) : Prop :=
   match a with
   | some el => el ∉ ERC20Private.toFinset
   | none => true
@@ -38,20 +41,21 @@ structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
     s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address →
     erc20.allowances.lookup ⟨owner, spender⟩ = some (s.evm.sload address)
 
-  -- mem : account ∉ erc20.balances
   storageDom :
     s.evm.storage.keys =
       { address | ∃ account,
         account ∈ erc20.balances ∧
-        some address = s.evm.keccak_map.lookup [ ↑account, ERC20Private.balances ] } ∪
+        some address = s.evm.keccak_map.lookup [ ↑account, ERC20Private.balances ] }.toFinset ∪
       { address | ∃ owner spender,
         ⟨owner, spender⟩ ∈ erc20.allowances ∧
         ∃ intermediate, s.evm.keccak_map.lookup [ ↑owner , ERC20Private.allowances ] = some intermediate ∧
-        s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address } ∪
+        s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address }.toFinset ∪
       ERC20Private.toFinset
 
   block_acc_range :
-    ∀ {account}, acc (s.evm.keccak_map.lookup [ ↑account, ERC20Private.balances ])
+    ∀ {var},
+    not_mem_private (s.evm.keccak_map.lookup [ ↑var, ERC20Private.balances ]) ∧
+    not_mem_private (s.evm.keccak_map.lookup [ ↑var, ERC20Private.allowances ])
 
   -- block_allowance_range :
   --   ∀ {owner}, s.evm.keccak_map.lookup [ ↑owner, ERC20Private.allowances ] ∉ ERC20Private.toFinset
@@ -60,6 +64,11 @@ structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
     -- s.evm.sload address ∈ erc20.balances.lookup account
     -- ⟨account, s.evm.sload address⟩ ∈ erc20.balances.entries
 
+lemma w {erc20} {s} {account} (is_erc20 : IsERC20 erc20 s) (not_mem: account ∉ erc20.balances) :
+  (s.evm.keccak_range.partition (λ x ↦ x ∈ s.evm.used_range)).2 ∩ s.evm.storage.keys.toList = ∅
+  := by
+  sorry
+
 lemma IsERC20_of_insert {erc20} {s : State} :
   ∀ {var val}, IsERC20 erc20 s → IsERC20 erc20 (s⟦var↦val⟧) := by
   intro var val is_erc
@@ -68,16 +77,17 @@ lemma IsERC20_of_insert {erc20} {s : State} :
   · exact is_erc.hasBalance
   · exact is_erc.hasAllowance
   · exact is_erc.storageDom
+  sorry
 
 lemma IsERC20_of_ok_forall_store {erc20} {evm} {s₀ s₁} :
   IsERC20 erc20 (Ok evm s₀) → IsERC20 erc20 (Ok evm s₁) := by
   intro is_erc
-  constructor <;> (rw [State.evm]; simp)
+  constructor <;> (try simp [State.evm])
   · exact is_erc.hasSupply
   · exact is_erc.hasBalance
   · exact is_erc.hasAllowance
-  · have := get_evm_of_ok ▸ is_erc.storageDom
-    exact this
+  · exact is_erc.storageDom
+  sorry
 
 lemma IsERC20_of_ok_of_Preserved {erc20} {store} {σ₀ σ₁} (h : Preserved σ₀ σ₁) : 
   IsERC20 erc20 (Ok σ₀ store) → IsERC20 erc20 (Ok σ₁ store) := by
@@ -87,10 +97,6 @@ lemma IsERC20_of_preservesEvm {erc20} {s₀ s₁} :
   preservesEvm s₀ s₁ → IsERC20 erc20 s₀ → IsERC20 erc20 s₁ := by
   sorry
 
-lemma sload_of_IsERC20_outside {erc20} {s} (h : IsERC20 erc20 s) :
-  ∀ {addr}, addr ∉ s.evm.storage.keys → s.evm.sload addr = 0 := by
-  sorry
-
 lemma t {erc20} {s₀ s₁} (is_erc20 : IsERC20 erc20 s₀) (h : preservesEvm s₀ s₁) :
   ∀ {addr}, addr ∉ s₀.evm.keccak_range ∧ addr ∈ s₁.evm.keccak_range →
   addr ∉ s₀.evm.storage.keys := by
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index 2d6906d..82e2e59 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -15,7 +15,7 @@ def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : Stat
   ∀ {erc20}, IsERC20 erc20 s₀ →
   let account := Address.ofUInt256 var_account
   IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
-  s₉[var]!! ∈ erc20.balances.lookup account
+  s₉[var]!! = (erc20.balances.lookup account).getD 0
 
 lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   Spec (fun_balanceOf_concrete_of_code.1 var var_account) s₀ s₉ →
@@ -31,7 +31,6 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
 
   -- what we can get right now from mapping function
   unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
-  simp at mapping
   clr_spec at mapping
   obtain ⟨preservesEvm, s_isOk, keccak⟩ := mapping  
   obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
@@ -66,27 +65,72 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   by_cases mem : Address.ofUInt256 var_account ∈ erc20.balances
   -- there is such account in balances
   obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance mem
-  have lookup := keccak has_address
-  rw [lookup] at code ⊢
-  rw [ Finmap.mem_lookup_iff (s := erc20.balances), ← Finmap.lookup_eq_some_iff
+  generalize account_def : Address.ofUInt256 var_account = account at *
+
+  rw [s_eq_ok] at keccak
+  rw [Variables.balances_def] at has_address
+  simp only [State.evm] at keccak has_address
+  have preserve_lookup :
+    evm.keccak_map.lookup [ ↑↑account, 0 ] = evmₛ.keccak_map.lookup [ ↑↑account, 0 ] := by
+    apply Preserved.keccak_map.2
+    rw [Finmap.mem_iff]
+    use address
+
+  have address_def : s["_2"]!! = address := by
+    rw [s_eq_ok]
+    rw [← Option.some_inj]
+    trans
+    · exact Eq.symm keccak
+    · exact (preserve_lookup ▸ has_address)
+
+  rw [address_def] at code ⊢
+  rw [ balance
+     , Option.getD_some
+     , State.get_evm_of_ok
      , ← sload_eq_of_preserved Preserved
      ]
-  have := State.get_evm_of_ok ▸ balance
-  exact this
 
   -- there is *no* such account in balances
-  rw [this]
-    simp
-    rw [hasBalance]
-    have hPreserved : preserved (Ok evm varstore).evm evmₛ := by
-      unfold preservesEvm at preserves_final
-      aesop
-    have : sload (Ok evm varstore).evm address = sload evmₛ address := by
-      unfold EVMState.sload EVMState.lookupAccount
-      rw [ preserves_account_map hPreserved
-        , preserves_execution_env hPreserved
-        ]
-    rw [this]
+  -- so sload should return 0
+  rw [ Finmap.lookup_eq_none.mpr mem
+     , Option.getD_none
+     ]
+
+  -- in order to do that it should be given storage address outside of
+  -- it's domain
+  apply sload_of_not_mem_dom
+  have := State.get_evm_of_ok ▸ is_erc20.storageDom
+  rw [ ← storage_eq_of_preserved Preserved
+     , this
+     ]
+  clear this
+
+  have partition := w is_erc20 mem
+  -- have dom := by
+  --   have := is_erc20.storageDom
+  --   simp at this
+  --   exact this
+  have := is_erc20.storageDom
+  rw [is_erc20.storageDom] at partition
+  rw [List.partition_eq_filter_filter] at partition
+  simp only [Prod.snd, State.evm] at partition
+  rw [Function.comp_def] at partition
+  rw [List.inter_def] at partition
+  rw [List.filter_filter] at partition
+  -- rw [not_decide_eq_true] at partition
+  -- simp at partition
+  -- rw [this]
+    -- simp
+    -- rw [hasBalance]
+    -- have hPreserved : preserved (Ok evm varstore).evm evmₛ := by
+    --   unfold preservesEvm at preserves_final
+    --   aesop
+    -- have : sload (Ok evm varstore).evm address = sload evmₛ address := by
+    --   unfold EVMState.sload EVMState.lookupAccount
+    --   rw [ preserves_account_map hPreserved
+    --     , preserves_execution_env hPreserved
+    --     ]
+    -- rw [this]
 
 end
 

From 2ebf7f8c69c4687abb2140499ef0a9856f19aa9c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Mon, 14 Oct 2024 12:33:50 +0200
Subject: [PATCH 23/89] almost there

---
 Clear/EVMState.lean                           |  45 ++++++-
 Generated/erc20shim/ERC20Shim/Predicate.lean  |  16 ++-
 .../ERC20Shim/fun_balanceOf_user.lean         | 119 ++++++++++++------
 3 files changed, 133 insertions(+), 47 deletions(-)

diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index 66f64ff..9e3ca70 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -102,6 +102,14 @@ lemma size_le_UInt256_size : size ≤ UInt256.size := le_of_lt size_lt_UInt256_s
 lemma top_lt_UInt256_size : top < UInt256.size := by decide
 lemma top_le_UInt256_size : top ≤ UInt256.size := le_of_lt top_lt_UInt256_size
 
+lemma val_lt_UInt256_size : ∀ {u : Address}, u.val < UInt256.size := by
+  intro u
+  trans size
+  · exact u.2
+  · exact size_lt_UInt256_size
+
+lemma val_le_UInt256_size : ∀ {u : Address}, u.val ≤ UInt256.size := le_of_lt val_lt_UInt256_size
+
 lemma ofUInt256_lt_UInt256_size {u : UInt256} : ↑(ofUInt256 u) < UInt256.size := by
   unfold ofUInt256 Fin.ofNat
   simp; rw [← size_def]; simp
@@ -407,10 +415,18 @@ structure EVMState : Type where
   -- blocks
   blocks : List EVMBlock
   hash_collision : Bool
+  -- props
+  keccak_inj   : ∀ {a b},
+    (a ∈ keccak_map.keys) → keccak_map.lookup a = keccak_map.lookup b → a = b
+  keccak_used_range : (keccak_map.entries.toList.map Sigma.snd).toFinset ⊆ used_range
 deriving DecidableEq
 
 instance : Inhabited EVMState :=
-  ⟨ ∅ , default, default , ∅ , default, ∅ , default , False ⟩
+  ⟨ ∅ , default, default , ∅ , default, ∅ , default , False , (by aesop), (by
+  have : (∅ : Finmap (λ _ : List UInt256 ↦ UInt256)) = ⟨∅, Multiset.nodup_zero⟩ := by rfl
+  rw [this]
+  dsimp
+  simp [Multiset.empty_toList]) ⟩
 
 abbrev EVM := EVMState
 
@@ -515,8 +531,6 @@ lemma interval'_eq_interval {ms} {start last} (d : ℕ) :
     mkInterval ms start d := by
   sorry
 
-#eval List.partition (λ _ ↦ false) ([] : List UInt256)
-
 def keccak256 (σ : EVMState) (p n : UInt256) : Option (UInt256 × EVMState) :=
   let interval : List UInt256 := List.map (Nat.toUInt256 ∘ fromBytes!) (List.toChunks 32 (mkInterval' σ.machine_state.memory p n))
   match Finmap.lookup interval σ.keccak_map with
@@ -526,9 +540,26 @@ def keccak256 (σ : EVMState) (p n : UInt256) : Option (UInt256 × EVMState) :=
     | r :: rs =>
       .some (r, {σ with keccak_map := σ.keccak_map.insert interval r,
                         keccak_range := rs,
-                        used_range := {r} ∪ σ.used_range })
+                        used_range := {r} ∪ σ.used_range
+                        keccak_inj := sorry
+                        keccak_used_range := sorry })
     | [] => .none
 
+lemma keccak_map_lookup_injective_of_mem {σ : EVMState} {a b : List UInt256} (ha : a ∈ σ.keccak_map) :
+  σ.keccak_map.lookup a = σ.keccak_map.lookup b → a = b := by
+  sorry
+
+-- lemma keccak_map_lookup_injective_of_not_mem {σ : EVMState} {a b : List UInt256} (ha : a ∈ σ.keccak_map) (hb : b ∉ σ.keccak_map) :
+--   σ.keccak_map.lookup a = σ.keccak_map.lookup b → a ≠ b := by
+--   sorry
+
+lemma keccak_map_lookup_eq_of_Preserved_of_lookup {σ₀ σ₁} {addr} {b}
+  (p : Preserved σ₀ σ₁) (h : Finmap.lookup addr σ₀.keccak_map = some b) :
+  σ₀.keccak_map.lookup addr = σ₁.keccak_map.lookup addr := by
+    apply p.keccak_map.2
+    rw [Finmap.mem_iff]
+    use b
+
 -- code copy
 
 def codeCopy (σ : EVMState) (mstart cstart s : UInt256) : EVMState :=
@@ -621,7 +652,11 @@ def sstore (σ : EVMState) (spos sval : UInt256) : EVMState :=
   match σ.lookupAccount σ.execution_env.code_owner with
   | .some act =>
     let σ' := σ.updateAccount σ.execution_env.code_owner (act.updateStorage spos sval)
-    {σ' with used_range := {spos} ∪ σ'.used_range}
+    {σ' with used_range := {spos} ∪ σ'.used_range
+             keccak_used_range :=
+               by trans σ'.used_range
+                  · exact σ'.keccak_used_range
+                  · exact Finset.subset_union_right}
   | .none => σ
 
 def msize (σ : EVMState) : UInt256 :=
diff --git a/Generated/erc20shim/ERC20Shim/Predicate.lean b/Generated/erc20shim/ERC20Shim/Predicate.lean
index d7d93a0..633eeb2 100644
--- a/Generated/erc20shim/ERC20Shim/Predicate.lean
+++ b/Generated/erc20shim/ERC20Shim/Predicate.lean
@@ -25,6 +25,12 @@ def not_mem_private (a : Option UInt256) : Prop :=
   | some el => el ∉ ERC20Private.toFinset
   | none => true
 
+lemma not_mem_private_of_some {a : UInt256} (h : not_mem_private (some a)) :
+  a ∉ ERC20Private.toFinset := by
+  unfold not_mem_private at h
+  simp at h
+  exact h
+
 structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
   hasSupply : s.evm.sload ERC20Private.totalSupply = erc20.supply
 
@@ -37,8 +43,8 @@ structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
   hasAllowance :
     ∀ {owner spender}, (⟨owner, spender⟩ ∈ erc20.allowances) →
     ∃ (address  : UInt256) (intermediate : UInt256),
-    s.evm.keccak_map.lookup [ ↑owner , ERC20Private.allowances ] = some intermediate →
-    s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address →
+    s.evm.keccak_map.lookup [ ↑owner , ERC20Private.allowances ] = some intermediate ∧
+    s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address ∧
     erc20.allowances.lookup ⟨owner, spender⟩ = some (s.evm.sload address)
 
   storageDom :
@@ -48,14 +54,14 @@ structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
         some address = s.evm.keccak_map.lookup [ ↑account, ERC20Private.balances ] }.toFinset ∪
       { address | ∃ owner spender,
         ⟨owner, spender⟩ ∈ erc20.allowances ∧
-        ∃ intermediate, s.evm.keccak_map.lookup [ ↑owner , ERC20Private.allowances ] = some intermediate ∧
+        ∀ {intermediate}, s.evm.keccak_map.lookup [ ↑owner , ERC20Private.allowances ] = some intermediate →
         s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address }.toFinset ∪
       ERC20Private.toFinset
 
   block_acc_range :
     ∀ {var},
-    not_mem_private (s.evm.keccak_map.lookup [ ↑var, ERC20Private.balances ]) ∧
-    not_mem_private (s.evm.keccak_map.lookup [ ↑var, ERC20Private.allowances ])
+    not_mem_private (s.evm.keccak_map.lookup [ var, ERC20Private.balances ]) ∧
+    not_mem_private (s.evm.keccak_map.lookup [ var, ERC20Private.allowances ])
 
   -- block_allowance_range :
   --   ∀ {owner}, s.evm.keccak_map.lookup [ ↑owner, ERC20Private.allowances ] ∉ ERC20Private.toFinset
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index 82e2e59..239cdf2 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -17,6 +17,9 @@ def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : Stat
   IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
   s₉[var]!! = (erc20.balances.lookup account).getD 0
 
+set_option linter.setOption false
+set_option pp.coercions false
+
 lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   Spec (fun_balanceOf_concrete_of_code.1 var var_account) s₀ s₉ →
   Spec (A_fun_balanceOf var var_account) s₀ s₉ := by
@@ -34,6 +37,9 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   clr_spec at mapping
   obtain ⟨preservesEvm, s_isOk, keccak⟩ := mapping  
   obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
+  rw [ ← Variables.balances_def
+     , s_eq_ok, get_evm_of_ok, ← s_eq_ok
+     ] at keccak
 
   -- simplify contract
   unfold reviveJump at code
@@ -67,21 +73,14 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance mem
   generalize account_def : Address.ofUInt256 var_account = account at *
 
-  rw [s_eq_ok] at keccak
-  rw [Variables.balances_def] at has_address
   simp only [State.evm] at keccak has_address
-  have preserve_lookup :
-    evm.keccak_map.lookup [ ↑↑account, 0 ] = evmₛ.keccak_map.lookup [ ↑↑account, 0 ] := by
-    apply Preserved.keccak_map.2
-    rw [Finmap.mem_iff]
-    use address
-
   have address_def : s["_2"]!! = address := by
     rw [s_eq_ok]
     rw [← Option.some_inj]
     trans
-    · exact Eq.symm keccak
-    · exact (preserve_lookup ▸ has_address)
+    · exact Eq.symm (s_eq_ok ▸ keccak)
+    · exact (keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
+        ▸ has_address)
 
   rw [address_def] at code ⊢
   rw [ balance
@@ -104,33 +103,79 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
      , this
      ]
   clear this
-
-  have partition := w is_erc20 mem
-  -- have dom := by
-  --   have := is_erc20.storageDom
-  --   simp at this
-  --   exact this
-  have := is_erc20.storageDom
-  rw [is_erc20.storageDom] at partition
-  rw [List.partition_eq_filter_filter] at partition
-  simp only [Prod.snd, State.evm] at partition
-  rw [Function.comp_def] at partition
-  rw [List.inter_def] at partition
-  rw [List.filter_filter] at partition
-  -- rw [not_decide_eq_true] at partition
-  -- simp at partition
-  -- rw [this]
-    -- simp
-    -- rw [hasBalance]
-    -- have hPreserved : preserved (Ok evm varstore).evm evmₛ := by
-    --   unfold preservesEvm at preserves_final
-    --   aesop
-    -- have : sload (Ok evm varstore).evm address = sload evmₛ address := by
-    --   unfold EVMState.sload EVMState.lookupAccount
-    --   rw [ preserves_account_map hPreserved
-    --     , preserves_execution_env hPreserved
-    --     ]
-    -- rw [this]
+  simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
+  have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
+    IsERC20_of_ok_of_Preserved Preserved is_erc20
+
+  split_ands
+  -- address not in balances
+  · intro account account_mem_balances
+    rw [ ← keccak
+       , keccak_map_lookup_eq_of_Preserved_of_lookup
+           Preserved
+           (is_erc20.hasBalance account_mem_balances).2.1 ]
+    by_contra h
+    have : [↑↑account, ERC20Private.balances] ∈ evmₛ.keccak_map.keys := by
+      rw [Finmap.mem_keys]
+      apply Finmap.lookup_isSome.mp
+      have := get_evm_of_ok ▸ (s_erc20.hasBalance account_mem_balances).2.1
+      rw [this]
+      simp
+    have keccak_inj := evmₛ.keccak_inj this (Eq.symm h)
+
+    rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+    unfold Fin.ofNat'' at keccak_inj
+    simp at keccak_inj
+    rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj
+    rw [keccak_inj] at account_mem_balances
+    exact (mem account_mem_balances)
+    · exact Address.ofUInt256_lt_UInt256_size
+    · exact Address.val_lt_UInt256_size
+
+  -- address not in allowances
+  · intro owner spender mem_allowances
+    obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
+      is_erc20.hasAllowance mem_allowances
+    rw [get_evm_of_ok] at owner_lookup spender_lookup
+    have owner_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup Preserved owner_lookup
+    have spender_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup Preserved spender_lookup
+    push_neg
+    use erc_intermediate
+    rw [ ← keccak ]
+    by_contra h
+    rw [not_and'] at h
+    apply h at owner_lookup
+    exact owner_lookup
+
+    rw [spender_lookup_s]
+    by_contra h
+    have : [spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
+      rw [Finmap.mem_keys]
+      apply Finmap.lookup_isSome.mp
+      have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
+      rw [this]
+      simp
+    have keccak_inj := evmₛ.keccak_inj this h
+    simp at keccak_inj
+    have intermediate_ne_balances : erc_intermediate ≠ ERC20Private.balances := by
+      obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2
+      rw [owner_lookup] at blocked_range
+      unfold not_mem_private at blocked_range
+      simp at blocked_range
+      rw [← Finset.forall_mem_not_eq] at blocked_range
+      have bal_mem_private: ERC20Private.balances ∈ ERC20Private.toFinset := by
+        unfold PrivateAddresses.toFinset
+        simp
+      specialize blocked_range ERC20Private.balances
+      exact blocked_range bal_mem_private
+
+    tauto
+
+  -- address not in reserved space
+  · obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.1
+    rw [ keccak ] at blocked_range
+    apply not_mem_private_of_some at blocked_range
+    exact blocked_range
 
 end
 

From ff583de3c70a52307a96ea66ff571cefabe7bb4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Mon, 14 Oct 2024 14:28:18 +0200
Subject: [PATCH 24/89] Use proper items from predicate

---
 .../ERC20Shim/fun_balanceOf_user.lean         | 20 +++++--------------
 1 file changed, 5 insertions(+), 15 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index 239cdf2..f7e1b2e 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -17,9 +17,6 @@ def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : Stat
   IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
   s₉[var]!! = (erc20.balances.lookup account).getD 0
 
-set_option linter.setOption false
-set_option pp.coercions false
-
 lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   Spec (fun_balanceOf_concrete_of_code.1 var var_account) s₀ s₉ →
   Spec (A_fun_balanceOf var var_account) s₀ s₉ := by
@@ -51,11 +48,6 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
   have Preserved := Preserved_of_preservesEvm_of_Ok preservesEvm
 
-  -- have : Address.ofUInt256 var_account ∈ erc20.balances := sorry
-  -- obtain ⟨address, hasAddress, hasBalance⟩ := is_erc20.hasBalance this
-  -- obtain ⟨preserves, is_ok, lookup⟩ := keccak hasAddress
-  -- obtain ⟨evmₛ, varstoreₛ, ok_state⟩ := State_of_isOk is_ok
-
   apply And.intro
   -- IsERC20 for the final state
   exact IsERC20_of_preservesEvm (by aesop) is_erc20
@@ -71,9 +63,7 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   by_cases mem : Address.ofUInt256 var_account ∈ erc20.balances
   -- there is such account in balances
   obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance mem
-  generalize account_def : Address.ofUInt256 var_account = account at *
 
-  simp only [State.evm] at keccak has_address
   have address_def : s["_2"]!! = address := by
     rw [s_eq_ok]
     rw [← Option.some_inj]
@@ -110,16 +100,17 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   split_ands
   -- address not in balances
   · intro account account_mem_balances
+    obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
     rw [ ← keccak
        , keccak_map_lookup_eq_of_Preserved_of_lookup
-           Preserved
-           (is_erc20.hasBalance account_mem_balances).2.1 ]
+           Preserved has_address ]
     by_contra h
     have : [↑↑account, ERC20Private.balances] ∈ evmₛ.keccak_map.keys := by
       rw [Finmap.mem_keys]
       apply Finmap.lookup_isSome.mp
-      have := get_evm_of_ok ▸ (s_erc20.hasBalance account_mem_balances).2.1
-      rw [this]
+      have := get_evm_of_ok ▸ has_address
+      rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
+         , this ]
       simp
     have keccak_inj := evmₛ.keccak_inj this (Eq.symm h)
 
@@ -137,7 +128,6 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
     obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
       is_erc20.hasAllowance mem_allowances
     rw [get_evm_of_ok] at owner_lookup spender_lookup
-    have owner_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup Preserved owner_lookup
     have spender_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup Preserved spender_lookup
     push_neg
     use erc_intermediate

From 2db665fe92b73c28fe06a1c171d018cdde242a0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Wed, 16 Oct 2024 13:29:27 +0200
Subject: [PATCH 25/89] Extending keccak used range

---
 Clear/EVMState.lean | 63 +++++++++++++++++++++++++++++++++++----------
 1 file changed, 49 insertions(+), 14 deletions(-)

diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index 9e3ca70..88f7fec 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -401,6 +401,18 @@ instance : Inhabited ExecutionEnv :=
 
 -- definition of the evm state
 
+@[simp]
+def keccak_prod : (Σ _ : List UInt256, UInt256) → List UInt256 × UInt256 :=
+  (Equiv.sigmaEquivProd (List UInt256) UInt256).toFun
+
+@[simp]
+def keccak_key : (Σ _ : List UInt256, UInt256) → List UInt256 :=
+  Prod.fst ∘ keccak_prod
+
+@[simp]
+def keccak_val : (Σ _ : List UInt256, UInt256) → UInt256 :=
+  Prod.snd ∘ keccak_prod
+
 structure EVMState : Type where
   -- account map
   account_map : Finmap (λ _ : Address => Account)
@@ -418,7 +430,7 @@ structure EVMState : Type where
   -- props
   keccak_inj   : ∀ {a b},
     (a ∈ keccak_map.keys) → keccak_map.lookup a = keccak_map.lookup b → a = b
-  keccak_used_range : (keccak_map.entries.toList.map Sigma.snd).toFinset ⊆ used_range
+  keccak_used_range : (keccak_map.entries.toList.map keccak_val).toFinset ⊆ used_range
 deriving DecidableEq
 
 instance : Inhabited EVMState :=
@@ -531,6 +543,13 @@ lemma interval'_eq_interval {ms} {start last} (d : ℕ) :
     mkInterval ms start d := by
   sorry
 
+lemma mem_sigma_proj {α} {β} {l : List (Σ _ : α, β)} :
+  ∀ {a : Σ _ : α, β}, a ∈ l → a.2 ∈ l.map (Prod.snd ∘ (Equiv.sigmaEquivProd α β).toFun) := by
+  intro ⟨a, b⟩ mem
+  simp only [ Equiv.toFun_as_coe, List.mem_map, Function.comp_apply
+            , Equiv.sigmaEquivProd_apply, Sigma.exists, exists_eq_right ]
+  use a, mem
+
 def keccak256 (σ : EVMState) (p n : UInt256) : Option (UInt256 × EVMState) :=
   let interval : List UInt256 := List.map (Nat.toUInt256 ∘ fromBytes!) (List.toChunks 32 (mkInterval' σ.machine_state.memory p n))
   match Finmap.lookup interval σ.keccak_map with
@@ -538,21 +557,37 @@ def keccak256 (σ : EVMState) (p n : UInt256) : Option (UInt256 × EVMState) :=
   | .none     =>
     match σ.keccak_range.filter (· ∉ σ.used_range) with
     | r :: rs =>
-      .some (r, {σ with keccak_map := σ.keccak_map.insert interval r,
-                        keccak_range := rs,
-                        used_range := {r} ∪ σ.used_range
-                        keccak_inj := sorry
-                        keccak_used_range := sorry })
+      .some (
+        r,
+        {σ with
+          keccak_map := σ.keccak_map.insert interval r,
+          keccak_range := rs,
+          used_range := {r} ∪ σ.used_range
+          keccak_inj := sorry
+          keccak_used_range := by
+            rw [Finset.subset_iff]
+            simp
+            intro val key mem
+            rw [ ← Finmap.lookup_eq_some_iff -- mem_lookup_iff
+               ] at mem
+            have key_mem_insert := Finmap.mem_of_lookup_eq_some mem
+            have prev := σ.keccak_used_range
+            by_cases h : key = interval
+            rw [h] at mem
+            left;
+            simp at mem
+            exact Eq.symm mem
+
+            right
+            apply Finset.mem_of_subset σ.keccak_used_range
+            simp [ mem_sigma_proj ]
+            use key
+            rw [ Finmap.lookup_insert_of_ne σ.keccak_map h, Finmap.lookup_eq_some_iff ] at mem
+            exact mem
+        }
+      )
     | [] => .none
 
-lemma keccak_map_lookup_injective_of_mem {σ : EVMState} {a b : List UInt256} (ha : a ∈ σ.keccak_map) :
-  σ.keccak_map.lookup a = σ.keccak_map.lookup b → a = b := by
-  sorry
-
--- lemma keccak_map_lookup_injective_of_not_mem {σ : EVMState} {a b : List UInt256} (ha : a ∈ σ.keccak_map) (hb : b ∉ σ.keccak_map) :
---   σ.keccak_map.lookup a = σ.keccak_map.lookup b → a ≠ b := by
---   sorry
-
 lemma keccak_map_lookup_eq_of_Preserved_of_lookup {σ₀ σ₁} {addr} {b}
   (p : Preserved σ₀ σ₁) (h : Finmap.lookup addr σ₀.keccak_map = some b) :
   σ₀.keccak_map.lookup addr = σ₁.keccak_map.lookup addr := by

From 0da520c267b9ec1f1ac691ac15ccd71f32a4081a Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Thu, 17 Oct 2024 06:18:55 +0000
Subject: [PATCH 26/89] Ensure type of `owner` and `spender` is `Address` not
 `UInt256` Adjust the `fun_balanceOf_abs_of_concrete` lemma so that
 `fun_balanceOf_user.lean` still builds successfully.

---
 Generated/erc20shim/ERC20Shim/Predicate.lean          | 4 ++--
 Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/Predicate.lean b/Generated/erc20shim/ERC20Shim/Predicate.lean
index 633eeb2..e5ba26c 100644
--- a/Generated/erc20shim/ERC20Shim/Predicate.lean
+++ b/Generated/erc20shim/ERC20Shim/Predicate.lean
@@ -41,7 +41,7 @@ structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
     erc20.balances.lookup account = some (s.evm.sload address)
 
   hasAllowance :
-    ∀ {owner spender}, (⟨owner, spender⟩ ∈ erc20.allowances) →
+    ∀ {owner spender}, ((owner, spender) ∈ erc20.allowances) →
     ∃ (address  : UInt256) (intermediate : UInt256),
     s.evm.keccak_map.lookup [ ↑owner , ERC20Private.allowances ] = some intermediate ∧
     s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address ∧
@@ -53,7 +53,7 @@ structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
         account ∈ erc20.balances ∧
         some address = s.evm.keccak_map.lookup [ ↑account, ERC20Private.balances ] }.toFinset ∪
       { address | ∃ owner spender,
-        ⟨owner, spender⟩ ∈ erc20.allowances ∧
+        (owner, spender) ∈ erc20.allowances ∧
         ∀ {intermediate}, s.evm.keccak_map.lookup [ ↑owner , ERC20Private.allowances ] = some intermediate →
         s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address }.toFinset ∪
       ERC20Private.toFinset
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index f7e1b2e..75be777 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -139,7 +139,7 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
 
     rw [spender_lookup_s]
     by_contra h
-    have : [spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
+    have : [↑↑spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
       rw [Finmap.mem_keys]
       apply Finmap.lookup_isSome.mp
       have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup

From 7d30c37f36ae802808e54d15b846a1f08f2c3e78 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Wed, 16 Oct 2024 05:03:32 +0000
Subject: [PATCH 27/89] [wip] Based on `fun_balanceOf_abs_of_concrete`

---
 .../ERC20Shim/fun_allowance_user.lean         | 187 +++++++++++++++++-
 ...pping_address_uint256_of_address_user.lean |  14 +-
 2 files changed, 193 insertions(+), 8 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index 1a0d8f7..4277da5 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -1,10 +1,8 @@
 import Clear.ReasoningPrinciple
 
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
-
 import Generated.erc20shim.ERC20Shim.fun_allowance_gen
 
+import Generated.erc20shim.ERC20Shim.Predicate
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -12,13 +10,192 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-def A_fun_allowance (var : Identifier) (var_owner var_spender : Literal) (s₀ s₉ : State) : Prop := sorry
+def A_fun_allowance (var : Identifier) (var_owner var_spender : Literal) (s₀ s₉ : State) : Prop :=
+  ∀ {erc20}, IsERC20 erc20 s₀ →
+  let owner := Address.ofUInt256 var_owner
+  let spender := Address.ofUInt256 var_spender
+  IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
+  s₉[var]!! = (erc20.allowances.lookup ⟨owner, spender⟩).getD 0
 
 lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spender} :
   Spec (fun_allowance_concrete_of_code.1 var var_owner var_spender) s₀ s₉ →
   Spec (A_fun_allowance var var_owner var_spender) s₀ s₉ := by
   unfold fun_allowance_concrete_of_code A_fun_allowance
-  sorry
+
+  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+  apply spec_eq
+  clr_funargs
+  intro hasFuel ⟨s, mapping, ⟨s', mapping', code⟩⟩ erc20 is_erc20
+
+  clr_varstore
+
+  -- what we can get right now from mapping function
+  unfold A_mapping_index_access_mapping_address_mapping_address_uint256_of_address at mapping
+  unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
+  clr_spec at mapping
+  obtain ⟨preservesEvm, s_isOk, keccak⟩ := mapping
+  obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
+  rw [ ← Variables.allowances_def
+     , s_eq_ok, get_evm_of_ok, ← s_eq_ok
+     ] at keccak
+
+  -- what we can get right now from mapping' function
+  unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
+  clr_spec at mapping'
+  obtain ⟨preservesEvm', s_isOk', keccak'⟩ := mapping'
+  obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
+  rw [ s_eq_ok', get_evm_of_ok, ← s_eq_ok'
+     ] at keccak'
+
+  -- simplify contract
+  unfold reviveJump at code
+  simp [s_eq_ok, s_eq_ok'] at code
+  rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
+  clr_varstore
+
+  -- get underlying Preserved from preservesEvm
+  rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
+  have hPreserved := Preserved_of_preservesEvm_of_Ok preservesEvm
+
+  -- get underlying Preserved from preservesEvm'
+  rw [ s_eq_ok, s_eq_ok'] at preservesEvm'
+  have hPreserved' := Preserved_of_preservesEvm_of_Ok preservesEvm'
+
+  -- make use of transitivity of Preserved
+  have hPreserved'' : Clear.Preserved evm evmₛ' := Preserved.trans hPreserved hPreserved'
+
+  apply And.intro
+  -- IsERC20 for the final state
+  exact IsERC20_of_preservesEvm (by aesop) is_erc20
+
+  rw [← code]
+  apply And.intro
+  -- preservesEvm s₀ s₉
+  rw [ preservesEvm_of_insert' ]
+  exact preservesEvm_of_preserved _ _ hPreserved''
+
+  -- lookup balance
+  clr_varstore
+  by_cases mem : ⟨Address.ofUInt256 var_owner, Address.ofUInt256 var_spender⟩ ∈ erc20.allowances
+  -- there is such ⟨owner, spender⟩ in allowances
+  obtain ⟨address, intermediate, has_intermediate, has_address, balance⟩ := is_erc20.hasAllowance mem
+
+  have intermediate_def : s["_2"]!! = intermediate := by
+    rw [s_eq_ok]
+    rw [← Option.some_inj]
+    trans
+    · have := Eq.symm (s_eq_ok ▸ keccak)
+      exact this
+    · exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved has_intermediate
+        ▸ has_intermediate)
+
+  have address_def : s'["_3"]!! = address := by
+    rw [s_eq_ok']
+    rw [← Option.some_inj]
+    trans
+    · have := Eq.symm (s_eq_ok' ▸ keccak')
+      exact this
+    · rw [intermediate_def]
+      have : s["var_spender"]!! = var_spender := by sorry
+      rw [this]
+      exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address ▸ has_address)
+
+  -- up to here
+
+  rw [address_def] at code ⊢
+  rw [ balance
+     , Option.getD_some
+     , State.get_evm_of_ok
+     , ← sload_eq_of_preserved hPreserved''
+     ]
+
+  -- there is *no* such account in balances
+  -- so sload should return 0
+  rw [ Finmap.lookup_eq_none.mpr mem
+     , Option.getD_none
+     ]
+
+  -- in order to do that it should be given storage address outside of
+  -- it's domain
+  apply sload_of_not_mem_dom
+  have := State.get_evm_of_ok ▸ is_erc20.storageDom
+  rw [ ← storage_eq_of_preserved hPreserved''
+     , this
+     ]
+  clear this
+  simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
+  have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
+    IsERC20_of_ok_of_Preserved hPreserved is_erc20
+
+  split_ands
+  -- address not in balances
+  · intro account account_mem_balances
+    obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
+    rw [ ← keccak'
+       , keccak_map_lookup_eq_of_Preserved_of_lookup
+           hPreserved has_address ]
+    by_contra h
+    have : [↑↑account, ERC20Private.balances] ∈ evmₛ.keccak_map.keys := by
+      rw [Finmap.mem_keys]
+      apply Finmap.lookup_isSome.mp
+      have := get_evm_of_ok ▸ has_address
+      rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved has_address
+         , this ]
+      simp
+    have keccak_inj := evmₛ.keccak_inj this (Eq.symm h)
+
+    rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+    unfold Fin.ofNat'' at keccak_inj
+    simp at keccak_inj
+    rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj
+    rw [keccak_inj] at account_mem_balances
+    exact (mem account_mem_balances)
+    · exact Address.ofUInt256_lt_UInt256_size
+    · exact Address.val_lt_UInt256_size
+
+  -- address not in allowances
+  · intro owner spender mem_allowances
+    obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
+      is_erc20.hasAllowance mem_allowances
+    rw [get_evm_of_ok] at owner_lookup spender_lookup
+    have spender_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup Preserved spender_lookup
+    push_neg
+    use erc_intermediate
+    rw [ ← keccak ]
+    by_contra h
+    rw [not_and'] at h
+    apply h at owner_lookup
+    exact owner_lookup
+
+    rw [spender_lookup_s]
+    by_contra h
+    have : [spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
+      rw [Finmap.mem_keys]
+      apply Finmap.lookup_isSome.mp
+      have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
+      rw [this]
+      simp
+    have keccak_inj := evmₛ.keccak_inj this h
+    simp at keccak_inj
+    have intermediate_ne_balances : erc_intermediate ≠ ERC20Private.balances := by
+      obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2
+      rw [owner_lookup] at blocked_range
+      unfold not_mem_private at blocked_range
+      simp at blocked_range
+      rw [← Finset.forall_mem_not_eq] at blocked_range
+      have bal_mem_private: ERC20Private.balances ∈ ERC20Private.toFinset := by
+        unfold PrivateAddresses.toFinset
+        simp
+      specialize blocked_range ERC20Private.balances
+      exact blocked_range bal_mem_private
+
+    tauto
+
+  -- address not in reserved space
+  · obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.1
+    rw [ keccak ] at blocked_range
+    apply not_mem_private_of_some at blocked_range
+    exact blocked_range
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
index ff0e10f..27014e9 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
@@ -2,22 +2,30 @@ import Clear.ReasoningPrinciple
 
 
 import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen
-
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_user
 
 namespace Generated.erc20shim.ERC20Shim
 
 section
 
-open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities
 
-def A_mapping_index_access_mapping_address_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop := sorry
+def A_mapping_index_access_mapping_address_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
+  A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key s₀ s₉
 
 lemma mapping_index_access_mapping_address_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
   Spec (mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
   Spec (A_mapping_index_access_mapping_address_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
   unfold mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_mapping_address_uint256_of_address
+  unfold A_mapping_index_access_mapping_address_uint256_of_address
+
+  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+  apply spec_eq
+  intro hasFuel
+  clr_funargs
   sorry
 
+
 end
 
 end Generated.erc20shim.ERC20Shim

From c262ae172be81ddf848f622d494884ada27b391a Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Thu, 17 Oct 2024 09:11:21 +0000
Subject: [PATCH 28/89] [wip]

---
 .../ERC20Shim/fun_allowance_user.lean         | 240 +++++++++---------
 1 file changed, 121 insertions(+), 119 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index 4277da5..1cbc4e0 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -74,128 +74,130 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
   rw [ preservesEvm_of_insert' ]
   exact preservesEvm_of_preserved _ _ hPreserved''
 
-  -- lookup balance
+  -- lookup allowance
   clr_varstore
   by_cases mem : ⟨Address.ofUInt256 var_owner, Address.ofUInt256 var_spender⟩ ∈ erc20.allowances
-  -- there is such ⟨owner, spender⟩ in allowances
-  obtain ⟨address, intermediate, has_intermediate, has_address, balance⟩ := is_erc20.hasAllowance mem
-
-  have intermediate_def : s["_2"]!! = intermediate := by
-    rw [s_eq_ok]
-    rw [← Option.some_inj]
-    trans
-    · have := Eq.symm (s_eq_ok ▸ keccak)
-      exact this
-    · exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved has_intermediate
-        ▸ has_intermediate)
-
-  have address_def : s'["_3"]!! = address := by
-    rw [s_eq_ok']
-    rw [← Option.some_inj]
-    trans
-    · have := Eq.symm (s_eq_ok' ▸ keccak')
-      exact this
-    · rw [intermediate_def]
-      have : s["var_spender"]!! = var_spender := by sorry
-      rw [this]
-      exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address ▸ has_address)
-
-  -- up to here
-
-  rw [address_def] at code ⊢
-  rw [ balance
-     , Option.getD_some
-     , State.get_evm_of_ok
-     , ← sload_eq_of_preserved hPreserved''
-     ]
-
-  -- there is *no* such account in balances
-  -- so sload should return 0
-  rw [ Finmap.lookup_eq_none.mpr mem
-     , Option.getD_none
-     ]
-
-  -- in order to do that it should be given storage address outside of
-  -- it's domain
-  apply sload_of_not_mem_dom
-  have := State.get_evm_of_ok ▸ is_erc20.storageDom
-  rw [ ← storage_eq_of_preserved hPreserved''
-     , this
-     ]
-  clear this
-  simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
-  have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
-    IsERC20_of_ok_of_Preserved hPreserved is_erc20
-
-  split_ands
-  -- address not in balances
-  · intro account account_mem_balances
-    obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
-    rw [ ← keccak'
-       , keccak_map_lookup_eq_of_Preserved_of_lookup
-           hPreserved has_address ]
-    by_contra h
-    have : [↑↑account, ERC20Private.balances] ∈ evmₛ.keccak_map.keys := by
-      rw [Finmap.mem_keys]
-      apply Finmap.lookup_isSome.mp
-      have := get_evm_of_ok ▸ has_address
-      rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved has_address
-         , this ]
-      simp
-    have keccak_inj := evmₛ.keccak_inj this (Eq.symm h)
-
-    rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
-    unfold Fin.ofNat'' at keccak_inj
-    simp at keccak_inj
-    rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj
-    rw [keccak_inj] at account_mem_balances
-    exact (mem account_mem_balances)
-    · exact Address.ofUInt256_lt_UInt256_size
-    · exact Address.val_lt_UInt256_size
-
-  -- address not in allowances
-  · intro owner spender mem_allowances
-    obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
-      is_erc20.hasAllowance mem_allowances
-    rw [get_evm_of_ok] at owner_lookup spender_lookup
-    have spender_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup Preserved spender_lookup
-    push_neg
-    use erc_intermediate
-    rw [ ← keccak ]
-    by_contra h
-    rw [not_and'] at h
-    apply h at owner_lookup
-    exact owner_lookup
-
-    rw [spender_lookup_s]
-    by_contra h
-    have : [spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
-      rw [Finmap.mem_keys]
-      apply Finmap.lookup_isSome.mp
-      have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
-      rw [this]
-      simp
-    have keccak_inj := evmₛ.keccak_inj this h
-    simp at keccak_inj
-    have intermediate_ne_balances : erc_intermediate ≠ ERC20Private.balances := by
-      obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2
-      rw [owner_lookup] at blocked_range
-      unfold not_mem_private at blocked_range
-      simp at blocked_range
-      rw [← Finset.forall_mem_not_eq] at blocked_range
-      have bal_mem_private: ERC20Private.balances ∈ ERC20Private.toFinset := by
-        unfold PrivateAddresses.toFinset
+  · -- there is such ⟨owner, spender⟩ in allowances
+    obtain ⟨address, intermediate, has_intermediate, has_address, allowance⟩ := is_erc20.hasAllowance mem
+
+    have intermediate_def : s["_2"]!! = intermediate := by
+      rw [s_eq_ok]
+      rw [← Option.some_inj]
+      trans
+      · have := Eq.symm (s_eq_ok ▸ keccak)
+        exact this
+      · exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved has_intermediate
+          ▸ has_intermediate)
+
+    have address_def : s'["_3"]!! = address := by
+      rw [s_eq_ok']
+      rw [← Option.some_inj]
+      trans
+      · have := Eq.symm (s_eq_ok' ▸ keccak')
+        exact this
+      · rw [intermediate_def]
+        have : s["var_spender"]!! = var_spender := by sorry
+        rw [this]
+        exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address ▸ has_address)
+
+    rw [address_def] at code ⊢
+    rw [ allowance
+      , Option.getD_some
+      , State.get_evm_of_ok
+      , ← sload_eq_of_preserved hPreserved''
+      ]
+  · -- there is *no* such account in allowances
+    -- so sload should return 0
+    rw [ Finmap.lookup_eq_none.mpr mem
+      , Option.getD_none
+      ]
+
+    -- in order to do that it should be given storage address outside of
+    -- its domain
+    apply sload_of_not_mem_dom
+    have := State.get_evm_of_ok ▸ is_erc20.storageDom
+    rw [ ← storage_eq_of_preserved hPreserved''
+      , this
+      ]
+    clear this
+    simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
+    have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
+      IsERC20_of_ok_of_Preserved hPreserved is_erc20
+    have s_erc20' : IsERC20 erc20 (Ok evmₛ' _) :=
+      IsERC20_of_ok_of_Preserved hPreserved' s_erc20
+
+    split_ands
+    -- address not in balances
+    · intro account account_mem_balances
+      obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
+      rw [ ← keccak'
+        , keccak_map_lookup_eq_of_Preserved_of_lookup
+            hPreserved'' has_address ]
+      by_contra h
+      have : [↑↑account, ERC20Private.balances] ∈ evmₛ'.keccak_map.keys := by
+        rw [Finmap.mem_keys]
+        apply Finmap.lookup_isSome.mp
+        have := get_evm_of_ok ▸ has_address
+        rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address
+          , this ]
         simp
-      specialize blocked_range ERC20Private.balances
-      exact blocked_range bal_mem_private
-
-    tauto
-
-  -- address not in reserved space
-  · obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.1
-    rw [ keccak ] at blocked_range
-    apply not_mem_private_of_some at blocked_range
-    exact blocked_range
+      have keccak_inj := evmₛ'.keccak_inj this (Eq.symm h)
+
+      --Up to here-ish
+
+      rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+      unfold Fin.ofNat'' at keccak_inj
+      simp at keccak_inj
+      obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
+      rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj₁
+      · rw [keccak_inj₁] at account_mem_balances
+        exact (mem account_mem_balances)
+      · exact Address.ofUInt256_lt_UInt256_size
+      · exact Address.val_lt_UInt256_size
+
+    -- address not in allowances
+    · intro owner spender mem_allowances
+      obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
+        is_erc20.hasAllowance mem_allowances
+      rw [get_evm_of_ok] at owner_lookup spender_lookup
+      have spender_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved spender_lookup
+      push_neg
+      use erc_intermediate
+      rw [ ← keccak' ]
+      by_contra h
+      rw [not_and'] at h
+      apply h at owner_lookup
+      exact owner_lookup
+
+      rw [spender_lookup_s]
+      by_contra h
+      have : [spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
+        rw [Finmap.mem_keys]
+        apply Finmap.lookup_isSome.mp
+        have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
+        rw [this]
+        simp
+      have keccak_inj := evmₛ.keccak_inj this h
+      simp at keccak_inj
+      have intermediate_ne_allowances : erc_intermediate ≠ ERC20Private.allowances := by
+        obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2
+        rw [owner_lookup] at blocked_range
+        unfold not_mem_private at blocked_range
+        simp at blocked_range
+        rw [← Finset.forall_mem_not_eq] at blocked_range
+        have bal_mem_private: ERC20Private.allowances ∈ ERC20Private.toFinset := by
+          unfold PrivateAddresses.toFinset
+          simp
+        specialize blocked_range ERC20Private.allowances
+        exact blocked_range bal_mem_private
+
+      tauto
+
+    -- address not in reserved space
+    · obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.1
+      rw [ keccak ] at blocked_range
+      apply not_mem_private_of_some at blocked_range
+      exact blocked_range
 
 end
 

From d267d41b61379d07bfc526cbfa944e2d302124a3 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Thu, 17 Oct 2024 09:09:59 +0000
Subject: [PATCH 29/89] [wip]

---
 .../ERC20Shim/fun_allowance_user.lean         | 20 ++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index 1cbc4e0..955c787 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -149,11 +149,17 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
       unfold Fin.ofNat'' at keccak_inj
       simp at keccak_inj
       obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
-      rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj₁
-      · rw [keccak_inj₁] at account_mem_balances
-        exact (mem account_mem_balances)
-      · exact Address.ofUInt256_lt_UInt256_size
-      · exact Address.val_lt_UInt256_size
+
+      have : ERC20Private.balances ≠ s["_2"]!! := by
+        obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.2
+        rw [ keccak ] at blocked_range
+        apply not_mem_private_of_some at blocked_range
+        rw [@ne_comm]
+        unfold PrivateAddresses.toFinset at blocked_range
+        rw [Finset.mem_def] at blocked_range
+        simp at blocked_range
+        exact blocked_range.1
+      contradiction
 
     -- address not in allowances
     · intro owner spender mem_allowances
@@ -194,8 +200,8 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
       tauto
 
     -- address not in reserved space
-    · obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.1
-      rw [ keccak ] at blocked_range
+    · obtain blocked_range := get_evm_of_ok ▸ s_erc20'.block_acc_range.2
+      rw [ keccak' ] at blocked_range
       apply not_mem_private_of_some at blocked_range
       exact blocked_range
 

From ab6bec4a981be5764ab848293e8dc6db3f0c1acb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Thu, 17 Oct 2024 16:44:09 +0200
Subject: [PATCH 30/89] keccak injectivity preservation

---
 Clear/EVMState.lean | 97 +++++++++++++++++++++++++++++++++++----------
 1 file changed, 76 insertions(+), 21 deletions(-)

diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index 88f7fec..5f81236 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -413,6 +413,9 @@ def keccak_key : (Σ _ : List UInt256, UInt256) → List UInt256 :=
 def keccak_val : (Σ _ : List UInt256, UInt256) → UInt256 :=
   Prod.snd ∘ keccak_prod
 
+lemma snd_eq_keccak_val {a : (Σ _ : List UInt256, UInt256)} : a.snd = keccak_val a := by
+  simp
+
 structure EVMState : Type where
   -- account map
   account_map : Finmap (λ _ : Address => Account)
@@ -552,10 +555,10 @@ lemma mem_sigma_proj {α} {β} {l : List (Σ _ : α, β)} :
 
 def keccak256 (σ : EVMState) (p n : UInt256) : Option (UInt256 × EVMState) :=
   let interval : List UInt256 := List.map (Nat.toUInt256 ∘ fromBytes!) (List.toChunks 32 (mkInterval' σ.machine_state.memory p n))
-  match Finmap.lookup interval σ.keccak_map with
+  match g : Finmap.lookup interval σ.keccak_map with
   | .some val => .some (val, σ)
   | .none     =>
-    match σ.keccak_range.filter (· ∉ σ.used_range) with
+    match h : σ.keccak_range.filter (· ∉ σ.used_range) with
     | r :: rs =>
       .some (
         r,
@@ -563,27 +566,79 @@ def keccak256 (σ : EVMState) (p n : UInt256) : Option (UInt256 × EVMState) :=
           keccak_map := σ.keccak_map.insert interval r,
           keccak_range := rs,
           used_range := {r} ∪ σ.used_range
-          keccak_inj := sorry
           keccak_used_range := by
-            rw [Finset.subset_iff]
+            intro r' r'_mem
+            have subset := Finset.subset_iff.mp σ.keccak_used_range
+            rw [ List.mem_toFinset, List.mem_map
+               , Finmap.insert_entries_of_neg (Finmap.lookup_eq_none.mp g)
+               ] at r'_mem
+            obtain ⟨a, ⟨a_mem, a_val_eq_r'⟩⟩ := r'_mem
+            rw [Multiset.mem_toList, Multiset.mem_cons] at a_mem
+            rcases a_mem with a_eq_interval_r | a_mem_prev
+            rw [a_eq_interval_r] at a_val_eq_r'
+            simp only [ keccak_val, keccak_prod
+                      , Equiv.toFun_as_coe, Function.comp_apply
+                      , Equiv.sigmaEquivProd_apply ] at a_val_eq_r'
+            rw [a_val_eq_r']
             simp
-            intro val key mem
-            rw [ ← Finmap.lookup_eq_some_iff -- mem_lookup_iff
-               ] at mem
-            have key_mem_insert := Finmap.mem_of_lookup_eq_some mem
-            have prev := σ.keccak_used_range
-            by_cases h : key = interval
-            rw [h] at mem
-            left;
-            simp at mem
-            exact Eq.symm mem
-
-            right
-            apply Finset.mem_of_subset σ.keccak_used_range
-            simp [ mem_sigma_proj ]
-            use key
-            rw [ Finmap.lookup_insert_of_ne σ.keccak_map h, Finmap.lookup_eq_some_iff ] at mem
-            exact mem
+
+            rw [← Multiset.mem_toList] at a_mem_prev
+            apply mem_sigma_proj at a_mem_prev
+            rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset
+               , snd_eq_keccak_val, a_val_eq_r'
+               ] at a_mem_prev
+            have := subset a_mem_prev
+            simp only [Finset.mem_union, Finset.mem_singleton]
+            right; exact this
+
+          keccak_inj := by
+            intro a b mem h_lookup
+            rcases Finmap.mem_insert.mp mem with a_eq_interval | a_mem_prev
+
+            have b_lookup_eq_some_r := by
+              rw [a_eq_interval] at h_lookup
+              symm at h_lookup
+              simp at h_lookup
+              exact h_lookup
+            have b_mem : b ∈ Finmap.insert interval r σ.keccak_map :=
+              Finmap.mem_iff.mpr ⟨r, b_lookup_eq_some_r⟩
+            by_contra a_ne_b
+
+            rw [ ← a_eq_interval, Finmap.lookup_insert_of_ne _ (Ne.symm a_ne_b)
+               , Finmap.lookup_eq_some_iff, ← Multiset.mem_toList ] at b_lookup_eq_some_r
+            apply mem_sigma_proj at b_lookup_eq_some_r
+            rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset] at b_lookup_eq_some_r
+            simp only [] at b_lookup_eq_some_r
+
+            have r_mem_used := σ.keccak_used_range b_lookup_eq_some_r
+            have : r ∈ List.filter (fun x => decide (x ∉ σ.used_range)) σ.keccak_range :=
+              by aesop
+            have this := List.mem_filter.mp this
+            have r_ne_mem_used : r ∉ σ.used_range := by aesop
+            exact r_ne_mem_used r_mem_used
+
+            have interval_ne_mem_prev := Finmap.lookup_eq_none.mp g
+            have a_ne_interval : a ≠ interval := by aesop
+            by_cases b_ne_interval : b ≠ interval
+            rw [ Finmap.lookup_insert_of_ne _ a_ne_interval
+               , Finmap.lookup_insert_of_ne _ b_ne_interval ] at h_lookup
+            exact σ.keccak_inj a_mem_prev h_lookup
+
+            have b_eq_interval : b = interval := by aesop
+            rw [b_eq_interval, Finmap.lookup_insert
+               , Finmap.lookup_insert_of_ne _ a_ne_interval ] at h_lookup
+
+            rw [ Finmap.lookup_eq_some_iff, ← Multiset.mem_toList ] at h_lookup
+            apply mem_sigma_proj at h_lookup
+            rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset] at h_lookup
+            simp only [] at h_lookup
+
+            have r_mem_used := σ.keccak_used_range h_lookup
+            have : r ∈ List.filter (fun x => decide (x ∉ σ.used_range)) σ.keccak_range :=
+              by aesop
+            have this := List.mem_filter.mp this
+            have r_ne_mem_used : r ∉ σ.used_range := by aesop
+            contradiction
         }
       )
     | [] => .none

From 5a68d47cea0360c091fe7ec24e3002c71b567544 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Thu, 17 Oct 2024 17:38:05 +0200
Subject: [PATCH 31/89] possible new spec

---
 ...index_access_mapping_address_uint256_of_address_user.lean | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index 5686289..f2498d9 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -18,8 +18,9 @@ set_option linter.setOption false
 set_option pp.coercions false
 
 def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
-  preservesEvm s₀ s₉ ∧ s₉.isOk ∧
-  s₉.evm.keccak_map.lookup [ ↑(Address.ofUInt256 key), slot ] = some (s₉[dataSlot]!!)
+  preservesEvm s₀ s₉ ∧ s₉.isOk ∧ (∃ keccak,
+  s₉.evm.keccak_map.lookup [ ↑(Address.ofUInt256 key), slot ] = some keccak ∧
+  s₉.store = s₀⟦dataSlot ↦ keccak⟧.store)
 
 -- Helper reifications
 lemma shift_eq_size : Fin.shiftLeft (n := UInt256.size) 1 160 = Address.size := by

From d962a2263e419e02d8cc662fc4b18fb6d1187a03 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Fri, 18 Oct 2024 04:35:28 +0000
Subject: [PATCH 32/89] [wip] Fill sorry for `s["var_spender"]!! = var_spender`

---
 .../ERC20Shim/fun_allowance_user.lean         | 45 +++++++++++++++++--
 1 file changed, 42 insertions(+), 3 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index 955c787..7292ae1 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -33,8 +33,21 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
   unfold A_mapping_index_access_mapping_address_mapping_address_uint256_of_address at mapping
   unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
   clr_spec at mapping
-  obtain ⟨preservesEvm, s_isOk, keccak⟩ := mapping
+  obtain ⟨preservesEvm, s_isOk, ⟨intermediate_keccak, keccak_using_intermediate, hStore⟩⟩ := mapping
   obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
+  have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_owner), 1] s.evm.keccak_map = some (s["_2"]!!) := by
+    rw [s_eq_ok]
+    rw [s_eq_ok] at hStore
+    unfold store at hStore
+    simp at hStore
+    unfold State.insert at hStore
+    simp at hStore
+    conv_lhs => rw[←s_eq_ok]
+    rw [hStore]
+    unfold lookup!
+    simp
+    exact keccak_using_intermediate
+
   rw [ ← Variables.allowances_def
      , s_eq_ok, get_evm_of_ok, ← s_eq_ok
      ] at keccak
@@ -42,8 +55,22 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
   -- what we can get right now from mapping' function
   unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
   clr_spec at mapping'
-  obtain ⟨preservesEvm', s_isOk', keccak'⟩ := mapping'
+  obtain ⟨preservesEvm', s_isOk', ⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩⟩ := mapping'
   obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
+  have keccak' : Finmap.lookup [↑↑(Address.ofUInt256 (s["var_spender"]!!)), s["_2"]!!] s'.evm.keccak_map = some (s'["_3"]!!) := by
+    rw [s_eq_ok]
+    rw [s_eq_ok] at hStore'
+    rw [s_eq_ok']
+    rw [s_eq_ok'] at hStore'
+    unfold store at hStore'
+    simp at hStore'
+    unfold State.insert at hStore'
+    simp at hStore'
+    conv_lhs => rw[←s_eq_ok]; rw[←s_eq_ok']
+    rw [hStore']
+    unfold lookup!
+    simp
+    exact keccak_using_intermediate'
   rw [ s_eq_ok', get_evm_of_ok, ← s_eq_ok'
      ] at keccak'
 
@@ -96,7 +123,19 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
       · have := Eq.symm (s_eq_ok' ▸ keccak')
         exact this
       · rw [intermediate_def]
-        have : s["var_spender"]!! = var_spender := by sorry
+        have : s["var_spender"]!! = var_spender := by
+          rw [s_eq_ok]
+          rw [s_eq_ok] at hStore
+          unfold store at hStore
+          unfold State.insert at hStore
+          simp at hStore
+          rw [hStore]
+          unfold lookup!
+          simp
+          rw [Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+            , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+            , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)]
+          simp
         rw [this]
         exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address ▸ has_address)
 

From a5956eff720d7613b6990313eca6b7d2423f2bae Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Mon, 21 Oct 2024 04:57:59 +0000
Subject: [PATCH 33/89] [wip] Main aspects of `allowance` proof finished

---
 Generated/erc20shim/ERC20Shim/Predicate.lean  |   4 +-
 .../ERC20Shim/fun_allowance_user.lean         | 124 +++++++++++++-----
 2 files changed, 91 insertions(+), 37 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/Predicate.lean b/Generated/erc20shim/ERC20Shim/Predicate.lean
index e5ba26c..f284fa5 100644
--- a/Generated/erc20shim/ERC20Shim/Predicate.lean
+++ b/Generated/erc20shim/ERC20Shim/Predicate.lean
@@ -61,7 +61,9 @@ structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
   block_acc_range :
     ∀ {var},
     not_mem_private (s.evm.keccak_map.lookup [ var, ERC20Private.balances ]) ∧
-    not_mem_private (s.evm.keccak_map.lookup [ var, ERC20Private.allowances ])
+    not_mem_private (s.evm.keccak_map.lookup [ var, ERC20Private.allowances ]) ∧
+    (∀ var₂ intermediate, s.evm.keccak_map.lookup [ var, ERC20Private.allowances ] = some intermediate
+                    → not_mem_private (s.evm.keccak_map.lookup [ var₂, intermediate ]))
 
   -- block_allowance_range :
   --   ∀ {owner}, s.evm.keccak_map.lookup [ ↑owner, ERC20Private.allowances ] ∉ ERC20Private.toFinset
diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index 7292ae1..7ad0dd3 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -10,6 +10,8 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
+set_option maxHeartbeats 400000
+
 def A_fun_allowance (var : Identifier) (var_owner var_spender : Literal) (s₀ s₉ : State) : Prop :=
   ∀ {erc20}, IsERC20 erc20 s₀ →
   let owner := Address.ofUInt256 var_owner
@@ -182,67 +184,117 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
         simp
       have keccak_inj := evmₛ'.keccak_inj this (Eq.symm h)
 
-      --Up to here-ish
-
       rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
       unfold Fin.ofNat'' at keccak_inj
       simp at keccak_inj
       obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
 
       have : ERC20Private.balances ≠ s["_2"]!! := by
-        obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.2
+        obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.2.1
         rw [ keccak ] at blocked_range
         apply not_mem_private_of_some at blocked_range
         rw [@ne_comm]
         unfold PrivateAddresses.toFinset at blocked_range
         rw [Finset.mem_def] at blocked_range
-        simp at blocked_range
+        simp at blocked_range -- Fails with: set_option maxHeartbeats 200000
         exact blocked_range.1
       contradiction
 
     -- address not in allowances
-    · intro owner spender mem_allowances
+    · intro owner spender owner_spender_mem_allowances
+
       obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
-        is_erc20.hasAllowance mem_allowances
-      rw [get_evm_of_ok] at owner_lookup spender_lookup
-      have spender_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved spender_lookup
-      push_neg
-      use erc_intermediate
-      rw [ ← keccak' ]
-      by_contra h
-      rw [not_and'] at h
-      apply h at owner_lookup
-      exact owner_lookup
+        is_erc20.hasAllowance owner_spender_mem_allowances
 
-      rw [spender_lookup_s]
+      rw [ ← keccak'
+       , keccak_map_lookup_eq_of_Preserved_of_lookup
+           hPreserved'' owner_lookup ]
       by_contra h
-      have : [spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
+      have : [↑↑owner, ERC20Private.allowances] ∈ evmₛ.keccak_map.keys := by
         rw [Finmap.mem_keys]
         apply Finmap.lookup_isSome.mp
-        have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
-        rw [this]
+        have owner_lookup' := get_evm_of_ok ▸ owner_lookup
+        have spender_lookup' := get_evm_of_ok ▸ spender_lookup
+        rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved owner_lookup
+          , owner_lookup' ]
         simp
-      have keccak_inj := evmₛ.keccak_inj this h
+      have owner_lookup' := get_evm_of_ok ▸ owner_lookup
+      have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' owner_lookup
+      rw [this] at owner_lookup'
+      have hSpender := h owner_lookup'
+
+
+      have spender_lookup' := get_evm_of_ok ▸ spender_lookup
+      have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' spender_lookup'
+      rw [this] at hSpender
+
+      have keccak_inj := evmₛ'.keccak_inj (by sorry) (Eq.symm hSpender)
+      rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+      unfold Fin.ofNat'' at keccak_inj
       simp at keccak_inj
-      have intermediate_ne_allowances : erc_intermediate ≠ ERC20Private.allowances := by
-        obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2
-        rw [owner_lookup] at blocked_range
-        unfold not_mem_private at blocked_range
-        simp at blocked_range
-        rw [← Finset.forall_mem_not_eq] at blocked_range
-        have bal_mem_private: ERC20Private.allowances ∈ ERC20Private.toFinset := by
-          unfold PrivateAddresses.toFinset
-          simp
-        specialize blocked_range ERC20Private.allowances
-        exact blocked_range bal_mem_private
+      rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj <;> [skip; exact Address.val_lt_UInt256_size; exact Address.val_lt_UInt256_size]
+
+      obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
+
+      have hMemOwner := Finmap.mem_of_lookup_eq_some keccak
+
+      have hOwner : owner = Address.ofUInt256 var_owner := by
+        have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved owner_lookup
+        rw [←keccak_inj₂] at owner_lookup
+        rw [←keccak] at owner_lookup
+        have owner_lookup'' := get_evm_of_ok ▸ owner_lookup
+        rw [this] at owner_lookup''
+
+        have keccak_inj := evmₛ.keccak_inj (by sorry) (Eq.symm owner_lookup'')
+        rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+        unfold Fin.ofNat'' at keccak_inj
+        simp at keccak_inj
+        rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj <;> [skip; exact Address.val_lt_UInt256_size; exact Address.val_lt_UInt256_size]
+        symm
+        exact keccak_inj
 
-      tauto
+      have hSpender : spender = Address.ofUInt256 var_spender := by
+        have : s["var_spender"]!! = var_spender := by
+          rw [s_eq_ok]
+          rw [s_eq_ok] at hStore
+          unfold store at hStore
+          unfold State.insert at hStore
+          simp at hStore
+          rw [hStore]
+          unfold lookup!
+          simp
+          rw [Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+            , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+            , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)]
+          simp
+        rw [this] at keccak_inj₁
+        symm
+        exact keccak_inj₁
+        done
+      rw [←hOwner, ←hSpender] at mem
+      contradiction
 
     -- address not in reserved space
-    · obtain blocked_range := get_evm_of_ok ▸ s_erc20'.block_acc_range.2
-      rw [ keccak' ] at blocked_range
-      apply not_mem_private_of_some at blocked_range
-      exact blocked_range
+    · obtain blocked_range := get_evm_of_ok ▸ (s_erc20'.block_acc_range.2.2)
+      have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved' keccak
+      rw [this] at keccak
+      rw [ keccak ] at blocked_range
+
+      have blocked_range' := blocked_range (↑↑(Address.ofUInt256 (s["var_spender"]!!))) (s["_2"]!!) (by rfl)
+      rw [←Finset.mem_map' Function.Embedding.some]
+
+      -- TODO make simpler:
+      have : Function.Embedding.some (s'["_3"]!!) = (some (s'["_3"]!!)) := by
+        simp
+      rw [this]
+      rw [←keccak']
+      --Up to here
+      unfold not_mem_private at blocked_range'
+      rw [keccak'] at blocked_range'
+      simp at blocked_range'
+      rw [keccak']
+      simp
+      exact blocked_range'
 
 end
 

From fb2e9c982b29de5ac6cd01559e096e27f69990f9 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Mon, 21 Oct 2024 05:53:15 +0000
Subject: [PATCH 34/89] [wip] Fill final two sorries in
 `fun_allowance_abs_of_concrete`

---
 .../erc20shim/ERC20Shim/fun_allowance_user.lean   | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index 7ad0dd3..21e2766 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -228,7 +228,12 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
       have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' spender_lookup'
       rw [this] at hSpender
 
-      have keccak_inj := evmₛ'.keccak_inj (by sorry) (Eq.symm hSpender)
+      have : [↑↑(Address.ofUInt256 (s["var_spender"]!!)), s["_2"]!!] ∈ evmₛ'.keccak_map.keys := by
+        clear * -keccak_using_intermediate' s_eq_ok'
+        rw [s_eq_ok'] at keccak_using_intermediate'
+        simp at keccak_using_intermediate'
+        exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate'
+      have keccak_inj := evmₛ'.keccak_inj this (Eq.symm hSpender)
       rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
       unfold Fin.ofNat'' at keccak_inj
       simp at keccak_inj
@@ -236,7 +241,6 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
 
       obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
 
-      have hMemOwner := Finmap.mem_of_lookup_eq_some keccak
 
       have hOwner : owner = Address.ofUInt256 var_owner := by
         have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved owner_lookup
@@ -245,7 +249,12 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
         have owner_lookup'' := get_evm_of_ok ▸ owner_lookup
         rw [this] at owner_lookup''
 
-        have keccak_inj := evmₛ.keccak_inj (by sorry) (Eq.symm owner_lookup'')
+        have : [↑↑(Address.ofUInt256 var_owner), ERC20Private.allowances] ∈ evmₛ.keccak_map.keys := by
+          clear * -keccak_using_intermediate s_eq_ok
+          rw [s_eq_ok] at keccak_using_intermediate
+          simp at keccak_using_intermediate
+          exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate
+        have keccak_inj := evmₛ.keccak_inj this (Eq.symm owner_lookup'')
         rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
         unfold Fin.ofNat'' at keccak_inj
         simp at keccak_inj

From ab1c421d462fbe249c4bcca71d8f6d89fef9b300 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Tue, 22 Oct 2024 17:45:58 +1300
Subject: [PATCH 35/89] [wip] Update `balanceOf` proof so that it still builds
 Needed due to changes in: `Predicate.lean` and
 `mapping_index_access_mapping_address_uint256_of_address_user.lean` which
 were made for the `allowance` proof.

---
 Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index 75be777..a8fe2c8 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -32,8 +32,14 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   -- what we can get right now from mapping function
   unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
   clr_spec at mapping
-  obtain ⟨preservesEvm, s_isOk, keccak⟩ := mapping  
+  obtain ⟨preservesEvm, s_isOk, ⟨keccak_value, keccak_using_keccak_value, hStore⟩⟩ := mapping
   obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
+
+  have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_account), 0] s.evm.keccak_map = some (s["_2"]!!) := by
+    unfold store State.insert at hStore
+    unfold lookup!
+    aesop
+
   rw [ ← Variables.balances_def
      , s_eq_ok, get_evm_of_ok, ← s_eq_ok
      ] at keccak
@@ -148,7 +154,7 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
     have keccak_inj := evmₛ.keccak_inj this h
     simp at keccak_inj
     have intermediate_ne_balances : erc_intermediate ≠ ERC20Private.balances := by
-      obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2
+      obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2.1
       rw [owner_lookup] at blocked_range
       unfold not_mem_private at blocked_range
       simp at blocked_range

From 4d1dfd956d3e590c07d2e2e46cad8216bc9a004e Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Tue, 22 Oct 2024 18:17:57 +1300
Subject: [PATCH 36/89] [wip] Begin making proof style improvements

---
 .../ERC20Shim/fun_allowance_user.lean         | 28 ++++---------------
 .../ERC20Shim/fun_balanceOf_user.lean         | 11 ++------
 ...pping_address_uint256_of_address_user.lean |  2 +-
 3 files changed, 9 insertions(+), 32 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index 21e2766..276ee5b 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -27,28 +27,20 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
   apply spec_eq
   clr_funargs
-  intro hasFuel ⟨s, mapping, ⟨s', mapping', code⟩⟩ erc20 is_erc20
+  rintro hasFuel ⟨s, mapping, ⟨s', mapping', code⟩⟩ erc20 is_erc20
 
   clr_varstore
 
   -- what we can get right now from mapping function
-  unfold A_mapping_index_access_mapping_address_mapping_address_uint256_of_address at mapping
-  unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
+  unfold A_mapping_index_access_mapping_address_mapping_address_uint256_of_address
+         A_mapping_index_access_mapping_address_uint256_of_address at mapping
   clr_spec at mapping
   obtain ⟨preservesEvm, s_isOk, ⟨intermediate_keccak, keccak_using_intermediate, hStore⟩⟩ := mapping
   obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
   have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_owner), 1] s.evm.keccak_map = some (s["_2"]!!) := by
-    rw [s_eq_ok]
-    rw [s_eq_ok] at hStore
-    unfold store at hStore
-    simp at hStore
-    unfold State.insert at hStore
-    simp at hStore
-    conv_lhs => rw[←s_eq_ok]
-    rw [hStore]
+    unfold store State.insert at hStore
     unfold lookup!
-    simp
-    exact keccak_using_intermediate
+    aesop
 
   rw [ ← Variables.allowances_def
      , s_eq_ok, get_evm_of_ok, ← s_eq_ok
@@ -93,16 +85,8 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
   -- make use of transitivity of Preserved
   have hPreserved'' : Clear.Preserved evm evmₛ' := Preserved.trans hPreserved hPreserved'
 
-  apply And.intro
-  -- IsERC20 for the final state
-  exact IsERC20_of_preservesEvm (by aesop) is_erc20
-
+  refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
   rw [← code]
-  apply And.intro
-  -- preservesEvm s₀ s₉
-  rw [ preservesEvm_of_insert' ]
-  exact preservesEvm_of_preserved _ _ hPreserved''
-
   -- lookup allowance
   clr_varstore
   by_cases mem : ⟨Address.ofUInt256 var_owner, Address.ofUInt256 var_spender⟩ ∈ erc20.allowances
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index a8fe2c8..3e5a9ed 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -25,7 +25,7 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
   apply spec_eq
   clr_funargs
-  intro hasFuel ⟨s, mapping, code⟩ erc20 is_erc20
+  rintro hasFuel ⟨s, mapping, code⟩ erc20 is_erc20
 
   clr_varstore
 
@@ -54,16 +54,9 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
   have Preserved := Preserved_of_preservesEvm_of_Ok preservesEvm
 
-  apply And.intro
-  -- IsERC20 for the final state
-  exact IsERC20_of_preservesEvm (by aesop) is_erc20
+  refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
 
   rw [← code]
-  apply And.intro
-  -- preservesEvm s₀ s₉
-  rw [ preservesEvm_of_insert' ]
-  exact preservesEvm_of_preserved _ _ Preserved
-
   -- lookup balance
   clr_varstore
   by_cases mem : Address.ofUInt256 var_account ∈ erc20.balances
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
index 27014e9..a36bd3b 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
@@ -17,7 +17,7 @@ lemma mapping_index_access_mapping_address_mapping_address_uint256_of_address_ab
   Spec (mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
   Spec (A_mapping_index_access_mapping_address_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
   unfold mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_mapping_address_uint256_of_address
-  unfold A_mapping_index_access_mapping_address_uint256_of_address
+         A_mapping_index_access_mapping_address_uint256_of_address
 
   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
   apply spec_eq

From e33c914dfc5c635ac7ad2e42341ad0794581f6e7 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Thu, 24 Oct 2024 19:23:50 +1300
Subject: [PATCH 37/89] [wip] Handle hash collisions properly in specifications
 for `allowance`, `balanceOf` and the helper

---
 Generated/erc20shim/ERC20Shim/fun_allowance_user.lean     | 6 ++++--
 Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean     | 6 ++++--
 ...ex_access_mapping_address_uint256_of_address_user.lean | 8 ++++++--
 3 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index 276ee5b..7170c05 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -13,11 +13,13 @@ open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemma
 set_option maxHeartbeats 400000
 
 def A_fun_allowance (var : Identifier) (var_owner var_spender : Literal) (s₀ s₉ : State) : Prop :=
-  ∀ {erc20}, IsERC20 erc20 s₀ →
+  (∀ {erc20}, IsERC20 erc20 s₀ →
   let owner := Address.ofUInt256 var_owner
   let spender := Address.ofUInt256 var_spender
   IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
-  s₉[var]!! = (erc20.allowances.lookup ⟨owner, spender⟩).getD 0
+  s₉[var]!! = (erc20.allowances.lookup ⟨owner, spender⟩).getD 0 ∧
+  s₉.evm.hash_collision = false)
+  ∨ s₉.evm.hash_collision = true
 
 lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spender} :
   Spec (fun_allowance_concrete_of_code.1 var var_owner var_spender) s₀ s₉ →
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index 3e5a9ed..9c97028 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -12,10 +12,12 @@ section
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
 def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop :=
-  ∀ {erc20}, IsERC20 erc20 s₀ →
+  (∀ {erc20}, IsERC20 erc20 s₀ →
   let account := Address.ofUInt256 var_account
   IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
-  s₉[var]!! = (erc20.balances.lookup account).getD 0
+  s₉[var]!! = (erc20.balances.lookup account).getD 0 ∧
+  s₉.evm.hash_collision = false)
+  ∨ s₉.evm.hash_collision = true
 
 lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   Spec (fun_balanceOf_concrete_of_code.1 var var_account) s₀ s₉ →
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index f2498d9..ebda446 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -18,9 +18,13 @@ set_option linter.setOption false
 set_option pp.coercions false
 
 def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
-  preservesEvm s₀ s₉ ∧ s₉.isOk ∧ (∃ keccak,
+  ((preservesEvm s₀ s₉ ∧ s₉.isOk ∧ (∃ keccak,
   s₉.evm.keccak_map.lookup [ ↑(Address.ofUInt256 key), slot ] = some keccak ∧
-  s₉.store = s₀⟦dataSlot ↦ keccak⟧.store)
+  -- s₉.store = s₀⟦dataSlot ↦ keccak⟧.store ∧
+  s₉.store.lookup dataSlot = some keccak) ∧
+  s₉.evm.hash_collision = false)
+  ∨ s₉.evm.hash_collision = true)
+  ∧ (s₀.evm.hash_collision = true → s₉.evm.hash_collision = true)
 
 -- Helper reifications
 lemma shift_eq_size : Fin.shiftLeft (n := UInt256.size) 1 160 = Address.size := by

From cdcdb54db2490af55f7c8ed389646c49a145aea2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Thu, 24 Oct 2024 17:48:42 +0200
Subject: [PATCH 38/89] updated_keccak_map

---
 Clear/EVMState.lean                           | 216 +++++++++++-------
 Clear/State.lean                              |   2 +
 ...pping_address_uint256_of_address_user.lean | 142 ++++++++++--
 3 files changed, 255 insertions(+), 105 deletions(-)

diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index 5f81236..1b940d8 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -450,6 +450,22 @@ instance instPreorderFinmap : Preorder (Finmap (λ _ : List UInt256 ↦ UInt256)
   le_refl := by aesop
   le_trans := by aesop (add safe forward subset_trans)
 
+lemma lt_of_insert {map : Finmap (λ _ : List UInt256 ↦ UInt256)} {key} (val : UInt256) :
+  (h : key ∉ map) → map ≤ map.insert key val := by
+  intro key_ne_mem_map
+  dsimp [(· ≤ ·)]
+  apply And.intro
+  rw [Finset.subset_iff]
+  intro _ mem_prev
+  rw [Finmap.mem_keys, Finmap.mem_insert]
+  right; exact Finmap.mem_keys.mp mem_prev
+
+  intro prev prev_mem
+  rw [Finmap.lookup_insert_of_ne]
+  by_contra h
+  rw [h] at prev_mem
+  exact key_ne_mem_map prev_mem
+
 structure Preserved (a : EVMState) (b : EVMState) : Prop where
   account_map : (Eq on EVMState.account_map) a b
   hash_collision : (Eq on EVMState.hash_collision) a b
@@ -553,94 +569,130 @@ lemma mem_sigma_proj {α} {β} {l : List (Σ _ : α, β)} :
             , Equiv.sigmaEquivProd_apply, Sigma.exists, exists_eq_right ]
   use a, mem
 
+theorem filter_cons {α} {p : α → Bool} {x} {xs} :
+    (x :: xs : List α).filter p = if p x then x :: (xs.filter p) else xs.filter p := by
+  split <;> simp [*]
+
+@[simp] theorem filter_eq_nil_iff {α} {p : α → Bool} {l} : List.filter p l = [] ↔ ∀ a, a ∈ l → ¬p a := by
+  simp only [List.eq_nil_iff_forall_not_mem, List.mem_filter, not_and]
+
+theorem filter_eq_cons_iff {α} {p : α → Bool} {l} {a} {as} :
+    List.filter p l = a :: as ↔
+      ∃ l₁ l₂, l = l₁ ++ a :: l₂ ∧ (∀ x, x ∈ l₁ → ¬p x) ∧ p a ∧ List.filter p l₂ = as := by
+  constructor
+  · induction l with
+    | nil => simp
+    | cons x l ih =>
+      intro h
+      simp only [filter_cons] at h
+      split at h <;> rename_i w
+      · simp only [List.cons.injEq] at h
+        obtain ⟨rfl, rfl⟩ := h
+        refine ⟨[], l, ?_⟩
+        simp [w]
+      · specialize ih h
+        obtain ⟨l₁, l₂, rfl, w₁, w₂, w₃⟩ := ih
+        refine ⟨x :: l₁, l₂, ?_⟩
+        simp_all
+  · rintro ⟨l₁, l₂, rfl, h₁, h, h₂⟩
+    simp [h₂, filter_cons, filter_eq_nil_iff.mpr h₁, h]
+
+def updated_keccak_map {interval} {r} {rs} {σ : EVMState}
+  (h_int : interval ∉ σ.keccak_map)
+  (h_filter : σ.keccak_range.filter (· ∉ σ.used_range) = r :: rs) :
+  EVMState :=
+    have := filter_eq_cons_iff.mp h_filter
+    have r_ne_used : r ∈ σ.keccak_range.filter (· ∉ σ.used_range) :=
+      by aesop
+    have r_mem_range := List.mem_filter.mp r_ne_used
+    have r_ne_mem_used : r ∉ σ.used_range :=
+      by aesop
+    {σ with
+    keccak_map := σ.keccak_map.insert interval r,
+    keccak_range := rs,
+    used_range := {r} ∪ σ.used_range
+    keccak_used_range := by
+      intro r' r'_mem
+      have subset := Finset.subset_iff.mp σ.keccak_used_range
+      rw [ List.mem_toFinset, List.mem_map
+         , Finmap.insert_entries_of_neg h_int
+         ] at r'_mem
+      obtain ⟨a, ⟨a_mem, a_val_eq_r'⟩⟩ := r'_mem
+      rw [Multiset.mem_toList, Multiset.mem_cons] at a_mem
+      rcases a_mem with a_eq_interval_r | a_mem_prev
+      rw [a_eq_interval_r] at a_val_eq_r'
+      simp only [ keccak_val, keccak_prod
+                , Equiv.toFun_as_coe, Function.comp_apply
+                , Equiv.sigmaEquivProd_apply ] at a_val_eq_r'
+      rw [a_val_eq_r']
+      simp
+
+      rw [← Multiset.mem_toList] at a_mem_prev
+      apply mem_sigma_proj at a_mem_prev
+      rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset
+         , snd_eq_keccak_val, a_val_eq_r'
+         ] at a_mem_prev
+      have := subset a_mem_prev
+      simp only [Finset.mem_union, Finset.mem_singleton]
+      right; exact this
+
+    keccak_inj := by
+      intro a b mem h_lookup
+      rcases Finmap.mem_insert.mp mem with a_eq_interval | a_mem_prev
+
+      have b_lookup_eq_some_r := by
+        rw [a_eq_interval] at h_lookup
+        symm at h_lookup
+        simp at h_lookup
+        exact h_lookup
+      have b_mem : b ∈ Finmap.insert interval r σ.keccak_map :=
+        Finmap.mem_iff.mpr ⟨r, b_lookup_eq_some_r⟩
+      by_contra a_ne_b
+
+      rw [ ← a_eq_interval, Finmap.lookup_insert_of_ne _ (Ne.symm a_ne_b)
+         , Finmap.lookup_eq_some_iff, ← Multiset.mem_toList ] at b_lookup_eq_some_r
+      apply mem_sigma_proj at b_lookup_eq_some_r
+      rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset] at b_lookup_eq_some_r
+      simp only [] at b_lookup_eq_some_r
+
+      have r_mem_used := σ.keccak_used_range b_lookup_eq_some_r
+      exact r_ne_mem_used r_mem_used
+
+      have a_ne_interval : a ≠ interval := by aesop
+      by_cases b_ne_interval : b ≠ interval
+      rw [ Finmap.lookup_insert_of_ne _ a_ne_interval
+         , Finmap.lookup_insert_of_ne _ b_ne_interval ] at h_lookup
+      exact σ.keccak_inj a_mem_prev h_lookup
+
+      have b_eq_interval : b = interval := by aesop
+      rw [ b_eq_interval, Finmap.lookup_insert
+         , Finmap.lookup_insert_of_ne _ a_ne_interval ] at h_lookup
+
+      rw [ Finmap.lookup_eq_some_iff, ← Multiset.mem_toList ] at h_lookup
+      apply mem_sigma_proj at h_lookup
+      rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset] at h_lookup
+      simp only [] at h_lookup
+
+      have r_mem_used := σ.keccak_used_range h_lookup
+      contradiction
+  }
+
+lemma Preserved_of_updated_keccak_map
+  {σ σ'} {interval} {r} {rs}
+  {h_int : interval ∉ σ.keccak_map} {h_filter : σ.keccak_range.filter (· ∉ σ.used_range) = r :: rs}
+  (h : updated_keccak_map (σ := σ) h_int h_filter = σ') : Preserved σ σ' := by
+  rw [← h]
+  unfold updated_keccak_map
+  constructor <;> simp
+  exact lt_of_insert r h_int
+
 def keccak256 (σ : EVMState) (p n : UInt256) : Option (UInt256 × EVMState) :=
   let interval : List UInt256 := List.map (Nat.toUInt256 ∘ fromBytes!) (List.toChunks 32 (mkInterval' σ.machine_state.memory p n))
   match g : Finmap.lookup interval σ.keccak_map with
   | .some val => .some (val, σ)
   | .none     =>
     match h : σ.keccak_range.filter (· ∉ σ.used_range) with
-    | r :: rs =>
-      .some (
-        r,
-        {σ with
-          keccak_map := σ.keccak_map.insert interval r,
-          keccak_range := rs,
-          used_range := {r} ∪ σ.used_range
-          keccak_used_range := by
-            intro r' r'_mem
-            have subset := Finset.subset_iff.mp σ.keccak_used_range
-            rw [ List.mem_toFinset, List.mem_map
-               , Finmap.insert_entries_of_neg (Finmap.lookup_eq_none.mp g)
-               ] at r'_mem
-            obtain ⟨a, ⟨a_mem, a_val_eq_r'⟩⟩ := r'_mem
-            rw [Multiset.mem_toList, Multiset.mem_cons] at a_mem
-            rcases a_mem with a_eq_interval_r | a_mem_prev
-            rw [a_eq_interval_r] at a_val_eq_r'
-            simp only [ keccak_val, keccak_prod
-                      , Equiv.toFun_as_coe, Function.comp_apply
-                      , Equiv.sigmaEquivProd_apply ] at a_val_eq_r'
-            rw [a_val_eq_r']
-            simp
-
-            rw [← Multiset.mem_toList] at a_mem_prev
-            apply mem_sigma_proj at a_mem_prev
-            rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset
-               , snd_eq_keccak_val, a_val_eq_r'
-               ] at a_mem_prev
-            have := subset a_mem_prev
-            simp only [Finset.mem_union, Finset.mem_singleton]
-            right; exact this
-
-          keccak_inj := by
-            intro a b mem h_lookup
-            rcases Finmap.mem_insert.mp mem with a_eq_interval | a_mem_prev
-
-            have b_lookup_eq_some_r := by
-              rw [a_eq_interval] at h_lookup
-              symm at h_lookup
-              simp at h_lookup
-              exact h_lookup
-            have b_mem : b ∈ Finmap.insert interval r σ.keccak_map :=
-              Finmap.mem_iff.mpr ⟨r, b_lookup_eq_some_r⟩
-            by_contra a_ne_b
-
-            rw [ ← a_eq_interval, Finmap.lookup_insert_of_ne _ (Ne.symm a_ne_b)
-               , Finmap.lookup_eq_some_iff, ← Multiset.mem_toList ] at b_lookup_eq_some_r
-            apply mem_sigma_proj at b_lookup_eq_some_r
-            rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset] at b_lookup_eq_some_r
-            simp only [] at b_lookup_eq_some_r
-
-            have r_mem_used := σ.keccak_used_range b_lookup_eq_some_r
-            have : r ∈ List.filter (fun x => decide (x ∉ σ.used_range)) σ.keccak_range :=
-              by aesop
-            have this := List.mem_filter.mp this
-            have r_ne_mem_used : r ∉ σ.used_range := by aesop
-            exact r_ne_mem_used r_mem_used
-
-            have interval_ne_mem_prev := Finmap.lookup_eq_none.mp g
-            have a_ne_interval : a ≠ interval := by aesop
-            by_cases b_ne_interval : b ≠ interval
-            rw [ Finmap.lookup_insert_of_ne _ a_ne_interval
-               , Finmap.lookup_insert_of_ne _ b_ne_interval ] at h_lookup
-            exact σ.keccak_inj a_mem_prev h_lookup
-
-            have b_eq_interval : b = interval := by aesop
-            rw [b_eq_interval, Finmap.lookup_insert
-               , Finmap.lookup_insert_of_ne _ a_ne_interval ] at h_lookup
-
-            rw [ Finmap.lookup_eq_some_iff, ← Multiset.mem_toList ] at h_lookup
-            apply mem_sigma_proj at h_lookup
-            rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset] at h_lookup
-            simp only [] at h_lookup
-
-            have r_mem_used := σ.keccak_used_range h_lookup
-            have : r ∈ List.filter (fun x => decide (x ∉ σ.used_range)) σ.keccak_range :=
-              by aesop
-            have this := List.mem_filter.mp this
-            have r_ne_mem_used : r ∉ σ.used_range := by aesop
-            contradiction
-        }
-      )
+    | r :: rs => .some ( r, updated_keccak_map (r := r) (rs := rs) (Finmap.lookup_eq_none.mp g) h)
     | [] => .none
 
 lemma keccak_map_lookup_eq_of_Preserved_of_lookup {σ₀ σ₁} {addr} {b}
diff --git a/Clear/State.lean b/Clear/State.lean
index 88a718d..a595d33 100644
--- a/Clear/State.lean
+++ b/Clear/State.lean
@@ -66,6 +66,8 @@ def isLeave : State → Prop
   | .Checkpoint (.Leave _ _) => True
   | _ => False
 
+def allGood (s : State) : Prop := s.isOk ∧ ¬ s.evm.hash_collision
+
 -- ============================================================================
 --  STATE TRANSFORMERS
 -- ============================================================================
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index ebda446..e716b6b 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -34,6 +34,11 @@ lemma EVMAddrSize' {s : State} : (s, [Fin.shiftLeft 1 160]) = (s, [Address.size.
   simp
   exact shift_eq_size
 
+set_option maxHeartbeats 200000
+set_option maxRecDepth 800
+set_option pp.deepTerms true
+set_option pp.proofs true
+
 lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
   Spec (mapping_index_access_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
   Spec (A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
@@ -42,41 +47,132 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
   apply spec_eq
   intro hasFuel
   clr_funargs
-  sorry
-
-  -- rw [ EVMSub', EVMShl', EVMAddrSize' ]; simp
-  -- rw [ Address.and_size_eq_ofUInt256 ]
-  -- rw [ multifill_cons, multifill_nil ]
-  -- simp
-
-  -- clr_varstore
-
-  -- generalize acconut_def : Address.ofUInt256 key = account
-  -- intro prog address hasAddress
-
-  -- generalize prep_def : (mstore evm 0 ↑↑account).mstore 32 slot = state_prep
-  -- unfold keccak256 at prog
-  -- rw [ interval'_eq_interval 2 two_ne_zero (by norm_cast)
-  --    , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
-  --    , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
-  --    , interval_of_0_eq_nil
-  --    ] at prog
-  -- unfold_let at prog
+  
+  rw [ EVMSub', EVMShl', EVMAddrSize' ]; simp
+  rw [ Address.and_size_eq_ofUInt256 ]
+  rw [ multifill_cons, multifill_nil ]
+  simp
+
+  clr_varstore
+
+  generalize acconut_def : Address.ofUInt256 key = account
+  intro code
+  unfold reviveJump at code
+
+  generalize prep_def : (mstore evm 0 ↑↑account).mstore 32 slot = state_prep at code
+  have Preserved_prep : Preserved evm state_prep := by
+    rw [← prep_def];
+    exact Preserved.trans mstore_preserved mstore_preserved
+
+  unfold keccak256 at code
+  unfold_let at code
+
+  split at code
+  -- some
+  case h_1 x h_lookup =>
+    right -- no hash collision
+    split at h_lookup
+    case h_1 val heq =>
+      rw [Option.some_inj] at h_lookup
+      -- lookup existing
+      rw [ interval'_eq_interval 2 two_ne_zero (by norm_cast)
+         , ← prep_def
+         , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
+         , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
+         , interval_of_0_eq_nil
+         ] at heq
+      -- make sense of the code
+      rw [← h_lookup] at code
+      simp only [Fin.isValue, multifill_cons, multifill_nil'] at code
+      unfold setEvm State.insert State.lookup! at code
+      simp only [Fin.isValue, Finmap.lookup_insert, get!_some, isOk_Ok] at code
+      rw [← State.insert_of_ok] at code
+
+      rw [← code]
+      simp only [isOk_Ok, isOutOfFuel_insert', isOutOfFuel_Ok, not_false_eq_true, isOk_insert, evm_insert,
+  get_evm_of_ok, true_and]
+      split_ands
+
+      rw [preservesEvm_of_insert']
+      apply preservesEvm_of_preserved
+      simp [get_evm_of_ok]
+      exact Preserved_prep
+      use val, (prep_def ▸ heq)
+      simp only [insert_of_ok, store]
+
+    case h_2 val heq =>
+      split at h_lookup
+      swap; contradiction
+      rw [Option.some_inj] at h_lookup
+      
+      have : Finmap.lookup [account.val.cast, slot] state_prep.keccak_map = none := by
+        rw [ interval'_eq_interval 2 two_ne_zero (by norm_cast)
+           , ← prep_def
+           , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
+           , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
+           , interval_of_0_eq_nil
+           ] at heq
+        exact (prep_def ▸ heq)
+      have int_ne_mem_map : [↑↑account, slot] ∉ state_prep.keccak_map := sorry
+
+      simp at code
+      unfold setEvm State.insert State.lookup! at code
+      simp at code
+      simp only [← h_lookup, ← State.insert_of_ok] at code
+      rw [← code]
+
+      split_ands
+      rw [preservesEvm_of_insert']
+      apply preservesEvm_of_preserved
+      simp [get_evm_of_ok]
+      apply Preserved.trans Preserved_prep
+    
+      -- obtain ⟨res, σ'⟩ := x
+      -- injection h_lookup with res_eq σ'_eq
+      exact Preserved_of_updated_keccak_map (σ := state_prep) rfl
+      done
+    done
+
+  case h_2 x h_lookup =>
+    split at h_lookup
+    done
+
+  -- -- generalize interval_def : List.map (Nat.toUInt256 ∘ UInt256.fromBytes!)
+  -- --                 (List.toChunks 32
+  -- --                 (mkInterval' state_prep.machine_state.memory 0 64)) = interval at code
+
+  -- -- have interval_eq : interval = mkInterval state_prep.machine_state.memory 0 2 := by sorry
+
+  -- -- have : List.map (Nat.toUInt256 ∘ UInt256.fromBytes!)
+  -- --                 (List.toChunks 32
+  -- --                 (mkInterval' state_prep.machine_state.memory 0 64)) =
+  -- --   mkInterval state_prep.machine_state.memory 0 2 := by sorry
+  -- split at code
+  -- next x h_lookup =>
+  --   split at h_lookup
+  --   done
+
+  -- simp_rw [ interval'_eq_interval 2 two_ne_zero (by sorry)
+  --    -- , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
+  --    -- , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
+  --    -- , interval_of_0_eq_nil
+  --    ] at code
+
+  -- -- rw [ this ] at code
   -- rw [ mstore_preserves_keccak_map, mstore_preserves_keccak_map
   --    , hasAddress
-  --    ] at prog
+  --    ]
   -- simp at prog
   -- unfold setEvm State.insert State.lookup! at prog
   -- simp at prog
 
-
   -- rw [← prog]
   -- unfold State.lookup!
 
   -- apply And.intro
   -- · apply preservesEvm_eq
   --   simp
-  --   apply preserved_trans (e₁ := mstore evm 0 ↑↑account)
+  --   apply preserved_trans 
   --   · exact mstore_preserves
   --   · exact mstore_preserves
   -- · simp

From 74d74359cffb2a8df2bfe19f09221abf1dc20d14 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Thu, 24 Oct 2024 18:01:57 +0200
Subject: [PATCH 39/89] [wip] a bit of adjustment for new spec

---
 ..._mapping_address_uint256_of_address_user.lean | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index e716b6b..ef20cef 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -70,7 +70,7 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
   split at code
   -- some
   case h_1 x h_lookup =>
-    right -- no hash collision
+    -- no hash collision
     split at h_lookup
     case h_1 val heq =>
       rw [Option.some_inj] at h_lookup
@@ -91,6 +91,13 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
       rw [← code]
       simp only [isOk_Ok, isOutOfFuel_insert', isOutOfFuel_Ok, not_false_eq_true, isOk_insert, evm_insert,
   get_evm_of_ok, true_and]
+      apply And.intro
+      swap;
+      rw [← prep_def]
+      unfold mstore updateMemory
+      simp only []
+      intro _; assumption
+      left
       split_ands
 
       rw [preservesEvm_of_insert']
@@ -121,7 +128,12 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
       simp only [← h_lookup, ← State.insert_of_ok] at code
       rw [← code]
 
-      split_ands
+      apply And.intro
+      swap;
+      -- hash collision preservation
+      sorry
+
+      left; split_ands
       rw [preservesEvm_of_insert']
       apply preservesEvm_of_preserved
       simp [get_evm_of_ok]

From 2dfc22a9cc4f29ea94724e253f56def1299ea9ba Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Fri, 25 Oct 2024 19:18:31 +1300
Subject: [PATCH 40/89] [wip] Correction to helper spec

---
 ...g_index_access_mapping_address_uint256_of_address_user.lean | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index ebda446..618e0ce 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -20,8 +20,7 @@ set_option pp.coercions false
 def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
   ((preservesEvm s₀ s₉ ∧ s₉.isOk ∧ (∃ keccak,
   s₉.evm.keccak_map.lookup [ ↑(Address.ofUInt256 key), slot ] = some keccak ∧
-  -- s₉.store = s₀⟦dataSlot ↦ keccak⟧.store ∧
-  s₉.store.lookup dataSlot = some keccak) ∧
+  s₉.store = s₀⟦dataSlot ↦ keccak⟧.store) ∧
   s₉.evm.hash_collision = false)
   ∨ s₉.evm.hash_collision = true)
   ∧ (s₀.evm.hash_collision = true → s₉.evm.hash_collision = true)

From c18553422fb6a57fd0796fc56159b79653862549 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Fri, 25 Oct 2024 17:07:12 +1300
Subject: [PATCH 41/89] [wip] QED on allowance, except sorries

---
 .../ERC20Shim/fun_allowance_user.lean         | 713 ++++++++++++------
 1 file changed, 464 insertions(+), 249 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index 7170c05..d6b0a11 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -29,7 +29,7 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
   apply spec_eq
   clr_funargs
-  rintro hasFuel ⟨s, mapping, ⟨s', mapping', code⟩⟩ erc20 is_erc20
+  rintro hasFuel ⟨s, mapping, ⟨s', mapping', code⟩⟩
 
   clr_varstore
 
@@ -37,260 +37,475 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
   unfold A_mapping_index_access_mapping_address_mapping_address_uint256_of_address
          A_mapping_index_access_mapping_address_uint256_of_address at mapping
   clr_spec at mapping
-  obtain ⟨preservesEvm, s_isOk, ⟨intermediate_keccak, keccak_using_intermediate, hStore⟩⟩ := mapping
-  obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
-  have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_owner), 1] s.evm.keccak_map = some (s["_2"]!!) := by
-    unfold store State.insert at hStore
-    unfold lookup!
-    aesop
-
-  rw [ ← Variables.allowances_def
+  
+  
+
+  obtain ⟨⟨preservesEvm, s_isOk, ⟨⟨intermediate_keccak, keccak_using_intermediate, hStore⟩,hHashCollision⟩⟩, hHashCollision₁⟩ := mapping -- Adds a goal
+  · -- No hash collision from first keccak
+    
+    obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
+    have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_owner), 1] s.evm.keccak_map = some (s["_2"]!!) := by
+      unfold store State.insert at hStore
+      unfold lookup!
+      aesop
+    rw [ ← Variables.allowances_def
      , s_eq_ok, get_evm_of_ok, ← s_eq_ok
      ] at keccak
 
-  -- what we can get right now from mapping' function
-  unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
-  clr_spec at mapping'
-  obtain ⟨preservesEvm', s_isOk', ⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩⟩ := mapping'
-  obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
-  have keccak' : Finmap.lookup [↑↑(Address.ofUInt256 (s["var_spender"]!!)), s["_2"]!!] s'.evm.keccak_map = some (s'["_3"]!!) := by
-    rw [s_eq_ok]
-    rw [s_eq_ok] at hStore'
-    rw [s_eq_ok']
-    rw [s_eq_ok'] at hStore'
-    unfold store at hStore'
-    simp at hStore'
-    unfold State.insert at hStore'
-    simp at hStore'
-    conv_lhs => rw[←s_eq_ok]; rw[←s_eq_ok']
-    rw [hStore']
-    unfold lookup!
-    simp
-    exact keccak_using_intermediate'
-  rw [ s_eq_ok', get_evm_of_ok, ← s_eq_ok'
-     ] at keccak'
-
-  -- simplify contract
-  unfold reviveJump at code
-  simp [s_eq_ok, s_eq_ok'] at code
-  rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
-  clr_varstore
-
-  -- get underlying Preserved from preservesEvm
-  rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
-  have hPreserved := Preserved_of_preservesEvm_of_Ok preservesEvm
-
-  -- get underlying Preserved from preservesEvm'
-  rw [ s_eq_ok, s_eq_ok'] at preservesEvm'
-  have hPreserved' := Preserved_of_preservesEvm_of_Ok preservesEvm'
-
-  -- make use of transitivity of Preserved
-  have hPreserved'' : Clear.Preserved evm evmₛ' := Preserved.trans hPreserved hPreserved'
-
-  refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
-  rw [← code]
-  -- lookup allowance
-  clr_varstore
-  by_cases mem : ⟨Address.ofUInt256 var_owner, Address.ofUInt256 var_spender⟩ ∈ erc20.allowances
-  · -- there is such ⟨owner, spender⟩ in allowances
-    obtain ⟨address, intermediate, has_intermediate, has_address, allowance⟩ := is_erc20.hasAllowance mem
-
-    have intermediate_def : s["_2"]!! = intermediate := by
-      rw [s_eq_ok]
-      rw [← Option.some_inj]
-      trans
-      · have := Eq.symm (s_eq_ok ▸ keccak)
-        exact this
-      · exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved has_intermediate
-          ▸ has_intermediate)
-
-    have address_def : s'["_3"]!! = address := by
-      rw [s_eq_ok']
-      rw [← Option.some_inj]
-      trans
-      · have := Eq.symm (s_eq_ok' ▸ keccak')
-        exact this
-      · rw [intermediate_def]
-        have : s["var_spender"]!! = var_spender := by
-          rw [s_eq_ok]
-          rw [s_eq_ok] at hStore
-          unfold store at hStore
-          unfold State.insert at hStore
-          simp at hStore
-          rw [hStore]
-          unfold lookup!
-          simp
-          rw [Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
-            , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
-            , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)]
-          simp
-        rw [this]
-        exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address ▸ has_address)
-
-    rw [address_def] at code ⊢
-    rw [ allowance
-      , Option.getD_some
-      , State.get_evm_of_ok
-      , ← sload_eq_of_preserved hPreserved''
-      ]
-  · -- there is *no* such account in allowances
-    -- so sload should return 0
-    rw [ Finmap.lookup_eq_none.mpr mem
-      , Option.getD_none
-      ]
-
-    -- in order to do that it should be given storage address outside of
-    -- its domain
-    apply sload_of_not_mem_dom
-    have := State.get_evm_of_ok ▸ is_erc20.storageDom
-    rw [ ← storage_eq_of_preserved hPreserved''
-      , this
-      ]
-    clear this
-    simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
-    have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
-      IsERC20_of_ok_of_Preserved hPreserved is_erc20
-    have s_erc20' : IsERC20 erc20 (Ok evmₛ' _) :=
-      IsERC20_of_ok_of_Preserved hPreserved' s_erc20
-
-    split_ands
-    -- address not in balances
-    · intro account account_mem_balances
-      obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
-      rw [ ← keccak'
-        , keccak_map_lookup_eq_of_Preserved_of_lookup
-            hPreserved'' has_address ]
-      by_contra h
-      have : [↑↑account, ERC20Private.balances] ∈ evmₛ'.keccak_map.keys := by
-        rw [Finmap.mem_keys]
-        apply Finmap.lookup_isSome.mp
-        have := get_evm_of_ok ▸ has_address
-        rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address
-          , this ]
+    -- what we can get right now from mapping' function
+    unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
+    clr_spec at mapping'
+    
+    obtain ⟨⟨preservesEvm', s_isOk', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
+    · -- No hash collision from second keccak
+      left
+      intro erc20 is_erc20
+      obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
+      have keccak' : Finmap.lookup [↑↑(Address.ofUInt256 (s["var_spender"]!!)), s["_2"]!!] s'.evm.keccak_map = some (s'["_3"]!!) := by
+        rw [s_eq_ok]
+        rw [s_eq_ok] at hStore'
+        rw [s_eq_ok']
+        rw [s_eq_ok'] at hStore'
+        unfold store at hStore'
+        simp at hStore'
+        unfold State.insert at hStore'
+        simp at hStore'
+        conv_lhs => rw[←s_eq_ok]; rw[←s_eq_ok']
+        rw [hStore']
+        unfold lookup!
         simp
-      have keccak_inj := evmₛ'.keccak_inj this (Eq.symm h)
-
-      rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
-      unfold Fin.ofNat'' at keccak_inj
-      simp at keccak_inj
-      obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
-
-      have : ERC20Private.balances ≠ s["_2"]!! := by
-        obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.2.1
-        rw [ keccak ] at blocked_range
-        apply not_mem_private_of_some at blocked_range
-        rw [@ne_comm]
-        unfold PrivateAddresses.toFinset at blocked_range
-        rw [Finset.mem_def] at blocked_range
-        simp at blocked_range -- Fails with: set_option maxHeartbeats 200000
-        exact blocked_range.1
-      contradiction
-
-    -- address not in allowances
-    · intro owner spender owner_spender_mem_allowances
-
-      obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
-        is_erc20.hasAllowance owner_spender_mem_allowances
-
-      rw [ ← keccak'
-       , keccak_map_lookup_eq_of_Preserved_of_lookup
-           hPreserved'' owner_lookup ]
-      by_contra h
-      have : [↑↑owner, ERC20Private.allowances] ∈ evmₛ.keccak_map.keys := by
-        rw [Finmap.mem_keys]
-        apply Finmap.lookup_isSome.mp
-        have owner_lookup' := get_evm_of_ok ▸ owner_lookup
-        have spender_lookup' := get_evm_of_ok ▸ spender_lookup
-        rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved owner_lookup
-          , owner_lookup' ]
-        simp
-      have owner_lookup' := get_evm_of_ok ▸ owner_lookup
-      have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' owner_lookup
-      rw [this] at owner_lookup'
-      have hSpender := h owner_lookup'
-
-
-      have spender_lookup' := get_evm_of_ok ▸ spender_lookup
-      have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' spender_lookup'
-      rw [this] at hSpender
-
-      have : [↑↑(Address.ofUInt256 (s["var_spender"]!!)), s["_2"]!!] ∈ evmₛ'.keccak_map.keys := by
-        clear * -keccak_using_intermediate' s_eq_ok'
-        rw [s_eq_ok'] at keccak_using_intermediate'
-        simp at keccak_using_intermediate'
-        exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate'
-      have keccak_inj := evmₛ'.keccak_inj this (Eq.symm hSpender)
-      rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
-      unfold Fin.ofNat'' at keccak_inj
-      simp at keccak_inj
-      rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj <;> [skip; exact Address.val_lt_UInt256_size; exact Address.val_lt_UInt256_size]
-
-      obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
-
-
-      have hOwner : owner = Address.ofUInt256 var_owner := by
-        have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved owner_lookup
-        rw [←keccak_inj₂] at owner_lookup
-        rw [←keccak] at owner_lookup
-        have owner_lookup'' := get_evm_of_ok ▸ owner_lookup
-        rw [this] at owner_lookup''
-
-        have : [↑↑(Address.ofUInt256 var_owner), ERC20Private.allowances] ∈ evmₛ.keccak_map.keys := by
-          clear * -keccak_using_intermediate s_eq_ok
-          rw [s_eq_ok] at keccak_using_intermediate
-          simp at keccak_using_intermediate
-          exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate
-        have keccak_inj := evmₛ.keccak_inj this (Eq.symm owner_lookup'')
-        rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
-        unfold Fin.ofNat'' at keccak_inj
-        simp at keccak_inj
-        rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj <;> [skip; exact Address.val_lt_UInt256_size; exact Address.val_lt_UInt256_size]
-        symm
-        exact keccak_inj
-
-      have hSpender : spender = Address.ofUInt256 var_spender := by
-        have : s["var_spender"]!! = var_spender := by
+        exact keccak_using_intermediate'
+      rw [ s_eq_ok', get_evm_of_ok, ← s_eq_ok'
+        ] at keccak'
+
+      -- simplify contract
+      unfold reviveJump at code
+      simp [s_eq_ok, s_eq_ok'] at code
+      rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
+      clr_varstore
+
+      -- get underlying Preserved from preservesEvm
+      rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
+      have hPreserved := Preserved_of_preservesEvm_of_Ok preservesEvm
+
+      -- get underlying Preserved from preservesEvm'
+      rw [ s_eq_ok, s_eq_ok'] at preservesEvm'
+      have hPreserved' := Preserved_of_preservesEvm_of_Ok preservesEvm'
+
+      -- make use of transitivity of Preserved
+      have hPreserved'' : Clear.Preserved evm evmₛ' := Preserved.trans hPreserved hPreserved'
+      
+      refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
+      rw [← code]
+      -- lookup allowance
+      clr_varstore
+      by_cases mem : ⟨Address.ofUInt256 var_owner, Address.ofUInt256 var_spender⟩ ∈ erc20.allowances
+      · -- there is such ⟨owner, spender⟩ in allowances
+        split_ands <;> [skip; aesop]
+
+        obtain ⟨address, intermediate, has_intermediate, has_address, allowance⟩ := is_erc20.hasAllowance mem
+
+        have intermediate_def : s["_2"]!! = intermediate := by
           rw [s_eq_ok]
-          rw [s_eq_ok] at hStore
-          unfold store at hStore
-          unfold State.insert at hStore
-          simp at hStore
-          rw [hStore]
-          unfold lookup!
-          simp
-          rw [Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
-            , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
-            , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)]
+          rw [← Option.some_inj]
+          trans
+          · have := Eq.symm (s_eq_ok ▸ keccak)
+            exact this
+          · exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved has_intermediate
+              ▸ has_intermediate)
+
+        have address_def : s'["_3"]!! = address := by
+          rw [s_eq_ok']
+          rw [← Option.some_inj]
+          trans
+          · have := Eq.symm (s_eq_ok' ▸ keccak')
+            exact this
+          · rw [intermediate_def]
+            have : s["var_spender"]!! = var_spender := by
+              rw [s_eq_ok]
+              rw [s_eq_ok] at hStore
+              unfold store at hStore
+              unfold State.insert at hStore
+              simp at hStore
+              rw [hStore]
+              unfold lookup!
+              simp
+              rw [Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)]
+              simp
+            rw [this]
+            exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address ▸ has_address)
+
+        rw [address_def] at code ⊢
+        rw [ allowance
+          , Option.getD_some
+          , State.get_evm_of_ok
+          , ← sload_eq_of_preserved hPreserved''
+          ]
+      · -- there is *no* such account in allowances
+        -- so sload should return 0
+
+        split_ands <;> [skip; aesop]
+
+        rw [ Finmap.lookup_eq_none.mpr mem
+          , Option.getD_none
+          ]
+
+        -- in order to do that it should be given storage address outside of
+        -- its domain
+        apply sload_of_not_mem_dom
+        have := State.get_evm_of_ok ▸ is_erc20.storageDom
+        rw [ ← storage_eq_of_preserved hPreserved''
+          , this
+          ]
+        clear this
+        simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
+        have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
+          IsERC20_of_ok_of_Preserved hPreserved is_erc20
+        have s_erc20' : IsERC20 erc20 (Ok evmₛ' _) :=
+          IsERC20_of_ok_of_Preserved hPreserved' s_erc20
+
+        split_ands
+        -- address not in balances
+        · intro account account_mem_balances
+          obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
+          rw [ ← keccak'
+            , keccak_map_lookup_eq_of_Preserved_of_lookup
+                hPreserved'' has_address ]
+          by_contra h
+          have : [↑↑account, ERC20Private.balances] ∈ evmₛ'.keccak_map.keys := by
+            rw [Finmap.mem_keys]
+            apply Finmap.lookup_isSome.mp
+            have := get_evm_of_ok ▸ has_address
+            rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address
+              , this ]
+            simp
+          have keccak_inj := evmₛ'.keccak_inj this (Eq.symm h)
+
+          rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+          unfold Fin.ofNat'' at keccak_inj
+          simp at keccak_inj
+          obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
+
+          have : ERC20Private.balances ≠ s["_2"]!! := by
+            obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.2.1
+            rw [ keccak ] at blocked_range
+            apply not_mem_private_of_some at blocked_range
+            rw [@ne_comm]
+            unfold PrivateAddresses.toFinset at blocked_range
+            rw [Finset.mem_def] at blocked_range
+            simp at blocked_range -- Fails with: set_option maxHeartbeats 200000
+            exact blocked_range.1
+          contradiction
+
+        -- address not in allowances
+        · intro owner spender owner_spender_mem_allowances
+
+          obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
+            is_erc20.hasAllowance owner_spender_mem_allowances
+
+          rw [ ← keccak'
+          , keccak_map_lookup_eq_of_Preserved_of_lookup
+              hPreserved'' owner_lookup ]
+          by_contra h
+          have : [↑↑owner, ERC20Private.allowances] ∈ evmₛ.keccak_map.keys := by
+            rw [Finmap.mem_keys]
+            apply Finmap.lookup_isSome.mp
+            have owner_lookup' := get_evm_of_ok ▸ owner_lookup
+            have spender_lookup' := get_evm_of_ok ▸ spender_lookup
+            rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved owner_lookup
+              , owner_lookup' ]
+            simp
+          have owner_lookup' := get_evm_of_ok ▸ owner_lookup
+          have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' owner_lookup
+          rw [this] at owner_lookup'
+          have hSpender := h owner_lookup'
+
+
+          have spender_lookup' := get_evm_of_ok ▸ spender_lookup
+          have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' spender_lookup'
+          rw [this] at hSpender
+
+          have : [↑↑(Address.ofUInt256 (s["var_spender"]!!)), s["_2"]!!] ∈ evmₛ'.keccak_map.keys := by
+            clear * -keccak_using_intermediate' s_eq_ok'
+            rw [s_eq_ok'] at keccak_using_intermediate'
+            simp at keccak_using_intermediate'
+            exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate'
+          have keccak_inj := evmₛ'.keccak_inj this (Eq.symm hSpender)
+          rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+          unfold Fin.ofNat'' at keccak_inj
+          simp at keccak_inj
+          rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj <;> [skip; exact Address.val_lt_UInt256_size; exact Address.val_lt_UInt256_size]
+
+          obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
+
+
+          have hOwner : owner = Address.ofUInt256 var_owner := by
+            have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved owner_lookup
+            rw [←keccak_inj₂] at owner_lookup
+            rw [←keccak] at owner_lookup
+            have owner_lookup'' := get_evm_of_ok ▸ owner_lookup
+            rw [this] at owner_lookup''
+
+            have : [↑↑(Address.ofUInt256 var_owner), ERC20Private.allowances] ∈ evmₛ.keccak_map.keys := by
+              clear * -keccak_using_intermediate s_eq_ok
+              rw [s_eq_ok] at keccak_using_intermediate
+              simp at keccak_using_intermediate
+              exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate
+            have keccak_inj := evmₛ.keccak_inj this (Eq.symm owner_lookup'')
+            rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+            unfold Fin.ofNat'' at keccak_inj
+            simp at keccak_inj
+            rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj <;> [skip; exact Address.val_lt_UInt256_size; exact Address.val_lt_UInt256_size]
+            symm
+            exact keccak_inj
+
+          have hSpender : spender = Address.ofUInt256 var_spender := by
+            have : s["var_spender"]!! = var_spender := by
+              rw [s_eq_ok]
+              rw [s_eq_ok] at hStore
+              unfold store at hStore
+              unfold State.insert at hStore
+              simp at hStore
+              rw [hStore]
+              unfold lookup!
+              simp
+              rw [Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)]
+              simp
+            rw [this] at keccak_inj₁
+            symm
+            exact keccak_inj₁
+            done
+          rw [←hOwner, ←hSpender] at mem
+          contradiction
+
+        -- address not in reserved space
+        · obtain blocked_range := get_evm_of_ok ▸ (s_erc20'.block_acc_range.2.2)
+          have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved' keccak
+          rw [this] at keccak
+          rw [ keccak ] at blocked_range
+
+          have blocked_range' := blocked_range (↑↑(Address.ofUInt256 (s["var_spender"]!!))) (s["_2"]!!) (by rfl)
+          rw [←Finset.mem_map' Function.Embedding.some]
+
+          -- TODO make simpler:
+          have : Function.Embedding.some (s'["_3"]!!) = (some (s'["_3"]!!)) := by
+            simp
+          rw [this]
+          rw [←keccak']
+          
+          unfold not_mem_private at blocked_range'
+          rw [keccak'] at blocked_range'
+          simp at blocked_range'
+          rw [keccak']
           simp
-        rw [this] at keccak_inj₁
-        symm
-        exact keccak_inj₁
-        done
-      rw [←hOwner, ←hSpender] at mem
-      contradiction
-
-    -- address not in reserved space
-    · obtain blocked_range := get_evm_of_ok ▸ (s_erc20'.block_acc_range.2.2)
-      have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved' keccak
-      rw [this] at keccak
-      rw [ keccak ] at blocked_range
-
-      have blocked_range' := blocked_range (↑↑(Address.ofUInt256 (s["var_spender"]!!))) (s["_2"]!!) (by rfl)
-      rw [←Finset.mem_map' Function.Embedding.some]
-
-      -- TODO make simpler:
-      have : Function.Embedding.some (s'["_3"]!!) = (some (s'["_3"]!!)) := by
-        simp
-      rw [this]
-      rw [←keccak']
-      --Up to here
-      unfold not_mem_private at blocked_range'
-      rw [keccak'] at blocked_range'
-      simp at blocked_range'
-      rw [keccak']
-      simp
-      exact blocked_range'
-
+          exact blocked_range'
+
+      done
+    · -- Hash collision from second keccak
+      rename_i hHashCollisionTrue
+      right
+      have :   hash_collision (Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm)
+         = evm.hash_collision := by
+         sorry
+      rw [this] at hHashCollision₁
+      by_cases s_isOk' : s'.isOk
+      · obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
+        -- simplify contract
+        unfold reviveJump at code
+        simp [s_eq_ok, s_eq_ok'] at code
+        rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
+        clr_varstore
+
+        rw [←code]
+        aesop
+      · rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
+        · unfold reviveJump at code
+          simp at code
+          rw [←code]
+          aesop
+        · unfold reviveJump at code
+          simp at code
+          -- rw [←code]
+          rename_i j
+          rcases j -- Each of these 3 cases is similar
+          · rename_i evm'' varstore''
+            unfold revive at code
+
+            have : (revive.match_1 (fun x => State) (Jump.Continue evm'' varstore'') (fun evm store => Ok evm store)
+    (fun evm store => Ok evm store) fun evm store => Ok evm store) = Ok evm'' varstore'' := by
+                    sorry
+            rw [this] at code
+            simp at code
+
+            rw [←code]
+            -- #check lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))
+            have :   hash_collision (Ok evm'' (Finmap.insert var (lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))) varstore)).evm
+                  = evm''.hash_collision := by sorry
+            rw [this]
+            have : (Checkpoint (Jump.Continue evm'' varstore'')).evm.hash_collision
+                  = evm''.hash_collision := by sorry
+            aesop 
+          · rename_i evm'' varstore''
+            unfold revive at code
+
+            have : (revive.match_1 (fun x => State) (Jump.Continue evm'' varstore'') (fun evm store => Ok evm store)
+    (fun evm store => Ok evm store) fun evm store => Ok evm store) = Ok evm'' varstore'' := by
+                    sorry
+            rw [this] at code
+            simp at code
+
+            rw [←code]
+            -- #check lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))
+            have :   hash_collision (Ok evm'' (Finmap.insert var (lookup! "var" (Checkpoint (Jump.Break evm'' varstore''))) varstore)).evm
+                  = evm''.hash_collision := by sorry
+            rw [this]
+            have : (Checkpoint (Jump.Break evm'' varstore'')).evm.hash_collision
+                  = evm''.hash_collision := by sorry
+            aesop 
+          · rename_i evm'' varstore''
+            unfold revive at code
+
+            have : (revive.match_1 (fun x => State) (Jump.Continue evm'' varstore'') (fun evm store => Ok evm store)
+    (fun evm store => Ok evm store) fun evm store => Ok evm store) = Ok evm'' varstore'' := by
+                    sorry
+            rw [this] at code
+            simp at code
+
+            rw [←code]
+            -- #check lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))
+            have :   hash_collision (Ok evm'' (Finmap.insert var (lookup! "var" (Checkpoint (Jump.Leave evm'' varstore''))) varstore)).evm
+                  = evm''.hash_collision := by sorry
+            rw [this]
+            have : (Checkpoint (Jump.Leave evm'' varstore'')).evm.hash_collision
+                  = evm''.hash_collision := by sorry
+            aesop
+  · -- Hash collision from first keccak
+    rename_i hHashCollisionTrue
+    right
+
+    unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
+    apply Spec_ok_unfold (by sorry) (by sorry) at mapping'
+    
+    obtain ⟨⟨preservesEvm', s_isOk', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
+
+    have :   hash_collision (Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm)
+        = evm.hash_collision := by
+        sorry
+    rw [this] at hHashCollision₁
+    by_cases s_isOk' : s'.isOk
+    · obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
+      -- simplify contract
+      unfold reviveJump at code
+      simp [s_eq_ok'] at code
+      rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
+      clr_varstore
+      
+      
+      
+      -- obtain ⟨⟨preservesEvm', s_isOk', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
+      · rw [←code]
+        have : Ok evmₛ' varstore⟦var↦sload evmₛ' (s'["_3"]!!)⟧.evm.hash_collision
+              = evmₛ'.hash_collision := by sorry
+        rw [this]
+        aesop
+      
+
+    · rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
+      · unfold reviveJump at code
+        simp at code
+        rw [←code]
+        aesop
+        
+      · unfold reviveJump at code
+        simp at code
+        -- rw [←code]
+        rename_i j
+        rcases j
+    · rename_i hHashCollisionTrue'
+      have : Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm.hash_collision
+             = evm.hash_collision := by sorry
+      rw [this] at hHashCollision₁
+      rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
+      · unfold reviveJump at code
+        simp at code
+        rw [←code]
+        aesop
+        
+      · unfold reviveJump at code
+        simp at code
+        -- rw [←code]
+        rename_i j
+        rcases j -- Each of these 3 cases is similar
+        · rename_i evm'' varstore''
+          
+          
+          
+          unfold revive at code
+
+          have : (revive.match_1 (fun x => State) (Jump.Continue evm'' varstore'') (fun evm store => Ok evm store)
+  (fun evm store => Ok evm store) fun evm store => Ok evm store) = Ok evm'' varstore'' := by
+                  sorry
+          rw [this] at code
+          simp at code
+
+          rw [←code]
+          -- #check lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))
+          have :   hash_collision (Ok evm'' (Finmap.insert var (lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))) varstore)).evm
+                = evm''.hash_collision := by sorry
+          rw [this]
+          have : (Checkpoint (Jump.Continue evm'' varstore'')).evm.hash_collision
+                = evm''.hash_collision := by sorry
+          
+          
+          aesop
+        · rename_i evm'' varstore''
+          
+          
+          
+          unfold revive at code
+
+          have : (revive.match_1 (fun x => State) (Jump.Continue evm'' varstore'') (fun evm store => Ok evm store)
+  (fun evm store => Ok evm store) fun evm store => Ok evm store) = Ok evm'' varstore'' := by
+                  sorry
+          rw [this] at code
+          simp at code
+
+          rw [←code]
+          -- #check lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))
+          have :   hash_collision (Ok evm'' (Finmap.insert var (lookup! "var" (Checkpoint (Jump.Break evm'' varstore''))) varstore)).evm
+                = evm''.hash_collision := by sorry
+          rw [this]
+          have : (Checkpoint (Jump.Break evm'' varstore'')).evm.hash_collision
+                = evm''.hash_collision := by sorry
+          
+          
+          aesop
+        · rename_i evm'' varstore''
+          
+          
+          
+          unfold revive at code
+
+          have : (revive.match_1 (fun x => State) (Jump.Leave evm'' varstore'') (fun evm store => Ok evm store)
+  (fun evm store => Ok evm store) fun evm store => Ok evm store) = Ok evm'' varstore'' := by
+                  sorry
+          rw [this] at code
+          simp at code
+
+          rw [←code]
+          -- #check lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))
+          have :   hash_collision (Ok evm'' (Finmap.insert var (lookup! "var" (Checkpoint (Jump.Leave evm'' varstore''))) varstore)).evm
+                = evm''.hash_collision := by sorry
+          rw [this]
+          have : (Checkpoint (Jump.Leave evm'' varstore'')).evm.hash_collision
+                = evm''.hash_collision := by sorry
+          
+          
+          aesop
 end
 
 end Generated.erc20shim.ERC20Shim

From c836928b4759a8e11740bd4606a1598bcd00e8c0 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Fri, 25 Oct 2024 18:01:35 +1300
Subject: [PATCH 42/89] [wip]

---
 Clear/EVMState.lean                           |   2 +-
 .../ERC20Shim/fun_allowance_user.lean         | 138 ++----------------
 2 files changed, 13 insertions(+), 127 deletions(-)

diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index 5f81236..f454ed4 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -437,7 +437,7 @@ structure EVMState : Type where
 deriving DecidableEq
 
 instance : Inhabited EVMState :=
-  ⟨ ∅ , default, default , ∅ , default, ∅ , default , False , (by aesop), (by
+  ⟨ ∅ , default, default , ∅ , default, ∅ , default , false , (by aesop), (by
   have : (∅ : Finmap (λ _ : List UInt256 ↦ UInt256)) = ⟨∅, Multiset.nodup_zero⟩ := by rfl
   rw [this]
   dsimp
diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index d6b0a11..ba66f1b 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -10,7 +10,7 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-set_option maxHeartbeats 400000
+set_option maxHeartbeats 1000000
 
 def A_fun_allowance (var : Identifier) (var_owner var_spender : Literal) (s₀ s₉ : State) : Prop :=
   (∀ {erc20}, IsERC20 erc20 s₀ →
@@ -310,7 +310,7 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
       right
       have :   hash_collision (Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm)
          = evm.hash_collision := by
-         sorry
+        simp
       rw [this] at hHashCollision₁
       by_cases s_isOk' : s'.isOk
       · obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
@@ -330,71 +330,23 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
         · unfold reviveJump at code
           simp at code
           -- rw [←code]
+
           rename_i j
-          rcases j -- Each of these 3 cases is similar
-          · rename_i evm'' varstore''
-            unfold revive at code
-
-            have : (revive.match_1 (fun x => State) (Jump.Continue evm'' varstore'') (fun evm store => Ok evm store)
-    (fun evm store => Ok evm store) fun evm store => Ok evm store) = Ok evm'' varstore'' := by
-                    sorry
-            rw [this] at code
-            simp at code
-
-            rw [←code]
-            -- #check lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))
-            have :   hash_collision (Ok evm'' (Finmap.insert var (lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))) varstore)).evm
-                  = evm''.hash_collision := by sorry
-            rw [this]
-            have : (Checkpoint (Jump.Continue evm'' varstore'')).evm.hash_collision
-                  = evm''.hash_collision := by sorry
-            aesop 
-          · rename_i evm'' varstore''
-            unfold revive at code
-
-            have : (revive.match_1 (fun x => State) (Jump.Continue evm'' varstore'') (fun evm store => Ok evm store)
-    (fun evm store => Ok evm store) fun evm store => Ok evm store) = Ok evm'' varstore'' := by
-                    sorry
-            rw [this] at code
-            simp at code
-
-            rw [←code]
-            -- #check lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))
-            have :   hash_collision (Ok evm'' (Finmap.insert var (lookup! "var" (Checkpoint (Jump.Break evm'' varstore''))) varstore)).evm
-                  = evm''.hash_collision := by sorry
-            rw [this]
-            have : (Checkpoint (Jump.Break evm'' varstore'')).evm.hash_collision
-                  = evm''.hash_collision := by sorry
-            aesop 
-          · rename_i evm'' varstore''
-            unfold revive at code
-
-            have : (revive.match_1 (fun x => State) (Jump.Continue evm'' varstore'') (fun evm store => Ok evm store)
-    (fun evm store => Ok evm store) fun evm store => Ok evm store) = Ok evm'' varstore'' := by
-                    sorry
-            rw [this] at code
-            simp at code
-
-            rw [←code]
-            -- #check lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))
-            have :   hash_collision (Ok evm'' (Finmap.insert var (lookup! "var" (Checkpoint (Jump.Leave evm'' varstore''))) varstore)).evm
-                  = evm''.hash_collision := by sorry
-            rw [this]
-            have : (Checkpoint (Jump.Leave evm'' varstore'')).evm.hash_collision
-                  = evm''.hash_collision := by sorry
-            aesop
+          unfold evm at hHashCollisionTrue
+          simp at hHashCollisionTrue
   · -- Hash collision from first keccak
     rename_i hHashCollisionTrue
     right
 
     unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
     apply Spec_ok_unfold (by sorry) (by sorry) at mapping'
+    -- clr_spec at mapping'
     
     obtain ⟨⟨preservesEvm', s_isOk', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
 
     have :   hash_collision (Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm)
         = evm.hash_collision := by
-        sorry
+        simp
     rw [this] at hHashCollision₁
     by_cases s_isOk' : s'.isOk
     · obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
@@ -409,7 +361,7 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
       -- obtain ⟨⟨preservesEvm', s_isOk', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
       · rw [←code]
         have : Ok evmₛ' varstore⟦var↦sload evmₛ' (s'["_3"]!!)⟧.evm.hash_collision
-              = evmₛ'.hash_collision := by sorry
+              = evmₛ'.hash_collision := by simp
         rw [this]
         aesop
       
@@ -427,7 +379,7 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
         rcases j
     · rename_i hHashCollisionTrue'
       have : Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm.hash_collision
-             = evm.hash_collision := by sorry
+             = evm.hash_collision := by simp
       rw [this] at hHashCollision₁
       rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
       · unfold reviveJump at code
@@ -437,75 +389,9 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
         
       · unfold reviveJump at code
         simp at code
-        -- rw [←code]
-        rename_i j
-        rcases j -- Each of these 3 cases is similar
-        · rename_i evm'' varstore''
-          
-          
-          
-          unfold revive at code
-
-          have : (revive.match_1 (fun x => State) (Jump.Continue evm'' varstore'') (fun evm store => Ok evm store)
-  (fun evm store => Ok evm store) fun evm store => Ok evm store) = Ok evm'' varstore'' := by
-                  sorry
-          rw [this] at code
-          simp at code
-
-          rw [←code]
-          -- #check lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))
-          have :   hash_collision (Ok evm'' (Finmap.insert var (lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))) varstore)).evm
-                = evm''.hash_collision := by sorry
-          rw [this]
-          have : (Checkpoint (Jump.Continue evm'' varstore'')).evm.hash_collision
-                = evm''.hash_collision := by sorry
-          
-          
-          aesop
-        · rename_i evm'' varstore''
-          
-          
-          
-          unfold revive at code
-
-          have : (revive.match_1 (fun x => State) (Jump.Continue evm'' varstore'') (fun evm store => Ok evm store)
-  (fun evm store => Ok evm store) fun evm store => Ok evm store) = Ok evm'' varstore'' := by
-                  sorry
-          rw [this] at code
-          simp at code
-
-          rw [←code]
-          -- #check lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))
-          have :   hash_collision (Ok evm'' (Finmap.insert var (lookup! "var" (Checkpoint (Jump.Break evm'' varstore''))) varstore)).evm
-                = evm''.hash_collision := by sorry
-          rw [this]
-          have : (Checkpoint (Jump.Break evm'' varstore'')).evm.hash_collision
-                = evm''.hash_collision := by sorry
-          
-          
-          aesop
-        · rename_i evm'' varstore''
-          
-          
-          
-          unfold revive at code
-
-          have : (revive.match_1 (fun x => State) (Jump.Leave evm'' varstore'') (fun evm store => Ok evm store)
-  (fun evm store => Ok evm store) fun evm store => Ok evm store) = Ok evm'' varstore'' := by
-                  sorry
-          rw [this] at code
-          simp at code
-
-          rw [←code]
-          -- #check lookup! "var" (Checkpoint (Jump.Continue evm'' varstore''))
-          have :   hash_collision (Ok evm'' (Finmap.insert var (lookup! "var" (Checkpoint (Jump.Leave evm'' varstore''))) varstore)).evm
-                = evm''.hash_collision := by sorry
-          rw [this]
-          have : (Checkpoint (Jump.Leave evm'' varstore'')).evm.hash_collision
-                = evm''.hash_collision := by sorry
-          
-          
-          aesop
+        unfold evm at hHashCollisionTrue'
+        simp at hHashCollisionTrue'
+        
 end
 
 end Generated.erc20shim.ERC20Shim

From 68402487c04b62a5f64ae44fca3f88cc2da11ccf Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Fri, 25 Oct 2024 18:22:15 +1300
Subject: [PATCH 43/89] [wip] QED on allowance

---
 .../ERC20Shim/fun_allowance_user.lean         | 110 ++++++++++--------
 1 file changed, 61 insertions(+), 49 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index ba66f1b..c7898c3 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -338,60 +338,72 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
     rename_i hHashCollisionTrue
     right
 
-    unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
-    apply Spec_ok_unfold (by sorry) (by sorry) at mapping'
-    -- clr_spec at mapping'
-    
-    obtain ⟨⟨preservesEvm', s_isOk', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
-
-    have :   hash_collision (Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm)
-        = evm.hash_collision := by
-        simp
-    rw [this] at hHashCollision₁
-    by_cases s_isOk' : s'.isOk
-    · obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
-      -- simplify contract
-      unfold reviveJump at code
-      simp [s_eq_ok'] at code
-      rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
-      clr_varstore
-      
-      
-      
-      -- obtain ⟨⟨preservesEvm', s_isOk', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
-      · rw [←code]
-        have : Ok evmₛ' varstore⟦var↦sload evmₛ' (s'["_3"]!!)⟧.evm.hash_collision
-              = evmₛ'.hash_collision := by simp
-        rw [this]
-        aesop
+    by_cases s_isOk : s.isOk
+    · unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
+      clr_spec at mapping'
       
+      obtain ⟨⟨preservesEvm', s_isOk', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
 
-    · rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
-      · unfold reviveJump at code
-        simp at code
-        rw [←code]
-        aesop
-        
-      · unfold reviveJump at code
-        simp at code
-        -- rw [←code]
-        rename_i j
-        rcases j
-    · rename_i hHashCollisionTrue'
-      have : Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm.hash_collision
-             = evm.hash_collision := by simp
+      have :   hash_collision (Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm)
+          = evm.hash_collision := by
+          simp
       rw [this] at hHashCollision₁
-      rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
-      · unfold reviveJump at code
-        simp at code
-        rw [←code]
-        aesop
+      by_cases s_isOk' : s'.isOk
+      · obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
+        -- simplify contract
+        unfold reviveJump at code
+        simp [s_eq_ok'] at code
+        rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
+        clr_varstore
+        
         
-      · unfold reviveJump at code
-        simp at code
-        unfold evm at hHashCollisionTrue'
-        simp at hHashCollisionTrue'
         
+        -- obtain ⟨⟨preservesEvm', s_isOk', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
+        · rw [←code]
+          have : Ok evmₛ' varstore⟦var↦sload evmₛ' (s'["_3"]!!)⟧.evm.hash_collision
+                = evmₛ'.hash_collision := by simp
+          rw [this]
+          aesop
+        
+
+      · rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
+        · unfold reviveJump at code
+          simp at code
+          rw [←code]
+          aesop
+          
+        · unfold reviveJump at code
+          simp at code
+          -- rw [←code]
+          rename_i j
+          rcases j
+      · rename_i hHashCollisionTrue'
+        have : Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm.hash_collision
+              = evm.hash_collision := by simp
+        rw [this] at hHashCollision₁
+        rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
+        · unfold reviveJump at code
+          simp at code
+          rw [←code]
+          aesop
+          
+        · unfold reviveJump at code
+          simp at code
+          unfold evm at hHashCollisionTrue'
+          simp at hHashCollisionTrue'
+    · unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
+      unfold Spec at mapping'
+      rcases s with ⟨evm, varstore⟩ | _ | _ <;> [skip; skip; skip]
+      · aesop
+      · simp at mapping'
+        rcases s' with ⟨evm, varstore⟩ | _ | _ <;> aesop_spec
+      · simp at mapping'
+        rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip;skip;skip]
+        · simp at mapping'
+        · simp at mapping'
+        · unfold evm at hHashCollisionTrue
+          simp at hHashCollisionTrue
+
 end
 
 end Generated.erc20shim.ERC20Shim

From 2d37414d8876937e7d3d56ac5d4736055eccde7a Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Fri, 25 Oct 2024 18:41:50 +1300
Subject: [PATCH 44/89] [wip] QED on `balanceOf`

---
 .../ERC20Shim/fun_balanceOf_user.lean         | 293 ++++++++++--------
 1 file changed, 161 insertions(+), 132 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index 9c97028..ea89d93 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -27,146 +27,175 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
   apply spec_eq
   clr_funargs
-  rintro hasFuel ⟨s, mapping, code⟩ erc20 is_erc20
+  rintro hasFuel ⟨s, mapping, code⟩
 
   clr_varstore
 
   -- what we can get right now from mapping function
   unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
   clr_spec at mapping
-  obtain ⟨preservesEvm, s_isOk, ⟨keccak_value, keccak_using_keccak_value, hStore⟩⟩ := mapping
-  obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
-
-  have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_account), 0] s.evm.keccak_map = some (s["_2"]!!) := by
-    unfold store State.insert at hStore
-    unfold lookup!
-    aesop
-
-  rw [ ← Variables.balances_def
-     , s_eq_ok, get_evm_of_ok, ← s_eq_ok
-     ] at keccak
-
-  -- simplify contract
-  unfold reviveJump at code
-  simp [s_eq_ok] at code
-  rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok ] at code
-  clr_varstore
-
-  -- get underlying Preserved from preservesEvm
-  rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
-  have Preserved := Preserved_of_preservesEvm_of_Ok preservesEvm
-
-  refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
 
-  rw [← code]
-  -- lookup balance
-  clr_varstore
-  by_cases mem : Address.ofUInt256 var_account ∈ erc20.balances
-  -- there is such account in balances
-  obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance mem
-
-  have address_def : s["_2"]!! = address := by
-    rw [s_eq_ok]
-    rw [← Option.some_inj]
-    trans
-    · exact Eq.symm (s_eq_ok ▸ keccak)
-    · exact (keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
-        ▸ has_address)
-
-  rw [address_def] at code ⊢
-  rw [ balance
-     , Option.getD_some
-     , State.get_evm_of_ok
-     , ← sload_eq_of_preserved Preserved
-     ]
-
-  -- there is *no* such account in balances
-  -- so sload should return 0
-  rw [ Finmap.lookup_eq_none.mpr mem
-     , Option.getD_none
-     ]
-
-  -- in order to do that it should be given storage address outside of
-  -- it's domain
-  apply sload_of_not_mem_dom
-  have := State.get_evm_of_ok ▸ is_erc20.storageDom
-  rw [ ← storage_eq_of_preserved Preserved
-     , this
-     ]
-  clear this
-  simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
-  have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
-    IsERC20_of_ok_of_Preserved Preserved is_erc20
-
-  split_ands
-  -- address not in balances
-  · intro account account_mem_balances
-    obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
-    rw [ ← keccak
-       , keccak_map_lookup_eq_of_Preserved_of_lookup
-           Preserved has_address ]
-    by_contra h
-    have : [↑↑account, ERC20Private.balances] ∈ evmₛ.keccak_map.keys := by
-      rw [Finmap.mem_keys]
-      apply Finmap.lookup_isSome.mp
-      have := get_evm_of_ok ▸ has_address
-      rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
-         , this ]
-      simp
-    have keccak_inj := evmₛ.keccak_inj this (Eq.symm h)
-
-    rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
-    unfold Fin.ofNat'' at keccak_inj
-    simp at keccak_inj
-    rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj
-    rw [keccak_inj] at account_mem_balances
-    exact (mem account_mem_balances)
-    · exact Address.ofUInt256_lt_UInt256_size
-    · exact Address.val_lt_UInt256_size
-
-  -- address not in allowances
-  · intro owner spender mem_allowances
-    obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
-      is_erc20.hasAllowance mem_allowances
-    rw [get_evm_of_ok] at owner_lookup spender_lookup
-    have spender_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup Preserved spender_lookup
-    push_neg
-    use erc_intermediate
-    rw [ ← keccak ]
-    by_contra h
-    rw [not_and'] at h
-    apply h at owner_lookup
-    exact owner_lookup
-
-    rw [spender_lookup_s]
-    by_contra h
-    have : [↑↑spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
-      rw [Finmap.mem_keys]
-      apply Finmap.lookup_isSome.mp
-      have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
-      rw [this]
+  
+  obtain ⟨⟨preservesEvm, s_isOk, ⟨⟨keccak_value, keccak_using_keccak_value, hStore⟩,hHashCollision⟩⟩, hHashCollision₁⟩ := mapping -- Adds a goal
+  · -- No hash collision from keccak
+    left
+    intro erc20 is_erc20
+
+    obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
+
+    have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_account), 0] s.evm.keccak_map = some (s["_2"]!!) := by
+      unfold store State.insert at hStore
+      unfold lookup!
+      aesop
+
+    rw [ ← Variables.balances_def
+      , s_eq_ok, get_evm_of_ok, ← s_eq_ok
+      ] at keccak
+
+    -- simplify contract
+    unfold reviveJump at code
+    simp [s_eq_ok] at code
+    rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok ] at code
+    clr_varstore
+
+    -- get underlying Preserved from preservesEvm
+    rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
+    have Preserved := Preserved_of_preservesEvm_of_Ok preservesEvm
+
+    refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
+
+    rw [← code]
+    -- lookup balance
+    clr_varstore
+    by_cases mem : Address.ofUInt256 var_account ∈ erc20.balances
+    · -- there is such account in balances
+      split_ands <;> [skip; aesop]
+
+      obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance mem
+
+      have address_def : s["_2"]!! = address := by
+        rw [s_eq_ok]
+        rw [← Option.some_inj]
+        trans
+        · exact Eq.symm (s_eq_ok ▸ keccak)
+        · exact (keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
+            ▸ has_address)
+
+      rw [address_def] at code ⊢
+      rw [ balance
+        , Option.getD_some
+        , State.get_evm_of_ok
+        , ← sload_eq_of_preserved Preserved
+        ]
+
+    · -- there is *no* such account in balances
+      -- so sload should return 0
+    
+      split_ands <;> [skip; aesop]
+
+      rw [ Finmap.lookup_eq_none.mpr mem
+        , Option.getD_none
+        ]
+
+      -- in order to do that it should be given storage address outside of
+      -- it's domain
+      apply sload_of_not_mem_dom
+      have := State.get_evm_of_ok ▸ is_erc20.storageDom
+      rw [ ← storage_eq_of_preserved Preserved
+        , this
+        ]
+      clear this
+      simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
+      have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
+        IsERC20_of_ok_of_Preserved Preserved is_erc20
+
+      split_ands
+      -- address not in balances
+      · intro account account_mem_balances
+        obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
+        rw [ ← keccak
+          , keccak_map_lookup_eq_of_Preserved_of_lookup
+              Preserved has_address ]
+        by_contra h
+        have : [↑↑account, ERC20Private.balances] ∈ evmₛ.keccak_map.keys := by
+          rw [Finmap.mem_keys]
+          apply Finmap.lookup_isSome.mp
+          have := get_evm_of_ok ▸ has_address
+          rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
+            , this ]
+          simp
+        have keccak_inj := evmₛ.keccak_inj this (Eq.symm h)
+
+        rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+        unfold Fin.ofNat'' at keccak_inj
+        simp at keccak_inj
+        rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj
+        rw [keccak_inj] at account_mem_balances
+        exact (mem account_mem_balances)
+        · exact Address.ofUInt256_lt_UInt256_size
+        · exact Address.val_lt_UInt256_size
+
+      -- address not in allowances
+      · intro owner spender mem_allowances
+        obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
+          is_erc20.hasAllowance mem_allowances
+        rw [get_evm_of_ok] at owner_lookup spender_lookup
+        have spender_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup Preserved spender_lookup
+        push_neg
+        use erc_intermediate
+        rw [ ← keccak ]
+        by_contra h
+        rw [not_and'] at h
+        apply h at owner_lookup
+        exact owner_lookup
+
+        rw [spender_lookup_s]
+        by_contra h
+        have : [↑↑spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
+          rw [Finmap.mem_keys]
+          apply Finmap.lookup_isSome.mp
+          have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
+          rw [this]
+          simp
+        have keccak_inj := evmₛ.keccak_inj this h
+        simp at keccak_inj
+        have intermediate_ne_balances : erc_intermediate ≠ ERC20Private.balances := by
+          obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2.1
+          rw [owner_lookup] at blocked_range
+          unfold not_mem_private at blocked_range
+          simp at blocked_range
+          rw [← Finset.forall_mem_not_eq] at blocked_range
+          have bal_mem_private: ERC20Private.balances ∈ ERC20Private.toFinset := by
+            unfold PrivateAddresses.toFinset
+            simp
+          specialize blocked_range ERC20Private.balances
+          exact blocked_range bal_mem_private
+
+        tauto
+
+      -- address not in reserved space
+      · obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.1
+        rw [ keccak ] at blocked_range
+        apply not_mem_private_of_some at blocked_range
+        exact blocked_range
+  · -- Hash collision from keccak
+    rename_i hHashCollisionTrue
+    right
+    have :   Ok evm Inhabited.default⟦"var_account"↦var_account⟧⟦"_1"↦0⟧.evm.hash_collision
+        = evm.hash_collision := by
       simp
-    have keccak_inj := evmₛ.keccak_inj this h
-    simp at keccak_inj
-    have intermediate_ne_balances : erc_intermediate ≠ ERC20Private.balances := by
-      obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2.1
-      rw [owner_lookup] at blocked_range
-      unfold not_mem_private at blocked_range
-      simp at blocked_range
-      rw [← Finset.forall_mem_not_eq] at blocked_range
-      have bal_mem_private: ERC20Private.balances ∈ ERC20Private.toFinset := by
-        unfold PrivateAddresses.toFinset
-        simp
-      specialize blocked_range ERC20Private.balances
-      exact blocked_range bal_mem_private
-
-    tauto
-
-  -- address not in reserved space
-  · obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.1
-    rw [ keccak ] at blocked_range
-    apply not_mem_private_of_some at blocked_range
-    exact blocked_range
+    rw [this] at hHashCollision₁
+    rcases s with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
+    · unfold reviveJump at code
+      simp at code
+      rw [←code]
+      aesop
+    · unfold reviveJump at code
+      simp at code
+
+      rename_i j
+      unfold evm at hHashCollisionTrue
+      simp at hHashCollisionTrue
 
 end
 

From 4bd6a340ba7b8484405cdfacaa6bda2add8394db Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Fri, 25 Oct 2024 18:44:55 +1300
Subject: [PATCH 45/89] [wip] Remove some leftover commented out code

---
 Generated/erc20shim/ERC20Shim/fun_allowance_user.lean | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index c7898c3..5fc9e27 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -329,7 +329,6 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
           aesop
         · unfold reviveJump at code
           simp at code
-          -- rw [←code]
 
           rename_i j
           unfold evm at hHashCollisionTrue
@@ -356,9 +355,6 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
         rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
         clr_varstore
         
-        
-        
-        -- obtain ⟨⟨preservesEvm', s_isOk', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
         · rw [←code]
           have : Ok evmₛ' varstore⟦var↦sload evmₛ' (s'["_3"]!!)⟧.evm.hash_collision
                 = evmₛ'.hash_collision := by simp
@@ -374,7 +370,6 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
           
         · unfold reviveJump at code
           simp at code
-          -- rw [←code]
           rename_i j
           rcases j
       · rename_i hHashCollisionTrue'

From 6ee04d811d50b3a2e71bb528b4ac8aa830ee8048 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Fri, 25 Oct 2024 13:43:56 +0200
Subject: [PATCH 46/89] Fixed deep recursion in the panic_error_0x11

---
 .../erc20shim/ERC20Shim/panic_error_0x11_gen.lean | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean
index 8151c0d..ad856c9 100644
--- a/Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean
@@ -30,10 +30,7 @@ set_option maxHeartbeats 300000
 
 def panic_error_0x11_concrete_of_code
 : {
-    C :
-      
-      State → State → Prop
-    // ∀ {s₀ s₉ : State} {  fuel},
+    C : State → State → Prop // ∀ {s₀ s₉ : State} {  fuel},
          execCall fuel panic_error_0x11 [] (s₀, []) = s₉ →
          Spec (C  ) s₀ s₉
   } := by
@@ -66,6 +63,7 @@ def panic_error_0x11_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  simp only [Fin.isValue]
   simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
   rw [EVMShl']
   try simp
@@ -73,7 +71,7 @@ def panic_error_0x11_concrete_of_code
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
   simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  -- EXPR 
+  -- EXPR
   rw [EVMMstore']
   try simp
   
@@ -81,15 +79,15 @@ def panic_error_0x11_concrete_of_code
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
   simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  -- EXPR 
+  -- EXPR
   rw [EVMMstore']
   try simp
-  
+
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
   simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  -- EXPR 
+  -- EXPR
   rw [EVMRevert']
   try simp
   
@@ -116,7 +114,6 @@ def panic_error_0x11_concrete_of_code
   intros h
   exact h
 
-
 end
 
 end Generated.erc20shim.ERC20Shim

From f20cdff6b9f03f8055820ce99261135f6ddb81d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Fri, 25 Oct 2024 16:39:38 +0200
Subject: [PATCH 47/89] keccak helper

---
 Clear/EVMState.lean                           | 365 ++++++++++++------
 ...pping_address_uint256_of_address_user.lean | 208 ++++------
 2 files changed, 340 insertions(+), 233 deletions(-)

diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index 23995de..71e5101 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -431,17 +431,13 @@ structure EVMState : Type where
   blocks : List EVMBlock
   hash_collision : Bool
   -- props
-  keccak_inj   : ∀ {a b},
-    (a ∈ keccak_map.keys) → keccak_map.lookup a = keccak_map.lookup b → a = b
-  keccak_used_range : (keccak_map.entries.toList.map keccak_val).toFinset ⊆ used_range
+  -- keccak_inj   : ∀ {a b},
+  --   (a ∈ keccak_map.keys) → keccak_map.lookup a = keccak_map.lookup b → a = b
+  -- keccak_used_range : (keccak_map.entries.toList.map keccak_val).toFinset ⊆ used_range
 deriving DecidableEq
 
 instance : Inhabited EVMState :=
-  ⟨ ∅ , default, default , ∅ , default, ∅ , default , false , (by aesop), (by
-  have : (∅ : Finmap (λ _ : List UInt256 ↦ UInt256)) = ⟨∅, Multiset.nodup_zero⟩ := by rfl
-  rw [this]
-  dsimp
-  simp [Multiset.empty_toList]) ⟩
+  ⟨ ∅ , default, default , ∅ , default, ∅ , default , false ⟩
 
 abbrev EVM := EVMState
 
@@ -510,6 +506,27 @@ instance instPreorderEVMState : Preorder EVMState where
 
 namespace EVMState
 
+def isKeccakInjective (σ : EVMState) : Prop := ∀ {a b},
+  (a ∈ σ.keccak_map.keys) → σ.keccak_map.lookup a = σ.keccak_map.lookup b → a = b
+
+def isKeccakUsedRange (σ : EVMState) : Prop :=
+  (σ.keccak_map.entries.toList.map keccak_val).toFinset ⊆ σ.used_range
+
+def isEVMState (σ : EVMState) := σ.isKeccakInjective ∧ σ.isKeccakUsedRange
+
+abbrev IsEVMState := Subtype isEVMState
+
+instance : Inhabited IsEVMState :=
+  ⟨ default
+  , ⟨ by dsimp [Inhabited.default]; unfold isKeccakInjective; aesop
+    , by dsimp [Inhabited.default]; unfold isKeccakUsedRange
+         have : (∅ : Finmap (λ _ : List UInt256 ↦ UInt256)) = ⟨∅, Multiset.nodup_zero⟩ := by rfl
+         rw [this]
+         dsimp
+         simp [Multiset.empty_toList]
+    ⟩
+  ⟩
+
 section
 
 open Array ByteArray
@@ -517,10 +534,11 @@ open Array ByteArray
 -- | Add an error to the EVMState indicating that we hit a hash collision in `keccak256`.
 def addHashCollision (σ : EVMState) : EVMState := { σ with hash_collision := true }
 
--- def hasHashCollision (σ : EVMState) : Prop := σ.hash_collision = true
-
--- instance : DecidablePred hasHashCollision := λ σ ↦
---   decidable_of_bool σ.hash_collision (by unfold hasHashCollision; simp)
+lemma hash_collision_of_addHashCollision :
+  ∀ (σ : EVMState), σ.addHashCollision.hash_collision := by
+  intro evm
+  unfold addHashCollision
+  simp only []
 
 def lookupAccount (σ : EVMState) (addr : Address) : Option Account :=
   σ.account_map.lookup addr
@@ -597,104 +615,225 @@ theorem filter_eq_cons_iff {α} {p : α → Bool} {l} {a} {as} :
   · rintro ⟨l₁, l₂, rfl, h₁, h, h₂⟩
     simp [h₂, filter_cons, filter_eq_nil_iff.mpr h₁, h]
 
-def updated_keccak_map {interval} {r} {rs} {σ : EVMState}
-  (h_int : interval ∉ σ.keccak_map)
-  (h_filter : σ.keccak_range.filter (· ∉ σ.used_range) = r :: rs) :
-  EVMState :=
-    have := filter_eq_cons_iff.mp h_filter
-    have r_ne_used : r ∈ σ.keccak_range.filter (· ∉ σ.used_range) :=
-      by aesop
-    have r_mem_range := List.mem_filter.mp r_ne_used
-    have r_ne_mem_used : r ∉ σ.used_range :=
-      by aesop
-    {σ with
-    keccak_map := σ.keccak_map.insert interval r,
-    keccak_range := rs,
-    used_range := {r} ∪ σ.used_range
-    keccak_used_range := by
-      intro r' r'_mem
-      have subset := Finset.subset_iff.mp σ.keccak_used_range
-      rw [ List.mem_toFinset, List.mem_map
-         , Finmap.insert_entries_of_neg h_int
-         ] at r'_mem
-      obtain ⟨a, ⟨a_mem, a_val_eq_r'⟩⟩ := r'_mem
-      rw [Multiset.mem_toList, Multiset.mem_cons] at a_mem
-      rcases a_mem with a_eq_interval_r | a_mem_prev
-      rw [a_eq_interval_r] at a_val_eq_r'
-      simp only [ keccak_val, keccak_prod
-                , Equiv.toFun_as_coe, Function.comp_apply
-                , Equiv.sigmaEquivProd_apply ] at a_val_eq_r'
-      rw [a_val_eq_r']
-      simp
-
-      rw [← Multiset.mem_toList] at a_mem_prev
-      apply mem_sigma_proj at a_mem_prev
-      rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset
-         , snd_eq_keccak_val, a_val_eq_r'
-         ] at a_mem_prev
-      have := subset a_mem_prev
-      simp only [Finset.mem_union, Finset.mem_singleton]
-      right; exact this
-
-    keccak_inj := by
-      intro a b mem h_lookup
-      rcases Finmap.mem_insert.mp mem with a_eq_interval | a_mem_prev
-
-      have b_lookup_eq_some_r := by
-        rw [a_eq_interval] at h_lookup
-        symm at h_lookup
-        simp at h_lookup
-        exact h_lookup
-      have b_mem : b ∈ Finmap.insert interval r σ.keccak_map :=
-        Finmap.mem_iff.mpr ⟨r, b_lookup_eq_some_r⟩
-      by_contra a_ne_b
-
-      rw [ ← a_eq_interval, Finmap.lookup_insert_of_ne _ (Ne.symm a_ne_b)
-         , Finmap.lookup_eq_some_iff, ← Multiset.mem_toList ] at b_lookup_eq_some_r
-      apply mem_sigma_proj at b_lookup_eq_some_r
-      rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset] at b_lookup_eq_some_r
-      simp only [] at b_lookup_eq_some_r
-
-      have r_mem_used := σ.keccak_used_range b_lookup_eq_some_r
-      exact r_ne_mem_used r_mem_used
-
-      have a_ne_interval : a ≠ interval := by aesop
-      by_cases b_ne_interval : b ≠ interval
-      rw [ Finmap.lookup_insert_of_ne _ a_ne_interval
-         , Finmap.lookup_insert_of_ne _ b_ne_interval ] at h_lookup
-      exact σ.keccak_inj a_mem_prev h_lookup
-
-      have b_eq_interval : b = interval := by aesop
-      rw [ b_eq_interval, Finmap.lookup_insert
-         , Finmap.lookup_insert_of_ne _ a_ne_interval ] at h_lookup
-
-      rw [ Finmap.lookup_eq_some_iff, ← Multiset.mem_toList ] at h_lookup
-      apply mem_sigma_proj at h_lookup
-      rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset] at h_lookup
-      simp only [] at h_lookup
-
-      have r_mem_used := σ.keccak_used_range h_lookup
-      contradiction
-  }
-
-lemma Preserved_of_updated_keccak_map
-  {σ σ'} {interval} {r} {rs}
-  {h_int : interval ∉ σ.keccak_map} {h_filter : σ.keccak_range.filter (· ∉ σ.used_range) = r :: rs}
-  (h : updated_keccak_map (σ := σ) h_int h_filter = σ') : Preserved σ σ' := by
-  rw [← h]
-  unfold updated_keccak_map
-  constructor <;> simp
-  exact lt_of_insert r h_int
+-- def updated_keccak_map {interval} {r} {rs} {σ : EVMState}
+--   (h_int : interval ∉ σ.keccak_map)
+--   (h_filter : σ.keccak_range.filter (· ∉ σ.used_range) = r :: rs)
+--   -- (h_head : r ∉ σ.used_range)
+--   -- (h_rest : rs ⊆ σ.keccak_range) -- .filter (· ∉ σ.used_range) 
+--   :
+--   EVMState :=
+--     have := filter_eq_cons_iff.mp h_filter
+--     have r_ne_used : r ∈ σ.keccak_range.filter (· ∉ σ.used_range) :=
+--       by aesop
+--     have r_mem_range := List.mem_filter.mp r_ne_used
+--     have r_ne_mem_used : r ∉ σ.used_range :=
+--       by aesop
+--     {σ with
+--     keccak_map := σ.keccak_map.insert interval r,
+--     keccak_range := rs,
+--     used_range := {r} ∪ σ.used_range
+--     keccak_used_range := by
+--       intro r' r'_mem
+--       have subset := Finset.subset_iff.mp σ.keccak_used_range
+--       rw [ List.mem_toFinset, List.mem_map
+--          , Finmap.insert_entries_of_neg h_int
+--          ] at r'_mem
+--       obtain ⟨a, ⟨a_mem, a_val_eq_r'⟩⟩ := r'_mem
+--       rw [Multiset.mem_toList, Multiset.mem_cons] at a_mem
+--       rcases a_mem with a_eq_interval_r | a_mem_prev
+--       rw [a_eq_interval_r] at a_val_eq_r'
+--       simp only [ keccak_val, keccak_prod
+--                 , Equiv.toFun_as_coe, Function.comp_apply
+--                 , Equiv.sigmaEquivProd_apply ] at a_val_eq_r'
+--       rw [a_val_eq_r']
+--       simp
+
+--       rw [← Multiset.mem_toList] at a_mem_prev
+--       apply mem_sigma_proj at a_mem_prev
+--       rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset
+--          , snd_eq_keccak_val, a_val_eq_r'
+--          ] at a_mem_prev
+--       have := subset a_mem_prev
+--       simp only [Finset.mem_union, Finset.mem_singleton]
+--       right; exact this
+
+--     keccak_inj := by
+--       intro a b mem h_lookup
+--       rcases Finmap.mem_insert.mp mem with a_eq_interval | a_mem_prev
+
+--       have b_lookup_eq_some_r := by
+--         rw [a_eq_interval] at h_lookup
+--         symm at h_lookup
+--         simp at h_lookup
+--         exact h_lookup
+--       have b_mem : b ∈ Finmap.insert interval r σ.keccak_map :=
+--         Finmap.mem_iff.mpr ⟨r, b_lookup_eq_some_r⟩
+--       by_contra a_ne_b
+
+--       rw [ ← a_eq_interval, Finmap.lookup_insert_of_ne _ (Ne.symm a_ne_b)
+--          , Finmap.lookup_eq_some_iff, ← Multiset.mem_toList ] at b_lookup_eq_some_r
+--       apply mem_sigma_proj at b_lookup_eq_some_r
+--       rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset] at b_lookup_eq_some_r
+--       simp only [] at b_lookup_eq_some_r
+
+--       have r_mem_used := σ.keccak_used_range b_lookup_eq_some_r
+--       exact r_ne_mem_used r_mem_used
+
+--       have a_ne_interval : a ≠ interval := by aesop
+--       by_cases b_ne_interval : b ≠ interval
+--       rw [ Finmap.lookup_insert_of_ne _ a_ne_interval
+--          , Finmap.lookup_insert_of_ne _ b_ne_interval ] at h_lookup
+--       exact σ.keccak_inj a_mem_prev h_lookup
+
+--       have b_eq_interval : b = interval := by aesop
+--       rw [ b_eq_interval, Finmap.lookup_insert
+--          , Finmap.lookup_insert_of_ne _ a_ne_interval ] at h_lookup
+
+--       rw [ Finmap.lookup_eq_some_iff, ← Multiset.mem_toList ] at h_lookup
+--       apply mem_sigma_proj at h_lookup
+--       rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset] at h_lookup
+--       simp only [] at h_lookup
+
+--       have r_mem_used := σ.keccak_used_range h_lookup
+--       contradiction
+--   }
 
 def keccak256 (σ : EVMState) (p n : UInt256) : Option (UInt256 × EVMState) :=
   let interval : List UInt256 := List.map (Nat.toUInt256 ∘ fromBytes!) (List.toChunks 32 (mkInterval' σ.machine_state.memory p n))
-  match g : Finmap.lookup interval σ.keccak_map with
+  match Finmap.lookup interval σ.keccak_map with
   | .some val => .some (val, σ)
   | .none     =>
-    match h : σ.keccak_range.filter (· ∉ σ.used_range) with
-    | r :: rs => .some ( r, updated_keccak_map (r := r) (rs := rs) (Finmap.lookup_eq_none.mp g) h)
+    match σ.keccak_range.filter (· ∉ σ.used_range) with
+    | r :: rs => .some ( r, { σ with
+        keccak_map := σ.keccak_map.insert interval r,
+        keccak_range := rs,
+        used_range := {r} ∪ σ.used_range
+      } )
     | [] => .none
 
+lemma Preserved_of_keccek256
+  {σ} {res : UInt256 × EVMState} {p n}
+  (h : σ.keccak256 p n = some res) : Preserved σ res.2 := by
+  unfold keccak256 at h
+  generalize interval_def :
+      List.map
+        (Nat.toUInt256 ∘ fromBytes!)
+        (List.toChunks (OfNat.ofNat 32) (mkInterval' σ.machine_state.memory p n)) = interval at h
+  unfold_let at h
+  split at h
+  case h_1 r x h_filter =>
+    rw [Option.some_inj] at h
+    rw [← h]; simp only []
+    exact Preserved.refl
+  case h_2 a h_filter =>
+    split at h
+    swap; contradiction
+    next r _ _ =>
+      rw [Option.some_inj] at h
+      rw [← h]
+      constructor <;> simp only []
+      refine lt_of_insert r ?_
+      exact Finmap.lookup_eq_none.mp h_filter
+
+lemma keccak256_preserves_structure (σ : IsEVMState) {p n} :
+  (keccak256 ↑σ p n).elim' True (isEVMState ∘ Prod.snd) := by
+  unfold keccak256
+  unfold_let
+  split
+  simp [σ.property]
+  split
+  swap; simp
+
+  case _ heq _ r rs h =>
+    have r_ne_used : r ∈ σ.val.keccak_range.filter (· ∉ σ.val.used_range) :=
+      by aesop
+    have r_mem_range := List.mem_filter.mp r_ne_used
+    have r_ne_mem_used : r ∉ σ.val.used_range :=
+      by aesop
+    simp only [Option.elim', Function.comp_apply]
+    unfold isEVMState isKeccakInjective isKeccakUsedRange
+    simp only []
+    generalize interval_def :
+      List.map
+        (Nat.toUInt256 ∘ fromBytes!)
+        (List.toChunks (OfNat.ofNat 32) (mkInterval' σ.val.machine_state.memory p n)) = interval
+    rw [interval_def] at heq
+    have interval_ne_mem_map : interval ∉ σ.val.keccak_map := Finmap.lookup_eq_none.mp heq
+    apply And.intro
+
+    -- injective
+    intro a b mem h_lookup'
+    rcases Finmap.mem_insert.mp mem with a_eq_interval | a_mem_prev
+
+    have b_lookup_eq_some_r := by
+      rw [a_eq_interval] at h_lookup'
+      symm at h_lookup'
+      simp at h_lookup'
+      exact h_lookup'
+    have b_mem : b ∈ Finmap.insert interval r σ.val.keccak_map :=
+      Finmap.mem_iff.mpr ⟨r, b_lookup_eq_some_r⟩
+    by_contra a_ne_b
+
+    rw [ ← a_eq_interval, Finmap.lookup_insert_of_ne _ (Ne.symm a_ne_b)
+       , Finmap.lookup_eq_some_iff, ← Multiset.mem_toList ] at b_lookup_eq_some_r
+    apply mem_sigma_proj at b_lookup_eq_some_r
+    rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset] at b_lookup_eq_some_r
+    simp only [] at b_lookup_eq_some_r
+
+    have r_mem_used := σ.property.2 b_lookup_eq_some_r
+    exact r_ne_mem_used r_mem_used
+
+    have a_ne_interval : a ≠ interval := by
+      have := Finmap.lookup_eq_none.mp heq
+      aesop
+    by_cases b_ne_interval : b ≠ interval
+    rw [ Finmap.lookup_insert_of_ne _ a_ne_interval
+       , Finmap.lookup_insert_of_ne _ b_ne_interval ] at h_lookup'
+    exact σ.property.1 a_mem_prev h_lookup'
+
+    have b_eq_interval : b = interval := by aesop
+    rw [ b_eq_interval, Finmap.lookup_insert
+       , Finmap.lookup_insert_of_ne _ a_ne_interval ] at h_lookup'
+
+    rw [ Finmap.lookup_eq_some_iff, ← Multiset.mem_toList ] at h_lookup'
+    apply mem_sigma_proj at h_lookup'
+    rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset] at h_lookup'
+    simp only [] at h_lookup'
+
+    have r_mem_used := σ.property.2 h_lookup'
+    contradiction
+
+    -- keccak_used_range
+    intro r' r'_mem
+    have subset := Finset.subset_iff.mp σ.property.2
+    rw [ List.mem_toFinset, List.mem_map
+       , Finmap.insert_entries_of_neg interval_ne_mem_map
+       ] at r'_mem
+    obtain ⟨a, ⟨a_mem, a_val_eq_r'⟩⟩ := r'_mem
+    rw [Multiset.mem_toList, Multiset.mem_cons] at a_mem
+    rcases a_mem with a_eq_interval_r | a_mem_prev
+    rw [a_eq_interval_r] at a_val_eq_r'
+    simp only [ keccak_val, keccak_prod
+              , Equiv.toFun_as_coe, Function.comp_apply
+             , Equiv.sigmaEquivProd_apply ] at a_val_eq_r'
+    rw [a_val_eq_r']
+    simp
+
+    rw [← Multiset.mem_toList] at a_mem_prev
+    apply mem_sigma_proj at a_mem_prev
+    rw [← keccak_prod, ← keccak_val, ← List.mem_toFinset
+       , snd_eq_keccak_val, a_val_eq_r'
+       ] at a_mem_prev
+    have := subset a_mem_prev
+    simp only [Finset.mem_union, Finset.mem_singleton]
+    right; exact this
+
+lemma isEVMState_of_keccak256 {σ : IsEVMState} {σ'} {r} {p n} (h : keccak256 ↑σ p n = some ⟨r, σ'⟩) :
+  σ'.isEVMState := by
+  have := keccak256_preserves_structure σ (p := p) (n := n)
+  rw [h, Option.elim'_some] at this
+  exact this
+
 lemma keccak_map_lookup_eq_of_Preserved_of_lookup {σ₀ σ₁} {addr} {b}
   (p : Preserved σ₀ σ₁) (h : Finmap.lookup addr σ₀.keccak_map = some b) :
   σ₀.keccak_map.lookup addr = σ₁.keccak_map.lookup addr := by
@@ -702,6 +841,11 @@ lemma keccak_map_lookup_eq_of_Preserved_of_lookup {σ₀ σ₁} {addr} {b}
     rw [Finmap.mem_iff]
     use b
 
+lemma hash_collision_of_keccak256_eq_some {σ σ' : EVMState} {p n} {r}
+  (h : keccak256 σ p n = some ⟨r, σ'⟩) :
+  σ'.hash_collision = σ.hash_collision := by
+  sorry
+
 -- code copy
 
 def codeCopy (σ : EVMState) (mstart cstart s : UInt256) : EVMState :=
@@ -794,11 +938,11 @@ def sstore (σ : EVMState) (spos sval : UInt256) : EVMState :=
   match σ.lookupAccount σ.execution_env.code_owner with
   | .some act =>
     let σ' := σ.updateAccount σ.execution_env.code_owner (act.updateStorage spos sval)
-    {σ' with used_range := {spos} ∪ σ'.used_range
-             keccak_used_range :=
-               by trans σ'.used_range
-                  · exact σ'.keccak_used_range
-                  · exact Finset.subset_union_right}
+    {σ' with used_range := {spos} ∪ σ'.used_range}
+             -- keccak_used_range :=
+             --   by trans σ'.used_range
+             --      · exact σ'.keccak_used_range
+             --      · exact Finset.subset_union_right
   | .none => σ
 
 def msize (σ : EVMState) : UInt256 :=
@@ -835,6 +979,11 @@ lemma mstore_preserved {σ} {pos val} : Preserved σ (σ.mstore pos val) := by
   rw [Preserved_def]
   simp
 
+lemma hash_collision_of_mstore {σ : EVMState} {pos val} :
+  (σ.mstore pos val).hash_collision = σ.hash_collision := by
+  unfold mstore updateMemory
+  simp only []
+
 lemma sload_eq_of_preserved {σ₀ σ₁} {pos} (h : Preserved σ₀ σ₁) :
   sload σ₀ pos = sload σ₁ pos := by
   unfold sload lookupAccount
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index 1290941..7b527d7 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -33,11 +33,6 @@ lemma EVMAddrSize' {s : State} : (s, [Fin.shiftLeft 1 160]) = (s, [Address.size.
   simp
   exact shift_eq_size
 
-set_option maxHeartbeats 200000
-set_option maxRecDepth 800
-set_option pp.deepTerms true
-set_option pp.proofs true
-
 lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
   Spec (mapping_index_access_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
   Spec (A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
@@ -63,130 +58,93 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
     rw [← prep_def];
     exact Preserved.trans mstore_preserved mstore_preserved
 
-  unfold keccak256 at code
-  unfold_let at code
-
   split at code
-  -- some
-  case h_1 x h_lookup =>
-    -- no hash collision
-    split at h_lookup
-    case h_1 val heq =>
-      rw [Option.some_inj] at h_lookup
-      -- lookup existing
-      rw [ interval'_eq_interval 2 two_ne_zero (by norm_cast)
-         , ← prep_def
-         , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
-         , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
-         , interval_of_0_eq_nil
-         ] at heq
-      -- make sense of the code
-      rw [← h_lookup] at code
-      simp only [Fin.isValue, multifill_cons, multifill_nil'] at code
-      unfold setEvm State.insert State.lookup! at code
-      simp only [Fin.isValue, Finmap.lookup_insert, get!_some, isOk_Ok] at code
-      rw [← State.insert_of_ok] at code
-
-      rw [← code]
-      simp only [isOk_Ok, isOutOfFuel_insert', isOutOfFuel_Ok, not_false_eq_true, isOk_insert, evm_insert,
-  get_evm_of_ok, true_and]
-      apply And.intro
-      swap;
+  case h_1 _ res keccak_eq_some_res =>
+    simp only [multifill_cons, multifill_nil'] at code
+    unfold setEvm State.insert State.lookup! at code
+    simp only [Fin.isValue, Finmap.lookup_insert, get!_some, isOk_Ok] at code
+    rw [← State.insert_of_ok] at code
+    rw [← code]
+
+    have res_collision := hash_collision_of_keccak256_eq_some keccak_eq_some_res
+    have prep_collision : state_prep.hash_collision = evm.hash_collision := by
       rw [← prep_def]
-      unfold mstore updateMemory
-      simp only []
-      intro _; assumption
-      left
-      split_ands
-
-      rw [preservesEvm_of_insert']
-      apply preservesEvm_of_preserved
-      simp [get_evm_of_ok]
-      exact Preserved_prep
-      use val, (prep_def ▸ heq)
-      simp only [insert_of_ok, store]
-
-    case h_2 val heq =>
-      split at h_lookup
-      swap; contradiction
-      rw [Option.some_inj] at h_lookup
+      exact Eq.trans hash_collision_of_mstore hash_collision_of_mstore
       
-      have : Finmap.lookup [account.val.cast, slot] state_prep.keccak_map = none := by
-        rw [ interval'_eq_interval 2 two_ne_zero (by norm_cast)
-           , ← prep_def
-           , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
-           , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
-           , interval_of_0_eq_nil
-           ] at heq
-        exact (prep_def ▸ heq)
-      have int_ne_mem_map : [↑↑account, slot] ∉ state_prep.keccak_map := sorry
-
-      simp at code
-      unfold setEvm State.insert State.lookup! at code
-      simp at code
-      simp only [← h_lookup, ← State.insert_of_ok] at code
-      rw [← code]
-
-      apply And.intro
-      swap;
-      -- hash collision preservation
-      sorry
-
-      left; split_ands
-      rw [preservesEvm_of_insert']
-      apply preservesEvm_of_preserved
-      simp [get_evm_of_ok]
-      apply Preserved.trans Preserved_prep
+    have preserves_collision :
+      evm.hash_collision = true → Ok res.2 varstore⟦dataSlot↦res.1⟧.evm.hash_collision = true := by      
+      rw [State.insert_of_ok, get_evm_of_ok, res_collision, prep_collision]
+      intro h; exact h
+    
+    apply And.intro
+    swap; exact preserves_collision
+    
+    by_cases h : evm.hash_collision
+    right
+    -- hash_collision from the previous state
+    exact preserves_collision h
     
-      -- obtain ⟨res, σ'⟩ := x
-      -- injection h_lookup with res_eq σ'_eq
-      exact Preserved_of_updated_keccak_map (σ := state_prep) rfl
-      done
-    done
-
-  case h_2 x h_lookup =>
-    split at h_lookup
-    done
-
-  -- -- generalize interval_def : List.map (Nat.toUInt256 ∘ UInt256.fromBytes!)
-  -- --                 (List.toChunks 32
-  -- --                 (mkInterval' state_prep.machine_state.memory 0 64)) = interval at code
-
-  -- -- have interval_eq : interval = mkInterval state_prep.machine_state.memory 0 2 := by sorry
-
-  -- -- have : List.map (Nat.toUInt256 ∘ UInt256.fromBytes!)
-  -- --                 (List.toChunks 32
-  -- --                 (mkInterval' state_prep.machine_state.memory 0 64)) =
-  -- --   mkInterval state_prep.machine_state.memory 0 2 := by sorry
-  -- split at code
-  -- next x h_lookup =>
-  --   split at h_lookup
-  --   done
-
-  -- simp_rw [ interval'_eq_interval 2 two_ne_zero (by sorry)
-  --    -- , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
-  --    -- , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
-  --    -- , interval_of_0_eq_nil
-  --    ] at code
-
-  -- -- rw [ this ] at code
-  -- rw [ mstore_preserves_keccak_map, mstore_preserves_keccak_map
-  --    , hasAddress
-  --    ]
-  -- simp at prog
-  -- unfold setEvm State.insert State.lookup! at prog
-  -- simp at prog
-
-  -- rw [← prog]
-  -- unfold State.lookup!
-
-  -- apply And.intro
-  -- · apply preservesEvm_eq
-  --   simp
-  --   apply preserved_trans 
-  --   · exact mstore_preserves
-  --   · exact mstore_preserves
-  -- · simp
+    -- no hash collision from the previous state
+    left; split_ands
+    -- preservesEvm
+    rw [preservesEvm_of_insert']
+    apply preservesEvm_of_preserved
+    rw [get_evm_of_ok, get_evm_of_ok]
+    exact Preserved.trans Preserved_prep (Preserved_of_keccek256 keccak_eq_some_res)
+
+    -- state is ok
+    exact State.isOk_Ok
+
+    -- keccak
+    use res.1
+    split_ands
+    -- keccak lookup for last
+    rotate_left
+    -- varstore preservation
+    rw [State.insert_of_ok]
+    simp only [State.store]
+    
+    -- no hash collision
+    rw [State.insert_of_ok, get_evm_of_ok, res_collision, prep_collision]
+    rw [Bool.eq_false_eq_not_eq_true] at h; exact h
+    
+    -- keccak lookup
+    rw [State.insert_of_ok, get_evm_of_ok]
+    unfold keccak256 at keccak_eq_some_res
+    rw [ interval'_eq_interval 2 two_ne_zero (by norm_cast)
+       , ← prep_def
+       , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
+       , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
+       , interval_of_0_eq_nil
+       ] at keccak_eq_some_res
+    unfold_let at keccak_eq_some_res
+
+    split at keccak_eq_some_res
+    case h_1 _ v h_lookup =>
+      rw [Option.some_inj] at keccak_eq_some_res
+      rw [← keccak_eq_some_res]
+      exact h_lookup
+    case h_2 _ h_lookup =>
+      split at keccak_eq_some_res
+      swap; contradiction
+      rw [Option.some_inj] at keccak_eq_some_res
+      rw [← keccak_eq_some_res]
+      simp only [];
+      rw [Finmap.lookup_insert]
+
+  case h_2 res keccak_eq_none =>
+    simp only [multifill_cons, multifill_nil'] at code
+    unfold setEvm State.insert State.lookup! at code
+    simp only [Fin.isValue, Finmap.lookup_insert, get!_some, isOk_Ok] at code
+    rw [← State.insert_of_ok] at code
+    
+    have final_destination : s₉.evm.hash_collision := by
+      rw [← code, State.insert_of_ok, get_evm_of_ok]
+      exact hash_collision_of_addHashCollision state_prep
+
+    apply And.intro
+    right; exact final_destination
+    intro _; exact final_destination
 
   end
 

From 5dd0ad9666228e740754c7a1513386e6aafc725d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Fri, 25 Oct 2024 22:13:52 +0200
Subject: [PATCH 48/89] [wip] adjust for EVM structure split

---
 Generated/erc20shim/ERC20Shim/fun_allowance_user.lean | 9 ++++++---
 Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean | 6 ++++--
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index 5fc9e27..cb25c7c 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -181,7 +181,8 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
             rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address
               , this ]
             simp
-          have keccak_inj := evmₛ'.keccak_inj this (Eq.symm h)
+          have IsEVMₛ' : evmₛ'.isEVMState := by sorry
+          have keccak_inj := IsEVMₛ'.1 this (Eq.symm h)
 
           rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
           unfold Fin.ofNat'' at keccak_inj
@@ -232,7 +233,8 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
             rw [s_eq_ok'] at keccak_using_intermediate'
             simp at keccak_using_intermediate'
             exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate'
-          have keccak_inj := evmₛ'.keccak_inj this (Eq.symm hSpender)
+          have IsEVMₛ' : evmₛ'.isEVMState := by sorry
+          have keccak_inj := IsEVMₛ'.1 this (Eq.symm hSpender)
           rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
           unfold Fin.ofNat'' at keccak_inj
           simp at keccak_inj
@@ -253,7 +255,8 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
               rw [s_eq_ok] at keccak_using_intermediate
               simp at keccak_using_intermediate
               exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate
-            have keccak_inj := evmₛ.keccak_inj this (Eq.symm owner_lookup'')
+            have IsEVMₛ : evmₛ.isEVMState := by sorry
+            have keccak_inj := IsEVMₛ.1 this (Eq.symm owner_lookup'')
             rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
             unfold Fin.ofNat'' at keccak_inj
             simp at keccak_inj
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index ea89d93..a7aa269 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -124,7 +124,8 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
           rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
             , this ]
           simp
-        have keccak_inj := evmₛ.keccak_inj this (Eq.symm h)
+        have IsEVMₛ : evmₛ.isEVMState := by sorry
+        have keccak_inj := IsEVMₛ.1 this (Eq.symm h)
 
         rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
         unfold Fin.ofNat'' at keccak_inj
@@ -157,7 +158,8 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
           have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
           rw [this]
           simp
-        have keccak_inj := evmₛ.keccak_inj this h
+        have IsEVMₛ : evmₛ.isEVMState := by sorry
+        have keccak_inj := IsEVMₛ.1 this h
         simp at keccak_inj
         have intermediate_ne_balances : erc_intermediate ≠ ERC20Private.balances := by
           obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2.1

From 9c5e9234d2fbbcd39bd86faf41f34b8fe2e8691e Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Tue, 29 Oct 2024 18:00:33 +1300
Subject: [PATCH 49/89] Make use of the keccak helper proof for the other
 keccak helper

---
 ..._address_mapping_address_uint256_of_address_user.lean | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
index a36bd3b..dc0b2cb 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
@@ -17,14 +17,7 @@ lemma mapping_index_access_mapping_address_mapping_address_uint256_of_address_ab
   Spec (mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
   Spec (A_mapping_index_access_mapping_address_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
   unfold mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_mapping_address_uint256_of_address
-         A_mapping_index_access_mapping_address_uint256_of_address
-
-  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
-  apply spec_eq
-  intro hasFuel
-  clr_funargs
-  sorry
-
+  apply mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete
 
 end
 

From 9df1fda6b0f5056b561630991d6db1a6f6d79a81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kopa=C5=84ski?= <jakub@famisoft.pl>
Date: Tue, 29 Oct 2024 11:19:34 +0100
Subject: [PATCH 50/89] Use new tactic

---
 Clear/State.lean                              | 21 +++++++++++++++++++
 ...pping_address_uint256_of_address_user.lean | 12 +++--------
 2 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/Clear/State.lean b/Clear/State.lean
index a595d33..2c6b3a8 100644
--- a/Clear/State.lean
+++ b/Clear/State.lean
@@ -675,6 +675,27 @@ lemma insert_setEvm_insert : (s.setEvm evm')⟦var ↦ val⟧ = s⟦var ↦ val
   rcases s <;> [(try simp only); aesop_spec; aesop_spec]
   rfl
 
+-- TODO: Option.get!_some in newer mathlib
+theorem come_get!_some {α} [Inhabited α] {a : α} : (some a).get! = a := rfl
+
+open Lean Meta Elab Tactic in
+elab "clr_match" : tactic => do
+  evalTactic <| ← `(tactic| (
+    simp only [lookup!, setEvm, Fin.isValue, insert_of_ok,
+      multifill_cons, multifill_nil', Finmap.lookup_insert,
+      come_get!_some, isOk_Ok]
+    rw [← State.insert_of_ok]
+  ))
+
+open Lean Meta Elab Tactic in
+elab "clr_match" "at" h:ident : tactic => do
+  evalTactic <| ← `(tactic| (
+    simp only [lookup!, setEvm, Fin.isValue, insert_of_ok,
+      multifill_cons, multifill_nil', Finmap.lookup_insert,
+      come_get!_some, isOk_Ok] at $h:ident
+    repeat rw [← State.insert_of_ok] at $h:ident
+  ))
+
 end
 
 end State
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index 7b527d7..fb01344 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -60,10 +60,7 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
 
   split at code
   case h_1 _ res keccak_eq_some_res =>
-    simp only [multifill_cons, multifill_nil'] at code
-    unfold setEvm State.insert State.lookup! at code
-    simp only [Fin.isValue, Finmap.lookup_insert, get!_some, isOk_Ok] at code
-    rw [← State.insert_of_ok] at code
+    clr_match at code
     rw [← code]
 
     have res_collision := hash_collision_of_keccak256_eq_some keccak_eq_some_res
@@ -133,11 +130,8 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
       rw [Finmap.lookup_insert]
 
   case h_2 res keccak_eq_none =>
-    simp only [multifill_cons, multifill_nil'] at code
-    unfold setEvm State.insert State.lookup! at code
-    simp only [Fin.isValue, Finmap.lookup_insert, get!_some, isOk_Ok] at code
-    rw [← State.insert_of_ok] at code
-    
+    clr_match at code
+
     have final_destination : s₉.evm.hash_collision := by
       rw [← code, State.insert_of_ok, get_evm_of_ok]
       exact hash_collision_of_addHashCollision state_prep

From f223382c12ed52dbfe79d347c682fe94c4fbbf4d Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Fri, 8 Nov 2024 05:35:17 +0000
Subject: [PATCH 51/89] Add `mstore_preserves_used_range` lemma

---
 Clear/EVMState.lean | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index 71e5101..02c367c 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -2270,6 +2270,12 @@ lemma mstore_preserves_keccak_map :
   unfold mstore
   unfold updateMemory
   simp
+  
+lemma mstore_preserves_used_range : 
+  (mstore evm addr val).used_range = evm.used_range := by
+  unfold mstore
+  unfold updateMemory
+  simp
 
 section Interval
 

From c243670a58755e578f23df10201d973d9eeec3b8 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Fri, 8 Nov 2024 06:06:21 +0000
Subject: [PATCH 52/89] Add preservation of `isEVMState` to helper spec and
 prove it

---
 ...pping_address_uint256_of_address_user.lean | 29 +++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index fb01344..542d840 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -18,7 +18,7 @@ set_option linter.setOption false
 set_option pp.coercions false
 
 def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
-  ((preservesEvm s₀ s₉ ∧ s₉.isOk ∧ (∃ keccak,
+  ((preservesEvm s₀ s₉ ∧ s₉.isOk ∧ (s₀.evm.isEVMState → s₉.evm.isEVMState) ∧ (∃ keccak,
   s₉.evm.keccak_map.lookup [ ↑(Address.ofUInt256 key), slot ] = some keccak ∧
   s₉.store = s₀⟦dataSlot ↦ keccak⟧.store) ∧
   s₉.evm.hash_collision = false)
@@ -91,7 +91,32 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
 
     -- state is ok
     exact State.isOk_Ok
-
+    -- s₉.evm.isEVMState
+    intro hIsEVMState
+    obtain ⟨res₁,res₂⟩ := res
+    simp
+    
+    have state_prep_isEVMState : isEVMState state_prep := by
+      rw [←prep_def]
+      
+      unfold isEVMState
+      split_ands
+      unfold isKeccakInjective
+      simp
+      intros a b h₁ h₂
+      rw [mstore_preserves_keccak_map, mstore_preserves_keccak_map] at h₂
+      unfold isEVMState at hIsEVMState
+      aesop
+      
+      unfold isKeccakUsedRange
+      simp  
+      rw [mstore_preserves_keccak_map, mstore_preserves_keccak_map,
+          mstore_preserves_used_range, mstore_preserves_used_range]
+      unfold isEVMState at hIsEVMState
+      aesop
+    
+    apply @isEVMState_of_keccak256 ⟨state_prep, state_prep_isEVMState⟩ _ _ _ _ keccak_eq_some_res
+    
     -- keccak
     use res.1
     split_ands

From 26439d72f1f16b9dbac00e8a5b2112c0c0350a0e Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Fri, 8 Nov 2024 06:32:02 +0000
Subject: [PATCH 53/89] =?UTF-8?q?Fill=20sorries=20related=20to=20preservat?=
 =?UTF-8?q?ion=20of=20`isEVMState`=20As=20required,=20add=20`s=E2=82=80.ev?=
 =?UTF-8?q?m.isEVMState`=20as=20a=20precondition=20for=20`allowance`=20and?=
 =?UTF-8?q?=20`balanceOf`.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../erc20shim/ERC20Shim/fun_allowance_user.lean  | 16 ++++++++--------
 .../erc20shim/ERC20Shim/fun_balanceOf_user.lean  | 10 +++++-----
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index cb25c7c..cadcc00 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -13,7 +13,7 @@ open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemma
 set_option maxHeartbeats 1000000
 
 def A_fun_allowance (var : Identifier) (var_owner var_spender : Literal) (s₀ s₉ : State) : Prop :=
-  (∀ {erc20}, IsERC20 erc20 s₀ →
+  (∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
   let owner := Address.ofUInt256 var_owner
   let spender := Address.ofUInt256 var_spender
   IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
@@ -40,7 +40,7 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
   
   
 
-  obtain ⟨⟨preservesEvm, s_isOk, ⟨⟨intermediate_keccak, keccak_using_intermediate, hStore⟩,hHashCollision⟩⟩, hHashCollision₁⟩ := mapping -- Adds a goal
+  obtain ⟨⟨preservesEvm, s_isOk, s_isEVMStatePreserved, ⟨⟨intermediate_keccak, keccak_using_intermediate, hStore⟩,hHashCollision⟩⟩, hHashCollision₁⟩ := mapping -- Adds a goal
   · -- No hash collision from first keccak
     
     obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
@@ -56,10 +56,10 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
     unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
     clr_spec at mapping'
     
-    obtain ⟨⟨preservesEvm', s_isOk', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
+    obtain ⟨⟨preservesEvm', s_isOk', s_isEVMStatePreserved', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
     · -- No hash collision from second keccak
       left
-      intro erc20 is_erc20
+      intro erc20 is_erc20 s₀_isEVMState
       obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
       have keccak' : Finmap.lookup [↑↑(Address.ofUInt256 (s["var_spender"]!!)), s["_2"]!!] s'.evm.keccak_map = some (s'["_3"]!!) := by
         rw [s_eq_ok]
@@ -181,7 +181,7 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
             rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address
               , this ]
             simp
-          have IsEVMₛ' : evmₛ'.isEVMState := by sorry
+          have IsEVMₛ' : evmₛ'.isEVMState := by aesop
           have keccak_inj := IsEVMₛ'.1 this (Eq.symm h)
 
           rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
@@ -233,7 +233,7 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
             rw [s_eq_ok'] at keccak_using_intermediate'
             simp at keccak_using_intermediate'
             exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate'
-          have IsEVMₛ' : evmₛ'.isEVMState := by sorry
+          have IsEVMₛ' : evmₛ'.isEVMState := by aesop
           have keccak_inj := IsEVMₛ'.1 this (Eq.symm hSpender)
           rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
           unfold Fin.ofNat'' at keccak_inj
@@ -255,7 +255,7 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
               rw [s_eq_ok] at keccak_using_intermediate
               simp at keccak_using_intermediate
               exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate
-            have IsEVMₛ : evmₛ.isEVMState := by sorry
+            have IsEVMₛ : evmₛ.isEVMState := by aesop
             have keccak_inj := IsEVMₛ.1 this (Eq.symm owner_lookup'')
             rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
             unfold Fin.ofNat'' at keccak_inj
@@ -344,7 +344,7 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
     · unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
       clr_spec at mapping'
       
-      obtain ⟨⟨preservesEvm', s_isOk', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
+      obtain ⟨⟨preservesEvm', s_isOk', s_isEVMStatePreserved', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
 
       have :   hash_collision (Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm)
           = evm.hash_collision := by
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index a7aa269..54efb58 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -12,7 +12,7 @@ section
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
 def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop :=
-  (∀ {erc20}, IsERC20 erc20 s₀ →
+  (∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
   let account := Address.ofUInt256 var_account
   IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
   s₉[var]!! = (erc20.balances.lookup account).getD 0 ∧
@@ -36,10 +36,10 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   clr_spec at mapping
 
   
-  obtain ⟨⟨preservesEvm, s_isOk, ⟨⟨keccak_value, keccak_using_keccak_value, hStore⟩,hHashCollision⟩⟩, hHashCollision₁⟩ := mapping -- Adds a goal
+  obtain ⟨⟨preservesEvm, s_isOk, s_isEVMStatePreserved, ⟨⟨keccak_value, keccak_using_keccak_value, hStore⟩,hHashCollision⟩⟩, hHashCollision₁⟩ := mapping -- Adds a goal
   · -- No hash collision from keccak
     left
-    intro erc20 is_erc20
+    intro erc20 is_erc20 s₀_isEVMState
 
     obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
 
@@ -124,7 +124,7 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
           rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
             , this ]
           simp
-        have IsEVMₛ : evmₛ.isEVMState := by sorry
+        have IsEVMₛ : evmₛ.isEVMState := by aesop
         have keccak_inj := IsEVMₛ.1 this (Eq.symm h)
 
         rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
@@ -158,7 +158,7 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
           have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
           rw [this]
           simp
-        have IsEVMₛ : evmₛ.isEVMState := by sorry
+        have IsEVMₛ : evmₛ.isEVMState := by aesop
         have keccak_inj := IsEVMₛ.1 this h
         simp at keccak_inj
         have intermediate_ne_balances : erc_intermediate ≠ ERC20Private.balances := by

From 74ef5ef9cc5219b11b3185bf7284381a14e6a591 Mon Sep 17 00:00:00 2001
From: Julian Sutherland <julian.sutherland10@imperial.ac.uk>
Date: Sun, 10 Nov 2024 11:42:35 +0000
Subject: [PATCH 54/89] Fixed some simple remaining sorrys

---
 Clear/EVMState.lean | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index 02c367c..cbcd6c5 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -844,7 +844,8 @@ lemma keccak_map_lookup_eq_of_Preserved_of_lookup {σ₀ σ₁} {addr} {b}
 lemma hash_collision_of_keccak256_eq_some {σ σ' : EVMState} {p n} {r}
   (h : keccak256 σ p n = some ⟨r, σ'⟩) :
   σ'.hash_collision = σ.hash_collision := by
-  sorry
+  unfold keccak256 at h
+  aesop
 
 -- code copy
 
@@ -998,7 +999,17 @@ lemma storage_eq_of_preserved {σ₀ σ₁} (h : Preserved σ₀ σ₁) :
 
 lemma sload_of_not_mem_dom {evm : EVMState} :
   ∀ {addr}, addr ∉ evm.storage.keys → evm.sload addr = 0 := by
-  sorry
+  intros addr h
+  unfold sload Account.lookupStorage
+  unfold storage at h
+  generalize act_def : evm.lookupAccount evm.execution_env.code_owner = mact
+  rw [act_def] at h
+  match mact with
+  | none => simp only
+  | some act =>
+    simp only at h ⊢
+    rw [Finmap.mem_keys, Iff.symm Finmap.lookup_eq_none] at h
+    rw [h]
 
 end
 

From 1a96b5eb35779f655d4a9e52fb1693f87168d75b Mon Sep 17 00:00:00 2001
From: Frantisek Silvasi <silvasi.frantisek@gmail.com>
Date: Mon, 11 Nov 2024 11:10:03 +0100
Subject: [PATCH 55/89] fix generation of double { {, credit to Daniel

---
 vc/src/Main.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vc/src/Main.hs b/vc/src/Main.hs
index 6c76fef..e33cf2f 100644
--- a/vc/src/Main.hs
+++ b/vc/src/Main.hs
@@ -259,7 +259,7 @@ fillInFunction topLevelContract file imports (FuncDef _ contract fargs ret body)
         funcArgs     = generateGuarded (null fargs) $ "(" ++ unwords fargs ++ " : Literal)"
         opens        = opensOfImports topLevelContract imports
         retVals      = generateGuarded (null ret) $ "(" ++ unwords ret ++ " : Identifier)"
-        rValsAndArgs = generateGuarded (null (ret ++ fargs)) "{" ++ unwords ret ++ " " ++ argsSepSpace ++ "}"
+        rValsAndArgs = generateGuarded (null (ret ++ fargs)) $ "{" ++ unwords ret ++ " " ++ argsSepSpace ++ "}"
         replaceIn ttype =
           replaceMany [
             ("\\<imports>",                       leanImports ++ internalImports topLevelContract contract file ttype),

From 004ecae34cdfaa940e6f38ed98d0014e76cb8fa9 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Mon, 18 Nov 2024 04:06:57 +0000
Subject: [PATCH 56/89] =?UTF-8?q?Improvements=20to=20generator:=20switch?=
 =?UTF-8?q?=20cases.=20By=20Franti=C5=A1ek?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Frantisek Silvasi <silvasi.frantisek@gmail.com>
---
 vc/src/ProofGenerator.hs | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/vc/src/ProofGenerator.hs b/vc/src/ProofGenerator.hs
index dd2c9cb..fb9750e 100644
--- a/vc/src/ProofGenerator.hs
+++ b/vc/src/ProofGenerator.hs
@@ -17,12 +17,12 @@ tacticsOfExpr (Var {}) = "-- simp [Var']"
 tacticsOfExpr (Lit {}) = "-- simp [Lit']"
 
 tacticsOfCond :: String
-tacticsOfCond = "simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]"
+tacticsOfCond = "try simp only [Fin.isValue]; try rw [List.foldr_cons]; simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; try rewrite [List.foldr_nil]"
 
 assignCall :: String -> String
 assignCall name = unlines [
     "rw [cons]; simp only [LetCall', AssignCall']",
-    "simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]",
+    "try simp only [Fin.isValue]; try rw [List.foldr_cons]; simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; try rewrite [List.foldr_nil]",
     "-- EXPR \6",
     "try simp",
     "generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs",
@@ -84,7 +84,7 @@ tacticsOfStmt' _ (LetInit _ (Call f _)) =
     if f `elem` yulPrimOps
     then unlines [
           "rw [cons]; simp only [LetPrimCall', AssignPrimCall']",
-          "simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]",
+          "try simp only [Fin.isValue]; try rw [List.foldr_cons]; simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; try rewrite [List.foldr_nil]",
           rwPrimop f,
           "try simp"]
     else assignCall f
@@ -93,7 +93,7 @@ tacticsOfStmt' _ (Assignment _ (Call f _)) =
   if f `elem` yulPrimOps
   then unlines [
          "rw [cons]; simp only [LetPrimCall', AssignPrimCall']",
-         "simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]",
+         "try simp only [Fin.isValue]; try rw [List.foldr_cons]; simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; try rewrite [List.foldr_nil]",
          rwPrimop f,
          "try simp"]
   else assignCall f
@@ -103,13 +103,13 @@ tacticsOfStmt' _ (ExpressionStmt (Call f args)) =
   if f `elem` yulPrimOps
   then unlines [
     "rw [cons, ExprStmtPrimCall']; try simp only",
-    "simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]",
+    "try simp only [Fin.isValue]; try rw [List.foldr_cons]; simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; try rewrite [List.foldr_nil]",
     "-- EXPR \4",
     rwPrimop f,
     "try simp"]
   else let preamble = unlines [
              "rw [cons, ExprStmtCall']; try simp only",
-             "simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]"]
+             "try simp only [Fin.isValue]; try rw [List.foldr_cons]; simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; try rewrite [List.foldr_nil]"]
            postamble = unlines [
              "try simp",
              "",

From 583fd606dc09b458f21b96e7a3ab80270981629a Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Mon, 18 Nov 2024 04:09:53 +0000
Subject: [PATCH 57/89] =?UTF-8?q?Improvements=20to=20generator.=20By=20Fra?=
 =?UTF-8?q?nti=C5=A1ek?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Frantisek Silvasi <silvasi.frantisek@gmail.com>
---
 vc/src/ProofGenerator.hs | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/vc/src/ProofGenerator.hs b/vc/src/ProofGenerator.hs
index fb9750e..ebc9829 100644
--- a/vc/src/ProofGenerator.hs
+++ b/vc/src/ProofGenerator.hs
@@ -17,12 +17,12 @@ tacticsOfExpr (Var {}) = "-- simp [Var']"
 tacticsOfExpr (Lit {}) = "-- simp [Lit']"
 
 tacticsOfCond :: String
-tacticsOfCond = "try simp only [Fin.isValue]; try rw [List.foldr_cons]; simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; try rewrite [List.foldr_nil]"
+tacticsOfCond = "(try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))"
 
 assignCall :: String -> String
 assignCall name = unlines [
     "rw [cons]; simp only [LetCall', AssignCall']",
-    "try simp only [Fin.isValue]; try rw [List.foldr_cons]; simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; try rewrite [List.foldr_nil]",
+    "(try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))",
     "-- EXPR \6",
     "try simp",
     "generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs",
@@ -84,7 +84,7 @@ tacticsOfStmt' _ (LetInit _ (Call f _)) =
     if f `elem` yulPrimOps
     then unlines [
           "rw [cons]; simp only [LetPrimCall', AssignPrimCall']",
-          "try simp only [Fin.isValue]; try rw [List.foldr_cons]; simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; try rewrite [List.foldr_nil]",
+          "(try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))",
           rwPrimop f,
           "try simp"]
     else assignCall f
@@ -93,7 +93,7 @@ tacticsOfStmt' _ (Assignment _ (Call f _)) =
   if f `elem` yulPrimOps
   then unlines [
          "rw [cons]; simp only [LetPrimCall', AssignPrimCall']",
-         "try simp only [Fin.isValue]; try rw [List.foldr_cons]; simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; try rewrite [List.foldr_nil]",
+         "(try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))",
          rwPrimop f,
          "try simp"]
   else assignCall f
@@ -103,13 +103,13 @@ tacticsOfStmt' _ (ExpressionStmt (Call f args)) =
   if f `elem` yulPrimOps
   then unlines [
     "rw [cons, ExprStmtPrimCall']; try simp only",
-    "try simp only [Fin.isValue]; try rw [List.foldr_cons]; simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; try rewrite [List.foldr_nil]",
+    "(try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))",
     "-- EXPR \4",
     rwPrimop f,
     "try simp"]
   else let preamble = unlines [
              "rw [cons, ExprStmtCall']; try simp only",
-             "try simp only [Fin.isValue]; try rw [List.foldr_cons]; simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; try rewrite [List.foldr_nil]"]
+             "(try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))"]
            postamble = unlines [
              "try simp",
              "",
@@ -131,9 +131,9 @@ tacticsOfStmt' abs node@(Switch c legs dflt) =
     "unfold execSwitchCases",
     tacticsOfCond,
     tacticsOfExpr c,
-    concatMap ((tacticsOfStmt' abs . Block) . snd) legs,
+    concatMap ((("(try (unfold execSwitchCases))\n" ++) . tacticsOfStmt' abs . Block) . snd) legs,
     "generalize hdefault : exec _ _ _ = sdef",
-    "unfold execSwitchCases",
+    "(try (unfold execSwitchCases))",
     "subst hdefault",
     tacticsOfStmt' abs (Block dflt)]
 tacticsOfStmt' abs node@(For {}) =

From 4befbe0e3704baea7fce46e7dbb4c8b922e23e74 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Wed, 20 Nov 2024 00:33:28 +0000
Subject: [PATCH 58/89] Generate `erc20shim.yul` as described in
 `erc20shim-generation.md`

---
 out/erc20shim-generation.md |   22 +
 out/erc20shim.yul           | 1312 +++++++++++++++++++++++++++++++++++
 2 files changed, 1334 insertions(+)
 create mode 100644 out/erc20shim-generation.md
 create mode 100644 out/erc20shim.yul

diff --git a/out/erc20shim-generation.md b/out/erc20shim-generation.md
new file mode 100644
index 0000000..259a698
--- /dev/null
+++ b/out/erc20shim-generation.md
@@ -0,0 +1,22 @@
+# How to generate `erc20shim.yul`
+
+1. Clone https://github.com/OpenZeppelin/openzeppelin-contracts
+2. Checkout `v5.0.2` in openzeppelin-contracts
+3. Create a new file called `erc20shim.sol` in the `contracts/mocks/token` directory with the following:
+```
+pragma solidity ^0.8.20;
+
+import {ERC20} from "contracts/token/ERC20/ERC20.sol";
+
+contract ERC20Shim is ERC20 {
+    constructor() ERC20("ERC20Shim", "E20S") {}
+}
+```
+4. Install `solc-select` to be able to select specific `solc` versions. See: https://github.com/crytic/solc-select or https://search.nixos.org/packages?channel=unstable&show=solc-select
+5. Run `solc-select install 0.8.21`
+6. From the `contracts` directory, run:
+```
+SOLC_VERSION=0.8.21 solc --optimize --ir-optimized --yul-optimizations 'ho[esj]x[esVur]' contracts/mocks/token/erc20shim.sol > contracts/erc20shim.yul
+```
+
+You now have `erc20shim.yul` in the `contracts` directory.
\ No newline at end of file
diff --git a/out/erc20shim.yul b/out/erc20shim.yul
new file mode 100644
index 0000000..c6b24ab
--- /dev/null
+++ b/out/erc20shim.yul
@@ -0,0 +1,1312 @@
+Optimized IR:
+
+Optimized IR:
+
+Optimized IR:
+
+Optimized IR:
+/// @use-src 0:"contracts/interfaces/draft-IERC6093.sol", 1:"contracts/mocks/token/ERC20Shim.sol", 2:"contracts/token/ERC20/ERC20.sol", 3:"contracts/token/ERC20/IERC20.sol", 4:"contracts/token/ERC20/extensions/IERC20Metadata.sol", 5:"contracts/utils/Context.sol"
+object "ERC20Shim_14" {
+    code {
+        {
+            /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+            let _1 := memoryguard(0x80)
+            let _2 := 64
+            mstore(_2, _1)
+            let _3 := callvalue()
+            if _3
+            {
+                revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb()
+            }
+            constructor_ERC20Shim()
+            let _4 := _2
+            let _5 := mload(_2)
+            let _6 := datasize("ERC20Shim_14_deployed")
+            let _7 := dataoffset("ERC20Shim_14_deployed")
+            codecopy(_5, _7, _6)
+            let _8 := _6
+            return(_5, _6)
+        }
+        function revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb()
+        {
+            let _1 := 0
+            let _2 := _1
+            revert(_1, _1)
+        }
+        function panic_error_0x41()
+        {
+            let _1 := shl(224, 0x4e487b71)
+            let _2 := 0
+            mstore(_2, _1)
+            let _3 := 0x41
+            let _4 := 4
+            mstore(_4, _3)
+            let _5 := 0x24
+            let _6 := _2
+            revert(_2, _5)
+        }
+        function finalize_allocation(memPtr, size)
+        {
+            let _1 := not(31)
+            let _2 := 31
+            let _3 := add(size, _2)
+            let _4 := and(_3, _1)
+            let newFreePtr := add(memPtr, _4)
+            let _5 := lt(newFreePtr, memPtr)
+            let _6 := sub(shl(64, 1), 1)
+            let _7 := gt(newFreePtr, _6)
+            let _8 := or(_7, _5)
+            if _8 { panic_error_0x41() }
+            let _9 := 64
+            mstore(_9, newFreePtr)
+        }
+        function allocate_memory(size) -> memPtr
+        {
+            let _1 := 64
+            memPtr := mload(_1)
+            finalize_allocation(memPtr, size)
+        }
+        function array_allocation_size_string(length) -> size
+        {
+            let _1 := sub(shl(64, 1), 1)
+            let _2 := gt(length, _1)
+            if _2 { panic_error_0x41() }
+            let _3 := not(31)
+            let _4 := 31
+            let _5 := add(length, _4)
+            size := and(_5, _3)
+            let _6 := 0x20
+            size := add(size, _6)
+        }
+        function allocate_memory_array_string(length) -> memPtr
+        {
+            let _1 := array_allocation_size_string(length)
+            memPtr := allocate_memory(_1)
+            mstore(memPtr, length)
+        }
+        function store_literal_in_memory_73d84741e39ae21500f019e1bd49b1509c4dad0285f14920732b98003dc4a297(memPtr)
+        {
+            let _1 := "ERC20Shim"
+            mstore(memPtr, _1)
+        }
+        function copy_literal_to_memory_73d84741e39ae21500f019e1bd49b1509c4dad0285f14920732b98003dc4a297() -> memPtr
+        {
+            let _1 := 9
+            memPtr := allocate_memory_array_string(_1)
+            let _2 := 32
+            let _3 := add(memPtr, _2)
+            store_literal_in_memory_73d84741e39ae21500f019e1bd49b1509c4dad0285f14920732b98003dc4a297(_3)
+        }
+        function store_literal_in_memory_654a20c509642b4486f3c0baf150dce7367ca9e5f6186c81edaf3f66a3f7c7a3(memPtr)
+        {
+            let _1 := "E20S"
+            mstore(memPtr, _1)
+        }
+        function copy_literal_to_memory_654a20c509642b4486f3c0baf150dce7367ca9e5f6186c81edaf3f66a3f7c7a3() -> memPtr
+        {
+            let _1 := 4
+            memPtr := allocate_memory_array_string(_1)
+            let _2 := 32
+            let _3 := add(memPtr, _2)
+            store_literal_in_memory_654a20c509642b4486f3c0baf150dce7367ca9e5f6186c81edaf3f66a3f7c7a3(_3)
+        }
+        /// @ast-id 13 @src 1:116:159  "constructor() ERC20(\"ERC20Shim\", \"E20S\") {}"
+        function constructor_ERC20Shim()
+        {
+            /// @src 1:136:147  "\"ERC20Shim\""
+            let _mpos := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ copy_literal_to_memory_73d84741e39ae21500f019e1bd49b1509c4dad0285f14920732b98003dc4a297()
+            let _1 := copy_literal_to_memory_654a20c509642b4486f3c0baf150dce7367ca9e5f6186c81edaf3f66a3f7c7a3()
+            /// @src 1:116:159  "constructor() ERC20(\"ERC20Shim\", \"E20S\") {}"
+            constructor_ERC20(_mpos, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _1)
+        }
+        function panic_error_0x22()
+        {
+            let _1 := shl(224, 0x4e487b71)
+            let _2 := 0
+            mstore(_2, _1)
+            let _3 := 0x22
+            let _4 := 4
+            mstore(_4, _3)
+            let _5 := 0x24
+            let _6 := _2
+            revert(_2, _5)
+        }
+        function extract_byte_array_length(data) -> length
+        {
+            let _1 := 1
+            length := shr(_1, data)
+            let _2 := _1
+            let outOfPlaceEncoding := and(data, _1)
+            let _3 := iszero(outOfPlaceEncoding)
+            if _3
+            {
+                let _4 := 0x7f
+                length := and(length, _4)
+            }
+            let _5 := 32
+            let _6 := lt(length, _5)
+            let _7 := eq(outOfPlaceEncoding, _6)
+            if _7 { panic_error_0x22() }
+        }
+        function array_dataslot_string_storage(ptr) -> data
+        {
+            let _1 := 0
+            mstore(_1, ptr)
+            let _2 := 0x20
+            let _3 := _1
+            data := keccak256(_1, _2)
+        }
+        function update_byte_slice_dynamic32(value, shiftBytes, toInsert) -> result
+        {
+            let _1 := 3
+            let shiftBits := shl(_1, shiftBytes)
+            let _2 := not(0)
+            let mask := shl(shiftBits, _2)
+            toInsert := shl(shiftBits, toInsert)
+            let _3 := not(mask)
+            value := and(value, _3)
+            let _4 := and(toInsert, mask)
+            result := or(value, _4)
+        }
+        function update_storage_value_uint256_to_uint256(slot, offset, value)
+        {
+            let _1 := sload(slot)
+            let _2 := update_byte_slice_dynamic32(_1, offset, value)
+            sstore(slot, _2)
+        }
+        function storage_set_to_zero_uint256(slot, offset)
+        {
+            let _1 := 0
+            update_storage_value_uint256_to_uint256(slot, offset, _1)
+        }
+        function clear_storage_range_bytes1(start, end)
+        {
+            for { }
+            lt(start, end)
+            {
+                let _1 := 1
+                start := add(start, _1)
+            }
+            {
+                let _2 := 0
+                storage_set_to_zero_uint256(start, _2)
+            }
+        }
+        function clean_up_bytearray_end_slots_string_storage(array, len, startIndex)
+        {
+            let _1 := 31
+            let _2 := gt(len, _1)
+            if _2
+            {
+                let dataArea := array_dataslot_string_storage(array)
+                let _3 := _1
+                let _4 := add(startIndex, _1)
+                let _5 := shr(5, _4)
+                let deleteStart := add(dataArea, _5)
+                let _6 := 32
+                let _7 := lt(startIndex, _6)
+                if _7 { deleteStart := dataArea }
+                let _8 := _1
+                let _9 := add(len, _1)
+                let _10 := shr(5, _9)
+                let _11 := add(dataArea, _10)
+                clear_storage_range_bytes1(deleteStart, _11)
+            }
+        }
+        function extract_used_part_and_set_length_of_short_byte_array(data, len) -> used
+        {
+            let _1 := not(0)
+            let _2 := 3
+            let _3 := shl(_2, len)
+            let _4 := shr(_3, _1)
+            let _5 := not(_4)
+            data := and(data, _5)
+            let _6 := 1
+            let _7 := shl(_6, len)
+            used := or(data, _7)
+        }
+        function copy_byte_array_to_storage_from_string_to_string(slot, src)
+        {
+            let newLen := mload(src)
+            let _1 := sub(shl(64, 1), 1)
+            let _2 := gt(newLen, _1)
+            if _2 { panic_error_0x41() }
+            let _3 := sload(slot)
+            let _4 := extract_byte_array_length(_3)
+            clean_up_bytearray_end_slots_string_storage(slot, _4, newLen)
+            let srcOffset := 0
+            srcOffset := 0x20
+            let _5 := 31
+            let _6 := gt(newLen, _5)
+            switch _6
+            case 1 {
+                let _7 := not(31)
+                let loopEnd := and(newLen, _7)
+                let dstPtr := array_dataslot_string_storage(slot)
+                let i := 0
+                for { }
+                lt(i, loopEnd)
+                {
+                    let _8 := 0x20
+                    i := add(i, _8)
+                }
+                {
+                    let _9 := add(src, srcOffset)
+                    let _10 := mload(_9)
+                    sstore(dstPtr, _10)
+                    let _11 := 1
+                    dstPtr := add(dstPtr, _11)
+                    let _12 := 32
+                    srcOffset := add(srcOffset, _12)
+                }
+                let _13 := lt(loopEnd, newLen)
+                if _13
+                {
+                    let _14 := add(src, srcOffset)
+                    let lastValue := mload(_14)
+                    let _15 := not(0)
+                    let _16 := and(shl(3, newLen), 248)
+                    let _17 := shr(_16, _15)
+                    let _18 := not(_17)
+                    let _19 := and(lastValue, _18)
+                    sstore(dstPtr, _19)
+                }
+                let _20 := 1
+                let _21 := _20
+                let _22 := shl(_20, newLen)
+                let _23 := add(_22, _20)
+                sstore(slot, _23)
+            }
+            default {
+                let value := 0
+                if newLen
+                {
+                    let _24 := add(src, srcOffset)
+                    value := mload(_24)
+                }
+                let _25 := extract_used_part_and_set_length_of_short_byte_array(value, newLen)
+                sstore(slot, _25)
+            }
+        }
+        function update_storage_value_offsett_string_to_string(slot, value)
+        {
+            copy_byte_array_to_storage_from_string_to_string(slot, value)
+        }
+        /// @ast-id 66 @src 2:1601:1714  "constructor(string memory name_, string memory symbol_) {..."
+        function constructor_ERC20(var_name_mpos, var_symbol_mpos)
+        {
+            /// @src 2:1667:1680  "_name = name_"
+            let _1 := 0x03
+            update_storage_value_offsett_string_to_string(_1, /** @src 2:1675:1680  "name_" */ var_name_mpos)
+            /// @src 2:1690:1707  "_symbol = symbol_"
+            let _2 := 0x04
+            update_storage_value_offsett_string_to_string(_2, /** @src 2:1700:1707  "symbol_" */ var_symbol_mpos)
+        }
+    }
+    /// @use-src 1:"contracts/mocks/token/ERC20Shim.sol", 2:"contracts/token/ERC20/ERC20.sol", 5:"contracts/utils/Context.sol"
+    object "ERC20Shim_14_deployed" {
+        code {
+            {
+                /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                let _1 := memoryguard(0x80)
+                let _2 := 64
+                mstore(_2, _1)
+                let _3 := 4
+                let _4 := calldatasize()
+                let _5 := lt(_4, _3)
+                let _6 := iszero(_5)
+                if _6
+                {
+                    let _7 := 0
+                    let _8 := calldataload(_7)
+                    let _9 := 224
+                    let _10 := shr(_9, _8)
+                    switch _10
+                    case 0x06fdde03 { external_fun_name() }
+                    case 0x095ea7b3 { external_fun_approve() }
+                    case 0x18160ddd { external_fun_totalSupply() }
+                    case 0x23b872dd { external_fun_transferFrom() }
+                    case 0x313ce567 { external_fun_decimals() }
+                    case 0x70a08231 { external_fun_balanceOf() }
+                    case 0x95d89b41 { external_fun_symbol() }
+                    case 0xa9059cbb { external_fun_transfer() }
+                    case 0xdd62ed3e { external_fun_allowance() }
+                }
+                revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74()
+            }
+            function revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb()
+            {
+                let _1 := 0
+                let _2 := _1
+                revert(_1, _1)
+            }
+            function revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b()
+            {
+                let _1 := 0
+                let _2 := _1
+                revert(_1, _1)
+            }
+            function abi_decode(headStart, dataEnd)
+            {
+                let _1 := 0
+                let _2 := sub(dataEnd, headStart)
+                let _3 := slt(_2, _1)
+                if _3
+                {
+                    revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b()
+                }
+            }
+            function array_storeLengthForEncoding_string_fromStack(pos, length) -> updated_pos
+            {
+                mstore(pos, length)
+                let _1 := 0x20
+                updated_pos := add(pos, _1)
+            }
+            function copy_memory_to_memory_with_cleanup(src, dst, length)
+            {
+                let i := 0
+                for { }
+                lt(i, length)
+                {
+                    let _1 := 32
+                    i := add(i, _1)
+                }
+                {
+                    let _2 := add(src, i)
+                    let _3 := mload(_2)
+                    let _4 := add(dst, i)
+                    mstore(_4, _3)
+                }
+                let _5 := 0
+                let _6 := add(dst, length)
+                mstore(_6, _5)
+            }
+            function abi_encode_string_memory_ptr(value, pos) -> end
+            {
+                let length := mload(value)
+                pos := array_storeLengthForEncoding_string_fromStack(pos, length)
+                let _1 := 0x20
+                let _2 := add(value, _1)
+                copy_memory_to_memory_with_cleanup(_2, pos, length)
+                let _3 := not(31)
+                let _4 := 31
+                let _5 := add(length, _4)
+                let _6 := and(_5, _3)
+                end := add(pos, _6)
+            }
+            function abi_encode_string(headStart, value0) -> tail
+            {
+                let _1 := 32
+                tail := add(headStart, _1)
+                let _2 := _1
+                mstore(headStart, _1)
+                tail := abi_encode_string_memory_ptr(value0, tail)
+            }
+            function external_fun_name()
+            {
+                let _1 := callvalue()
+                if _1
+                {
+                    revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb()
+                }
+                let _2 := calldatasize()
+                let _3 := 4
+                abi_decode(_3, _2)
+                let ret := fun_name()
+                let _4 := 64
+                let memPos := mload(_4)
+                let _5 := abi_encode_string(memPos, ret)
+                let _6 := sub(_5, memPos)
+                return(memPos, _6)
+            }
+            function validator_revert_address(value)
+            {
+                let _1 := sub(shl(160, 1), 1)
+                let _2 := and(value, _1)
+                let _3 := eq(value, _2)
+                let _4 := iszero(_3)
+                if _4
+                {
+                    let _5 := 0
+                    let _6 := _5
+                    revert(_5, _5)
+                }
+            }
+            function abi_decode_address(offset, end) -> value
+            {
+                value := calldataload(offset)
+                validator_revert_address(value)
+            }
+            function validator_revert_uint256(value)
+            {
+                let _1 := 0
+                if _1
+                {
+                    let _2 := _1
+                    let _3 := _1
+                    revert(_1, _1)
+                }
+            }
+            function abi_decode_uint256(offset, end) -> value
+            {
+                value := calldataload(offset)
+                validator_revert_uint256(value)
+            }
+            function abi_decode_addresst_uint256(headStart, dataEnd) -> value0, value1
+            {
+                let _1 := 64
+                let _2 := sub(dataEnd, headStart)
+                let _3 := slt(_2, _1)
+                if _3
+                {
+                    revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b()
+                }
+                value0 := abi_decode_address(headStart, dataEnd)
+                let _4 := 32
+                let _5 := add(headStart, _4)
+                value1 := abi_decode_uint256(_5, dataEnd)
+            }
+            function abi_encode_bool_to_bool(value, pos)
+            {
+                let _1 := iszero(value)
+                let _2 := iszero(_1)
+                mstore(pos, _2)
+            }
+            function abi_encode_bool(headStart, value0) -> tail
+            {
+                let _1 := 32
+                tail := add(headStart, _1)
+                abi_encode_bool_to_bool(value0, headStart)
+            }
+            function external_fun_approve()
+            {
+                let _1 := callvalue()
+                if _1
+                {
+                    revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb()
+                }
+                let _2 := calldatasize()
+                let _3 := 4
+                let param, param_1 := abi_decode_addresst_uint256(_3, _2)
+                let ret := fun_approve(param, param_1)
+                let _4 := 64
+                let memPos := mload(_4)
+                let _5 := abi_encode_bool(memPos, ret)
+                let _6 := sub(_5, memPos)
+                return(memPos, _6)
+            }
+            function abi_encode_uint256_to_uint256(value, pos)
+            { mstore(pos, value) }
+            function abi_encode_uint256(headStart, value0) -> tail
+            {
+                let _1 := 32
+                tail := add(headStart, _1)
+                abi_encode_uint256_to_uint256(value0, headStart)
+            }
+            function external_fun_totalSupply()
+            {
+                let _1 := callvalue()
+                if _1
+                {
+                    revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb()
+                }
+                let _2 := calldatasize()
+                let _3 := 4
+                abi_decode(_3, _2)
+                let ret := fun_totalSupply()
+                let _4 := 64
+                let memPos := mload(_4)
+                let _5 := abi_encode_uint256(memPos, ret)
+                let _6 := sub(_5, memPos)
+                return(memPos, _6)
+            }
+            function abi_decode_addresst_addresst_uint256(headStart, dataEnd) -> value0, value1, value2
+            {
+                let _1 := 96
+                let _2 := sub(dataEnd, headStart)
+                let _3 := slt(_2, _1)
+                if _3
+                {
+                    revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b()
+                }
+                value0 := abi_decode_address(headStart, dataEnd)
+                let _4 := 32
+                let _5 := add(headStart, _4)
+                value1 := abi_decode_address(_5, dataEnd)
+                let _6 := 64
+                let _7 := add(headStart, _6)
+                value2 := abi_decode_uint256(_7, dataEnd)
+            }
+            function external_fun_transferFrom()
+            {
+                let _1 := callvalue()
+                if _1
+                {
+                    revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb()
+                }
+                let _2 := calldatasize()
+                let _3 := 4
+                let param, param_1, param_2 := abi_decode_addresst_addresst_uint256(_3, _2)
+                let ret := fun_transferFrom(param, param_1, param_2)
+                let _4 := 64
+                let memPos := mload(_4)
+                let _5 := abi_encode_bool(memPos, ret)
+                let _6 := sub(_5, memPos)
+                return(memPos, _6)
+            }
+            function abi_encode_uint8_to_uint8(value, pos)
+            {
+                let _1 := 0xff
+                let _2 := and(value, _1)
+                mstore(pos, _2)
+            }
+            function abi_encode_uint8(headStart, value0) -> tail
+            {
+                let _1 := 32
+                tail := add(headStart, _1)
+                abi_encode_uint8_to_uint8(value0, headStart)
+            }
+            function external_fun_decimals()
+            {
+                let _1 := callvalue()
+                if _1
+                {
+                    revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb()
+                }
+                let _2 := calldatasize()
+                let _3 := 4
+                abi_decode(_3, _2)
+                let ret := fun_decimals()
+                let _4 := 64
+                let memPos := mload(_4)
+                let _5 := abi_encode_uint8(memPos, ret)
+                let _6 := sub(_5, memPos)
+                return(memPos, _6)
+            }
+            function abi_decode_tuple_address(headStart, dataEnd) -> value0
+            {
+                let _1 := 32
+                let _2 := sub(dataEnd, headStart)
+                let _3 := slt(_2, _1)
+                if _3
+                {
+                    revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b()
+                }
+                value0 := abi_decode_address(headStart, dataEnd)
+            }
+            function external_fun_balanceOf()
+            {
+                let _1 := callvalue()
+                if _1
+                {
+                    revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb()
+                }
+                let _2 := calldatasize()
+                let _3 := 4
+                let _4 := abi_decode_tuple_address(_3, _2)
+                let ret := fun_balanceOf(_4)
+                let _5 := 64
+                let memPos := mload(_5)
+                let _6 := abi_encode_uint256(memPos, ret)
+                let _7 := sub(_6, memPos)
+                return(memPos, _7)
+            }
+            function external_fun_symbol()
+            {
+                let _1 := callvalue()
+                if _1
+                {
+                    revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb()
+                }
+                let _2 := calldatasize()
+                let _3 := 4
+                abi_decode(_3, _2)
+                let ret := fun_symbol()
+                let _4 := 64
+                let memPos := mload(_4)
+                let _5 := abi_encode_string(memPos, ret)
+                let _6 := sub(_5, memPos)
+                return(memPos, _6)
+            }
+            function external_fun_transfer()
+            {
+                let _1 := callvalue()
+                if _1
+                {
+                    revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb()
+                }
+                let _2 := calldatasize()
+                let _3 := 4
+                let param, param_1 := abi_decode_addresst_uint256(_3, _2)
+                let ret := fun_transfer(param, param_1)
+                let _4 := 64
+                let memPos := mload(_4)
+                let _5 := abi_encode_bool(memPos, ret)
+                let _6 := sub(_5, memPos)
+                return(memPos, _6)
+            }
+            function abi_decode_addresst_address(headStart, dataEnd) -> value0, value1
+            {
+                let _1 := 64
+                let _2 := sub(dataEnd, headStart)
+                let _3 := slt(_2, _1)
+                if _3
+                {
+                    revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b()
+                }
+                value0 := abi_decode_address(headStart, dataEnd)
+                let _4 := 32
+                let _5 := add(headStart, _4)
+                value1 := abi_decode_address(_5, dataEnd)
+            }
+            function external_fun_allowance()
+            {
+                let _1 := callvalue()
+                if _1
+                {
+                    revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb()
+                }
+                let _2 := calldatasize()
+                let _3 := 4
+                let param, param_1 := abi_decode_addresst_address(_3, _2)
+                let ret := fun_allowance(param, param_1)
+                let _4 := 64
+                let memPos := mload(_4)
+                let _5 := abi_encode_uint256(memPos, ret)
+                let _6 := sub(_5, memPos)
+                return(memPos, _6)
+            }
+            function revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74()
+            {
+                let _1 := 0
+                let _2 := _1
+                revert(_1, _1)
+            }
+            function panic_error_0x22()
+            {
+                let _1 := shl(224, 0x4e487b71)
+                let _2 := 0
+                mstore(_2, _1)
+                let _3 := 0x22
+                let _4 := 4
+                mstore(_4, _3)
+                let _5 := 0x24
+                let _6 := _2
+                revert(_2, _5)
+            }
+            function extract_byte_array_length(data) -> length
+            {
+                let _1 := 1
+                length := shr(_1, data)
+                let _2 := _1
+                let outOfPlaceEncoding := and(data, _1)
+                let _3 := iszero(outOfPlaceEncoding)
+                if _3
+                {
+                    let _4 := 0x7f
+                    length := and(length, _4)
+                }
+                let _5 := 32
+                let _6 := lt(length, _5)
+                let _7 := eq(outOfPlaceEncoding, _6)
+                if _7 { panic_error_0x22() }
+            }
+            function array_storeLengthForEncoding_string(pos, length) -> updated_pos
+            {
+                mstore(pos, length)
+                let _1 := 0x20
+                updated_pos := add(pos, _1)
+            }
+            function array_dataslot_string_storage(ptr) -> data
+            {
+                let _1 := 0
+                mstore(_1, ptr)
+                let _2 := 0x20
+                let _3 := _1
+                data := keccak256(_1, _2)
+            }
+            function abi_encode_string_storage(value, pos) -> ret
+            {
+                let slotValue := sload(value)
+                let length := extract_byte_array_length(slotValue)
+                pos := array_storeLengthForEncoding_string(pos, length)
+                let _1 := 1
+                let _2 := and(slotValue, _1)
+                switch _2
+                case 0 {
+                    let _3 := not(255)
+                    let _4 := and(slotValue, _3)
+                    mstore(pos, _4)
+                    let _5 := iszero(length)
+                    let _6 := iszero(_5)
+                    let _7 := shl(5, _6)
+                    ret := add(pos, _7)
+                }
+                case 1 {
+                    let dataPos := array_dataslot_string_storage(value)
+                    let i := 0
+                    for { }
+                    lt(i, length)
+                    {
+                        let _8 := 0x20
+                        i := add(i, _8)
+                    }
+                    {
+                        let _9 := sload(dataPos)
+                        let _10 := add(pos, i)
+                        mstore(_10, _9)
+                        let _11 := _1
+                        dataPos := add(dataPos, _1)
+                    }
+                    ret := add(pos, i)
+                }
+            }
+            function panic_error_0x41()
+            {
+                let _1 := shl(224, 0x4e487b71)
+                let _2 := 0
+                mstore(_2, _1)
+                let _3 := 0x41
+                let _4 := 4
+                mstore(_4, _3)
+                let _5 := 0x24
+                let _6 := _2
+                revert(_2, _5)
+            }
+            function finalize_allocation(memPtr, size)
+            {
+                let _1 := not(31)
+                let _2 := 31
+                let _3 := add(size, _2)
+                let _4 := and(_3, _1)
+                let newFreePtr := add(memPtr, _4)
+                let _5 := lt(newFreePtr, memPtr)
+                let _6 := 0xffffffffffffffff
+                let _7 := gt(newFreePtr, _6)
+                let _8 := or(_7, _5)
+                if _8 { panic_error_0x41() }
+                let _9 := 64
+                mstore(_9, newFreePtr)
+            }
+            function copy_array_from_storage_to_memory_string(slot) -> memPtr
+            {
+                let _1 := 64
+                memPtr := mload(_1)
+                let _2 := abi_encode_string_storage(slot, memPtr)
+                let _3 := sub(_2, memPtr)
+                finalize_allocation(memPtr, _3)
+            }
+            /// @ast-id 75 @src 2:1779:1868  "function name() public view virtual returns (string memory) {..."
+            function fun_name() -> var__mpos
+            {
+                /// @src 2:1856:1861  "_name"
+                let _1 := 0x03
+                /// @src 2:1849:1861  "return _name"
+                var__mpos := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ copy_array_from_storage_to_memory_string(/** @src 2:1856:1861  "_name" */ _1)
+            }
+            /// @ast-id 84 @src 2:1981:2074  "function symbol() public view virtual returns (string memory) {..."
+            function fun_symbol() -> var_mpos
+            {
+                /// @src 2:2060:2067  "_symbol"
+                let _1 := 0x04
+                /// @src 2:2053:2067  "return _symbol"
+                var_mpos := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ copy_array_from_storage_to_memory_string(/** @src 2:2060:2067  "_symbol" */ _1)
+            }
+            /// @ast-id 93 @src 2:2707:2789  "function decimals() public view virtual returns (uint8) {..."
+            function fun_decimals() -> var
+            {
+                /// @src 2:2773:2782  "return 18"
+                var := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ 18
+            }
+            /// @ast-id 102 @src 2:2849:2946  "function totalSupply() public view virtual returns (uint256) {..."
+            function fun_totalSupply() -> var_
+            {
+                /// @src 2:2927:2939  "_totalSupply"
+                let _1 := 0x02
+                /// @src 2:2920:2939  "return _totalSupply"
+                var_ := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ sload(/** @src 2:2927:2939  "_totalSupply" */ _1)
+            }
+            /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+            function mapping_index_access_mapping_address_uint256_of_address(slot, key) -> dataSlot
+            {
+                let _1 := and(key, sub(shl(160, 1), 1))
+                let _2 := 0
+                mstore(_2, _1)
+                let _3 := 0x20
+                mstore(_3, slot)
+                let _4 := 0x40
+                let _5 := _2
+                dataSlot := keccak256(_2, _4)
+            }
+            /// @ast-id 115 @src 2:3004:3120  "function balanceOf(address account) public view virtual returns (uint256) {..."
+            function fun_balanceOf(var_account) -> var
+            {
+                /// @src 2:3095:3104  "_balances"
+                let _1 := 0x00
+                /// @src 2:3095:3113  "_balances[account]"
+                let _2 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:3095:3104  "_balances" */ _1, /** @src 2:3105:3112  "account" */ var_account)
+                /// @src 2:3088:3113  "return _balances[account]"
+                var := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ sload(/** @src 2:3095:3113  "_balances[account]" */ _2)
+            }
+            /// @ast-id 139 @src 2:3315:3493  "function transfer(address to, uint256 value) public virtual returns (bool) {..."
+            function fun_transfer(var_to, var_value) -> var
+            {
+                /// @src 2:3416:3428  "_msgSender()"
+                let _1 := fun_msgSender()
+                /// @src 2:3459:3464  "value"
+                fun__transfer(/** @src 2:3416:3428  "_msgSender()" */ _1, /** @src 2:3455:3457  "to" */ var_to, /** @src 2:3459:3464  "value" */ var_value)
+                /// @src 2:3475:3486  "return true"
+                var := /** @src 2:3482:3486  "true" */ 0x01
+            }
+            /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+            function mapping_index_access_mapping_address_mapping_address_uint256_of_address(slot, key) -> dataSlot
+            {
+                let _1 := and(key, sub(shl(160, 1), 1))
+                let _2 := 0
+                mstore(_2, _1)
+                let _3 := 0x20
+                mstore(_3, slot)
+                let _4 := 0x40
+                let _5 := _2
+                dataSlot := keccak256(_2, _4)
+            }
+            /// @ast-id 156 @src 2:3551:3691  "function allowance(address owner, address spender) public view virtual returns (uint256) {..."
+            function fun_allowance(var_owner, var_spender) -> var
+            {
+                /// @src 2:3657:3668  "_allowances"
+                let _1 := 0x01
+                /// @src 2:3657:3675  "_allowances[owner]"
+                let _2 := mapping_index_access_mapping_address_mapping_address_uint256_of_address(/** @src 2:3657:3668  "_allowances" */ _1, /** @src 2:3669:3674  "owner" */ var_owner)
+                /// @src 2:3657:3684  "_allowances[owner][spender]"
+                let _3 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:3657:3675  "_allowances[owner]" */ _2, /** @src 2:3676:3683  "spender" */ var_spender)
+                /// @src 2:3650:3684  "return _allowances[owner][spender]"
+                var := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ sload(/** @src 2:3657:3684  "_allowances[owner][spender]" */ _3)
+            }
+            /// @ast-id 180 @src 2:3998:4184  "function approve(address spender, uint256 value) public virtual returns (bool) {..."
+            function fun_approve(var_spender, var_value) -> var
+            {
+                /// @src 2:4103:4115  "_msgSender()"
+                let _1 := fun_msgSender()
+                /// @src 2:4150:4155  "value"
+                fun_approve_420(/** @src 2:4103:4115  "_msgSender()" */ _1, /** @src 2:4141:4148  "spender" */ var_spender, /** @src 2:4150:4155  "value" */ var_value)
+                /// @src 2:4166:4177  "return true"
+                var := /** @src 2:4173:4177  "true" */ 0x01
+            }
+            /// @ast-id 212 @src 2:4776:5020  "function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {..."
+            function fun_transferFrom(var_from, var_to, var_value) -> var
+            {
+                /// @src 2:4897:4909  "_msgSender()"
+                let _1 := fun_msgSender()
+                /// @src 2:4950:4955  "value"
+                fun_spendAllowance(/** @src 2:4935:4939  "from" */ var_from, /** @src 2:4897:4909  "_msgSender()" */ _1, /** @src 2:4950:4955  "value" */ var_value)
+                /// @src 2:4986:4991  "value"
+                fun__transfer(/** @src 2:4976:4980  "from" */ var_from, /** @src 2:4982:4984  "to" */ var_to, /** @src 2:4986:4991  "value" */ var_value)
+                /// @src 2:5002:5013  "return true"
+                var := /** @src 2:5009:5013  "true" */ 0x01
+            }
+            /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+            function abi_encode_address(value, pos)
+            {
+                let _1 := sub(shl(160, 1), 1)
+                let _2 := and(value, _1)
+                mstore(pos, _2)
+            }
+            function abi_encode_tuple_address(headStart, value0) -> tail
+            {
+                let _1 := 32
+                tail := add(headStart, _1)
+                abi_encode_address(value0, headStart)
+            }
+            /// @ast-id 259 @src 2:5393:5693  "function _transfer(address from, address to, uint256 value) internal {..."
+            function fun__transfer(var_from, var_to, var_value)
+            {
+                /// @src 2:5476:5480  "from"
+                let expr := var_from
+                /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                let _1 := sub(shl(160, 1), 1)
+                let _2 := and(/** @src 2:5476:5494  "from == address(0)" */ var_from, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _1)
+                /// @src 2:5476:5494  "from == address(0)"
+                let _3 := iszero(/** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _2)
+                /// @src 2:5472:5558  "if (from == address(0)) {..."
+                if /** @src 2:5476:5494  "from == address(0)" */ _3
+                /// @src 2:5472:5558  "if (from == address(0)) {..."
+                {
+                    /// @src 2:5536:5546  "address(0)"
+                    let expr_1 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ 0
+                    let _4 := 64
+                    /// @src 2:5517:5547  "ERC20InvalidSender(address(0))"
+                    let _5 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_4)
+                    /// @src 2:5517:5547  "ERC20InvalidSender(address(0))"
+                    let _6 := shl(225, 0x4b637e8f)
+                    mstore(_5, _6)
+                    let _7 := 4
+                    let _8 := add(_5, _7)
+                    let _9 := abi_encode_tuple_address(_8, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ expr_1)
+                    /// @src 2:5517:5547  "ERC20InvalidSender(address(0))"
+                    let _10 := sub(_9, _5)
+                    revert(_5, _10)
+                }
+                /// @src 2:5571:5573  "to"
+                let expr_2 := var_to
+                /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                let _11 := _1
+                let _12 := and(/** @src 2:5571:5587  "to == address(0)" */ var_to, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _1)
+                /// @src 2:5571:5587  "to == address(0)"
+                let _13 := iszero(/** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _12)
+                /// @src 2:5567:5653  "if (to == address(0)) {..."
+                if /** @src 2:5571:5587  "to == address(0)" */ _13
+                /// @src 2:5567:5653  "if (to == address(0)) {..."
+                {
+                    /// @src 2:5631:5641  "address(0)"
+                    let expr_3 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ 0
+                    let _14 := 64
+                    /// @src 2:5610:5642  "ERC20InvalidReceiver(address(0))"
+                    let _15 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_14)
+                    /// @src 2:5610:5642  "ERC20InvalidReceiver(address(0))"
+                    let _16 := shl(224, 0xec442f05)
+                    mstore(_15, _16)
+                    let _17 := 4
+                    let _18 := add(_15, _17)
+                    let _19 := abi_encode_tuple_address(_18, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ expr_3)
+                    /// @src 2:5610:5642  "ERC20InvalidReceiver(address(0))"
+                    let _20 := sub(_19, _15)
+                    revert(_15, _20)
+                }
+                /// @src 2:5680:5685  "value"
+                fun_update(/** @src 2:5670:5674  "from" */ var_from, /** @src 2:5676:5678  "to" */ var_to, /** @src 2:5680:5685  "value" */ var_value)
+            }
+            /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+            function abi_encode_address_uint256_uint256(headStart, value0, value1, value2) -> tail
+            {
+                let _1 := 96
+                tail := add(headStart, _1)
+                abi_encode_address(value0, headStart)
+                let _2 := 32
+                let _3 := add(headStart, _2)
+                abi_encode_uint256_to_uint256(value1, _3)
+                let _4 := 64
+                let _5 := add(headStart, _4)
+                abi_encode_uint256_to_uint256(value2, _5)
+            }
+            function update_byte_slice_shift(value, toInsert) -> result
+            {
+                toInsert := toInsert
+                result := toInsert
+            }
+            function update_storage_value_offsett_uint256_to_uint256(slot, value)
+            {
+                let _1 := sload(slot)
+                let _2 := update_byte_slice_shift(_1, value)
+                sstore(slot, _2)
+            }
+            function panic_error_0x11()
+            {
+                let _1 := shl(224, 0x4e487b71)
+                let _2 := 0
+                mstore(_2, _1)
+                let _3 := 0x11
+                let _4 := 4
+                mstore(_4, _3)
+                let _5 := 0x24
+                let _6 := _2
+                revert(_2, _5)
+            }
+            function checked_add_uint256(x, y) -> sum
+            {
+                x := x
+                y := y
+                sum := add(x, y)
+                let _1 := gt(x, sum)
+                if _1 { panic_error_0x11() }
+            }
+            /// @ast-id 336 @src 2:6008:7115  "function _update(address from, address to, uint256 value) internal virtual {..."
+            function fun_update(var_from, var_to, var_value)
+            {
+                /// @src 2:6097:6101  "from"
+                let expr := var_from
+                /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                let _1 := sub(shl(160, 1), 1)
+                let _2 := and(/** @src 2:6097:6115  "from == address(0)" */ var_from, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _1)
+                /// @src 2:6097:6115  "from == address(0)"
+                let _3 := iszero(/** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _2)
+                /// @src 2:6093:6633  "if (from == address(0)) {..."
+                switch /** @src 2:6097:6115  "from == address(0)" */ _3
+                case /** @src 2:6093:6633  "if (from == address(0)) {..." */ 0 {
+                    /// @src 2:6307:6316  "_balances"
+                    let _4 := 0x00
+                    /// @src 2:6307:6322  "_balances[from]"
+                    let _5 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:6307:6316  "_balances" */ _4, /** @src 2:6317:6321  "from" */ var_from)
+                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                    let _6 := sload(/** @src 2:6307:6322  "_balances[from]" */ _5)
+                    /// @src 2:6285:6322  "uint256 fromBalance = _balances[from]"
+                    let var_fromBalance := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _6
+                    /// @src 2:6340:6359  "fromBalance < value"
+                    let _7 := lt(/** @src 2:6340:6351  "fromBalance" */ _6, /** @src 2:6354:6359  "value" */ var_value)
+                    /// @src 2:6336:6451  "if (fromBalance < value) {..."
+                    if /** @src 2:6340:6359  "fromBalance < value" */ _7
+                    /// @src 2:6336:6451  "if (fromBalance < value) {..."
+                    {
+                        /// @src 2:6411:6415  "from"
+                        let expr_1 := var_from
+                        /// @src 2:6417:6428  "fromBalance"
+                        let expr_2 := _6
+                        /// @src 2:6430:6435  "value"
+                        let expr_3 := var_value
+                        /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                        let _8 := 64
+                        /// @src 2:6386:6436  "ERC20InsufficientBalance(from, fromBalance, value)"
+                        let _9 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_8)
+                        /// @src 2:6386:6436  "ERC20InsufficientBalance(from, fromBalance, value)"
+                        let _10 := shl(226, 0x391434e3)
+                        mstore(_9, _10)
+                        let _11 := 4
+                        let _12 := add(_9, _11)
+                        let _13 := abi_encode_address_uint256_uint256(_12, var_from, _6, var_value)
+                        let _14 := sub(_13, _9)
+                        revert(_9, _14)
+                    }
+                    /// @src 2:6589:6608  "fromBalance - value"
+                    let expr_4 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ sub(/** @src 2:6589:6600  "fromBalance" */ _6, /** @src 2:6603:6608  "value" */ var_value)
+                    /// @src 2:6571:6580  "_balances"
+                    let _15 := _4
+                    /// @src 2:6571:6586  "_balances[from]"
+                    let _16 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:6571:6580  "_balances" */ _4, /** @src 2:6581:6585  "from" */ var_from)
+                    /// @src 2:6571:6608  "_balances[from] = fromBalance - value"
+                    update_storage_value_offsett_uint256_to_uint256(/** @src 2:6571:6586  "_balances[from]" */ _16, /** @src 2:6571:6608  "_balances[from] = fromBalance - value" */ expr_4)
+                }
+                default /// @src 2:6093:6633  "if (from == address(0)) {..."
+                {
+                    /// @src 2:6233:6254  "_totalSupply += value"
+                    let _17 := 0x02
+                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                    let _18 := sload(/** @src 2:6233:6254  "_totalSupply += value" */ _17)
+                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                    let _19 := _18
+                    /// @src 2:6233:6254  "_totalSupply += value"
+                    let _20 := checked_add_uint256(/** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _18, /** @src 2:6249:6254  "value" */ var_value)
+                    /// @src 2:6233:6254  "_totalSupply += value"
+                    let _21 := _17
+                    update_storage_value_offsett_uint256_to_uint256(_17, _20)
+                }
+                /// @src 2:6647:6649  "to"
+                let expr_5 := var_to
+                /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                let _22 := _1
+                let _23 := and(/** @src 2:6647:6663  "to == address(0)" */ var_to, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _1)
+                /// @src 2:6647:6663  "to == address(0)"
+                let _24 := iszero(/** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _23)
+                /// @src 2:6643:7068  "if (to == address(0)) {..."
+                switch /** @src 2:6647:6663  "to == address(0)" */ _24
+                case /** @src 2:6643:7068  "if (to == address(0)) {..." */ 0 {
+                    /// @src 2:7038:7043  "value"
+                    let expr_6 := var_value
+                    /// @src 2:7021:7030  "_balances"
+                    let _25 := 0x00
+                    /// @src 2:7021:7034  "_balances[to]"
+                    let _26 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:7021:7030  "_balances" */ _25, /** @src 2:7031:7033  "to" */ var_to)
+                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                    let _27 := sload(/** @src 2:7021:7043  "_balances[to] += value" */ _26)
+                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                    let _28 := _27
+                    let _29 := add(_27, /** @src 2:7021:7043  "_balances[to] += value" */ var_value)
+                    update_storage_value_offsett_uint256_to_uint256(_26, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _29)
+                }
+                default /// @src 2:6643:7068  "if (to == address(0)) {..."
+                {
+                    /// @src 2:6810:6831  "_totalSupply -= value"
+                    let _30 := 0x02
+                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                    let _31 := sload(/** @src 2:6810:6831  "_totalSupply -= value" */ _30)
+                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                    let _32 := _31
+                    let _33 := sub(_31, /** @src 2:6826:6831  "value" */ var_value)
+                    /// @src 2:6810:6831  "_totalSupply -= value"
+                    let _34 := _30
+                    update_storage_value_offsett_uint256_to_uint256(_30, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _33)
+                }
+                /// @src 2:7092:7096  "from"
+                let expr_7 := var_from
+                /// @src 2:7098:7100  "to"
+                let expr_8 := var_to
+                /// @src 2:7102:7107  "value"
+                let expr_9 := var_value
+                /// @src 2:7083:7108  "Transfer(from, to, value)"
+                let _35 := 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
+                let _36 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _2
+                /// @src 2:7083:7108  "Transfer(from, to, value)"
+                let _37 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _23
+                let _38 := 64
+                /// @src 2:7083:7108  "Transfer(from, to, value)"
+                let _39 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_38)
+                /// @src 2:7083:7108  "Transfer(from, to, value)"
+                let _40 := abi_encode_uint256(_39, var_value)
+                let _41 := sub(_40, _39)
+                log3(_39, _41, _35, _2, _23)
+            }
+            /// @ast-id 420 @src 2:8726:8854  "function _approve(address owner, address spender, uint256 value) internal {..."
+            function fun_approve_420(var_owner, var_spender, var_value)
+            {
+                /// @src 2:8819:8824  "owner"
+                let expr := var_owner
+                /// @src 2:8842:8846  "true"
+                let _1 := 0x01
+                fun__approve(var_owner, /** @src 2:8826:8833  "spender" */ var_spender, /** @src 2:8835:8840  "value" */ var_value, /** @src 2:8842:8846  "true" */ _1)
+            }
+            /// @ast-id 480 @src 2:9701:10133  "function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {..."
+            function fun__approve(var_owner, var_spender, var_value, var_emitEvent)
+            {
+                /// @src 2:9813:9818  "owner"
+                let expr := var_owner
+                /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                let _1 := sub(shl(160, 1), 1)
+                let _2 := and(/** @src 2:9813:9832  "owner == address(0)" */ var_owner, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _1)
+                /// @src 2:9813:9832  "owner == address(0)"
+                let _3 := iszero(/** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _2)
+                /// @src 2:9809:9898  "if (owner == address(0)) {..."
+                if /** @src 2:9813:9832  "owner == address(0)" */ _3
+                /// @src 2:9809:9898  "if (owner == address(0)) {..."
+                {
+                    /// @src 2:9876:9886  "address(0)"
+                    let expr_1 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ 0
+                    let _4 := 64
+                    /// @src 2:9855:9887  "ERC20InvalidApprover(address(0))"
+                    let _5 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_4)
+                    /// @src 2:9855:9887  "ERC20InvalidApprover(address(0))"
+                    let _6 := shl(224, 0xe602df05)
+                    mstore(_5, _6)
+                    let _7 := 4
+                    let _8 := add(_5, _7)
+                    let _9 := abi_encode_tuple_address(_8, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ expr_1)
+                    /// @src 2:9855:9887  "ERC20InvalidApprover(address(0))"
+                    let _10 := sub(_9, _5)
+                    revert(_5, _10)
+                }
+                /// @src 2:9911:9918  "spender"
+                let expr_2 := var_spender
+                /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                let _11 := _1
+                let _12 := and(/** @src 2:9911:9932  "spender == address(0)" */ var_spender, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _1)
+                /// @src 2:9911:9932  "spender == address(0)"
+                let _13 := iszero(/** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _12)
+                /// @src 2:9907:9997  "if (spender == address(0)) {..."
+                if /** @src 2:9911:9932  "spender == address(0)" */ _13
+                /// @src 2:9907:9997  "if (spender == address(0)) {..."
+                {
+                    /// @src 2:9975:9985  "address(0)"
+                    let expr_3 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ 0
+                    let _14 := 64
+                    /// @src 2:9955:9986  "ERC20InvalidSpender(address(0))"
+                    let _15 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_14)
+                    /// @src 2:9955:9986  "ERC20InvalidSpender(address(0))"
+                    let _16 := shl(225, 0x4a1406b1)
+                    mstore(_15, _16)
+                    let _17 := 4
+                    let _18 := add(_15, _17)
+                    let _19 := abi_encode_tuple_address(_18, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ expr_3)
+                    /// @src 2:9955:9986  "ERC20InvalidSpender(address(0))"
+                    let _20 := sub(_19, _15)
+                    revert(_15, _20)
+                }
+                /// @src 2:10036:10041  "value"
+                let expr_4 := var_value
+                /// @src 2:10006:10017  "_allowances"
+                let _21 := 0x01
+                /// @src 2:10006:10024  "_allowances[owner]"
+                let _22 := mapping_index_access_mapping_address_mapping_address_uint256_of_address(/** @src 2:10006:10017  "_allowances" */ _21, /** @src 2:10018:10023  "owner" */ var_owner)
+                /// @src 2:10006:10033  "_allowances[owner][spender]"
+                let _23 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:10006:10024  "_allowances[owner]" */ _22, /** @src 2:10025:10032  "spender" */ var_spender)
+                /// @src 2:10006:10041  "_allowances[owner][spender] = value"
+                update_storage_value_offsett_uint256_to_uint256(/** @src 2:10006:10033  "_allowances[owner][spender]" */ _23, /** @src 2:10006:10041  "_allowances[owner][spender] = value" */ var_value)
+                /// @src 2:10051:10127  "if (emitEvent) {..."
+                if /** @src 2:10055:10064  "emitEvent" */ var_emitEvent
+                /// @src 2:10051:10127  "if (emitEvent) {..."
+                {
+                    /// @src 2:10094:10099  "owner"
+                    let expr_5 := var_owner
+                    /// @src 2:10101:10108  "spender"
+                    let expr_6 := var_spender
+                    /// @src 2:10110:10115  "value"
+                    let expr_7 := var_value
+                    /// @src 2:10085:10116  "Approval(owner, spender, value)"
+                    let _24 := 0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925
+                    let _25 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _2
+                    /// @src 2:10085:10116  "Approval(owner, spender, value)"
+                    let _26 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _12
+                    let _27 := 64
+                    /// @src 2:10085:10116  "Approval(owner, spender, value)"
+                    let _28 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_27)
+                    /// @src 2:10085:10116  "Approval(owner, spender, value)"
+                    let _29 := abi_encode_uint256(_28, var_value)
+                    let _30 := sub(_29, _28)
+                    log3(_28, _30, _24, _2, _12)
+                }
+            }
+            /// @ast-id 528 @src 2:10415:10891  "function _spendAllowance(address owner, address spender, uint256 value) internal virtual {..."
+            function fun_spendAllowance(var_owner, var_spender, var_value)
+            {
+                /// @src 2:10514:10566  "uint256 currentAllowance = allowance(owner, spender)"
+                let var_currentAllowance := /** @src 2:10541:10566  "allowance(owner, spender)" */ fun_allowance(/** @src 2:10551:10556  "owner" */ var_owner, /** @src 2:10558:10565  "spender" */ var_spender)
+                /// @src 2:10599:10616  "type(uint256).max"
+                let _1 := not(0)
+                /// @src 2:10580:10616  "currentAllowance < type(uint256).max"
+                let _2 := lt(/** @src 2:10580:10596  "currentAllowance" */ var_currentAllowance, /** @src 2:10599:10616  "type(uint256).max" */ _1)
+                /// @src 2:10576:10885  "if (currentAllowance < type(uint256).max) {..."
+                if /** @src 2:10580:10616  "currentAllowance < type(uint256).max" */ _2
+                /// @src 2:10576:10885  "if (currentAllowance < type(uint256).max) {..."
+                {
+                    /// @src 2:10636:10660  "currentAllowance < value"
+                    let _3 := lt(/** @src 2:10636:10652  "currentAllowance" */ var_currentAllowance, /** @src 2:10655:10660  "value" */ var_value)
+                    /// @src 2:10632:10762  "if (currentAllowance < value) {..."
+                    if /** @src 2:10636:10660  "currentAllowance < value" */ _3
+                    /// @src 2:10632:10762  "if (currentAllowance < value) {..."
+                    {
+                        /// @src 2:10714:10721  "spender"
+                        let expr := var_spender
+                        /// @src 2:10723:10739  "currentAllowance"
+                        let expr_1 := var_currentAllowance
+                        /// @src 2:10741:10746  "value"
+                        let expr_2 := var_value
+                        /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                        let _4 := 64
+                        /// @src 2:10687:10747  "ERC20InsufficientAllowance(spender, currentAllowance, value)"
+                        let _5 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_4)
+                        /// @src 2:10687:10747  "ERC20InsufficientAllowance(spender, currentAllowance, value)"
+                        let _6 := shl(225, 0x7dc7a0d9)
+                        mstore(_5, _6)
+                        let _7 := 4
+                        let _8 := add(_5, _7)
+                        let _9 := abi_encode_address_uint256_uint256(_8, var_spender, var_currentAllowance, var_value)
+                        let _10 := sub(_9, _5)
+                        revert(_5, _10)
+                    }
+                    /// @src 2:10812:10817  "owner"
+                    let expr_3 := var_owner
+                    /// @src 2:10819:10826  "spender"
+                    let expr_4 := var_spender
+                    /// @src 2:10854:10859  "false"
+                    let _11 := 0x00
+                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                    let _12 := sub(/** @src 2:10828:10844  "currentAllowance" */ var_currentAllowance, /** @src 2:10847:10852  "value" */ var_value)
+                    /// @src 2:10854:10859  "false"
+                    fun__approve(var_owner, var_spender, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _12, /** @src 2:10854:10859  "false" */ _11)
+                }
+            }
+            /// @ast-id 782 @src 5:656:752  "function _msgSender() internal view virtual returns (address) {..."
+            function fun_msgSender() -> var
+            {
+                /// @src 5:728:745  "return msg.sender"
+                var := /** @src 5:735:745  "msg.sender" */ caller()
+            }
+        }
+        data ".metadata" hex"a2646970667358221220e124d3304315e49a13a11d4379533b7d9c2fb14642277dba92735950eb596d5e64736f6c63430008150033"
+    }
+}
+
+Optimized IR:
+
+Optimized IR:
+
+Optimized IR:
+
+Optimized IR:
+

From 9974e6965409d42c71720f6e9aa1395060340db7 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Wed, 20 Nov 2024 00:37:35 +0000
Subject: [PATCH 59/89] Regenerate ERC20, excluding files with existing proofs

---
 All.lean                                      | 393 +++++++++---------
 .../Common/for_1821242857744567453_gen.lean   |  10 +-
 .../Common/for_6088573059593786335_gen.lean   |  10 +-
 .../Common/if_1438067688173587229_gen.lean    |   4 +-
 .../Common/if_2130076443351184838.lean        |  23 -
 .../Common/if_2130076443351184838_gen.lean    | 118 ------
 .../Common/if_2395397427938978657_gen.lean    |  16 +-
 .../Common/if_2792370840247009933_gen.lean    |   4 +-
 .../Common/if_3812165059632449189_gen.lean    |  16 +-
 .../Common/if_384845947645085899_gen.lean     |   4 +-
 .../Common/if_3856757177752523473.lean        |  23 +
 .../Common/if_3856757177752523473_gen.lean    | 118 ++++++
 ....lean => if_3856757177752523473_user.lean} |  10 +-
 .../Common/if_3989404597755436942_gen.lean    |  16 +-
 .../Common/if_4024499920364541172_gen.lean    |   4 +-
 .../Common/if_4692225504622348326_gen.lean    |  16 +-
 .../Common/if_5042234445269809685_gen.lean    |  10 +-
 .../Common/if_5327145078839977110.lean        |  25 --
 .../Common/if_7164014626810332831_gen.lean    |   4 +-
 .../Common/if_8073281237182003506_gen.lean    |   4 +-
 .../Common/if_8475192588736690919.lean        |  25 ++
 ...n.lean => if_8475192588736690919_gen.lean} |  50 +--
 ....lean => if_8475192588736690919_user.lean} |  12 +-
 .../Common/if_9141570808380448040_gen.lean    |  16 +-
 .../Common/if_9222169807163418225_gen.lean    |   4 +-
 .../switch_1041419350816529734_gen.lean       |  19 +-
 .../switch_2364266820542243941_gen.lean       |  23 +-
 .../switch_8164987986085659348_gen.lean       |  24 +-
 .../ERC20Shim/abi_decode_address_gen.lean     |   4 +-
 .../abi_decode_addresst_address_gen.lean      |  10 +-
 ..._decode_addresst_addresst_uint256_gen.lean |  14 +-
 .../abi_decode_addresst_uint256_gen.lean      |  10 +-
 .../erc20shim/ERC20Shim/abi_decode_gen.lean   |   4 +-
 .../abi_decode_tuple_address_gen.lean         |   6 +-
 .../ERC20Shim/abi_decode_uint256_gen.lean     |   4 +-
 .../ERC20Shim/abi_encode_address_gen.lean     |   6 +-
 ...bi_encode_address_uint256_uint256_gen.lean |  12 +-
 .../ERC20Shim/abi_encode_bool_gen.lean        |   4 +-
 .../abi_encode_bool_to_bool_gen.lean          |   6 +-
 .../ERC20Shim/abi_encode_string_gen.lean      |   6 +-
 .../abi_encode_string_memory_ptr_gen.lean     |  16 +-
 .../abi_encode_string_storage_gen.lean        |   8 +-
 .../abi_encode_tuple_address_gen.lean         |   4 +-
 .../ERC20Shim/abi_encode_uint256_gen.lean     |   4 +-
 .../abi_encode_uint256_to_uint256_gen.lean    |   2 +-
 .../ERC20Shim/abi_encode_uint8_gen.lean       |   4 +-
 .../abi_encode_uint8_to_uint8_gen.lean        |   4 +-
 .../array_dataslot_string_storage_gen.lean    |   4 +-
 ...engthForEncoding_string_fromStack_gen.lean |   4 +-
 ...ray_storeLengthForEncoding_string_gen.lean |   4 +-
 .../ERC20Shim/checked_add_uint256_gen.lean    |   4 +-
 ...ray_from_storage_to_memory_string_gen.lean |   8 +-
 ...opy_memory_to_memory_with_cleanup_gen.lean |   4 +-
 .../extract_byte_array_length_gen.lean        |  10 +-
 .../ERC20Shim/finalize_allocation_gen.lean    |  16 +-
 .../erc20shim/ERC20Shim/fun__approve_gen.lean |  16 +-
 .../ERC20Shim/fun__transfer_gen.lean          |  12 +-
 .../ERC20Shim/fun_allowance_gen.lean          |   6 +-
 .../ERC20Shim/fun_approve_420_gen.lean        |   2 +-
 .../erc20shim/ERC20Shim/fun_approve_gen.lean  |   4 +-
 .../ERC20Shim/fun_balanceOf_gen.lean          |   4 +-
 .../ERC20Shim/fun_msgSender_gen.lean          |   2 +-
 .../erc20shim/ERC20Shim/fun_name_gen.lean     |   2 +-
 .../ERC20Shim/fun_spendAllowance.lean         |   2 +-
 .../ERC20Shim/fun_spendAllowance_gen.lean     |  50 +--
 .../ERC20Shim/fun_spendAllowance_user.lean    |   2 +-
 .../erc20shim/ERC20Shim/fun_symbol_gen.lean   |   2 +-
 .../ERC20Shim/fun_totalSupply_gen.lean        |   2 +-
 .../ERC20Shim/fun_transferFrom_gen.lean       |   6 +-
 .../erc20shim/ERC20Shim/fun_transfer_gen.lean |   4 +-
 .../erc20shim/ERC20Shim/fun_update_gen.lean   |  18 +-
 ...apping_address_uint256_of_address_gen.lean |   8 +-
 ...apping_address_uint256_of_address_gen.lean |   8 +-
 .../erc20shim/ERC20Shim/panic_error_0x11.lean |   2 +-
 .../ERC20Shim/panic_error_0x11_gen.lean       |  23 +-
 .../ERC20Shim/panic_error_0x11_user.lean      |   2 +-
 .../erc20shim/ERC20Shim/panic_error_0x22.lean |   2 +-
 .../ERC20Shim/panic_error_0x22_gen.lean       |   8 +-
 .../ERC20Shim/panic_error_0x22_user.lean      |   2 +-
 .../erc20shim/ERC20Shim/panic_error_0x41.lean |   2 +-
 .../ERC20Shim/panic_error_0x41_gen.lean       |   8 +-
 .../ERC20Shim/panic_error_0x41_user.lean      |   2 +-
 ...b8cf91c1b902ef5e3cb8d9f6f304cf7446f74.lean |   2 +-
 ...91c1b902ef5e3cb8d9f6f304cf7446f74_gen.lean |   2 +-
 ...1c1b902ef5e3cb8d9f6f304cf7446f74_user.lean |   2 +-
 ...5db7774001b90d25810abd9040049be7bf4bb.lean |   2 +-
 ...774001b90d25810abd9040049be7bf4bb_gen.lean |   2 +-
 ...74001b90d25810abd9040049be7bf4bb_user.lean |   2 +-
 ...e83918d802a52331272ac6fdb6a7c4aea3b1b.lean |   2 +-
 ...18d802a52331272ac6fdb6a7c4aea3b1b_gen.lean |   2 +-
 ...8d802a52331272ac6fdb6a7c4aea3b1b_user.lean |   2 +-
 ..._value_offsett_uint256_to_uint256_gen.lean |   6 +-
 .../validator_revert_address_gen.lean         |   8 +-
 93 files changed, 719 insertions(+), 697 deletions(-)
 delete mode 100644 Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838.lean
 delete mode 100644 Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_gen.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473_gen.lean
 rename Generated/erc20shim/ERC20Shim/Common/{if_2130076443351184838_user.lean => if_3856757177752523473_user.lean} (54%)
 delete mode 100644 Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919.lean
 rename Generated/erc20shim/ERC20Shim/Common/{if_5327145078839977110_gen.lean => if_8475192588736690919_gen.lean} (54%)
 rename Generated/erc20shim/ERC20Shim/Common/{if_5327145078839977110_user.lean => if_8475192588736690919_user.lean} (54%)

diff --git a/All.lean b/All.lean
index a4ac6d1..72093da 100644
--- a/All.lean
+++ b/All.lean
@@ -19,225 +19,246 @@ import Generated.peano.Peano.Common.if_6183625948864629624
 import Generated.peano.Peano.Common.for_727972558926940900
 import Generated.peano.Peano.Common.if_6183625948864629624_gen
 import Generated.peano.Peano.Common.for_84821961910748561_user
-import Generated.erc20shim.ERC20Shim.abi_encode_string_user
-import Generated.erc20shim.ERC20Shim.abi_decode_tuple_address_gen
-import Generated.erc20shim.ERC20Shim.abi_encode_string_memory_ptr_user
-import Generated.erc20shim.ERC20Shim.fun_approve_user
-import Generated.erc20shim.ERC20Shim.abi_encode_string_storage_user
-import Generated.erc20shim.ERC20Shim.fun_balanceOf_user
-import Generated.erc20shim.ERC20Shim.panic_error_0x22_user
-import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256_gen
-import Generated.erc20shim.ERC20Shim.abi_decode_addresst_address_gen
-import Generated.erc20shim.ERC20Shim.fun_msgSender
-import Generated.erc20shim.ERC20Shim.abi_decode_addresst_uint256
-import Generated.erc20shim.ERC20Shim.abi_encode_uint8_gen
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
-import Generated.erc20shim.ERC20Shim.fun_allowance
-import Generated.erc20shim.ERC20Shim.abi_encode_address_gen
-import Generated.erc20shim.ERC20Shim.fun_totalSupply_user
-import Generated.erc20shim.ERC20Shim.abi_decode_addresst_uint256_gen
-import Generated.erc20shim.ERC20Shim.finalize_allocation_gen
-import Generated.erc20shim.ERC20Shim.abi_encode_uint256_gen
-import Generated.erc20shim.ERC20Shim.copy_memory_to_memory_with_cleanup_user
-import Generated.erc20shim.ERC20Shim.update_byte_slice_shift_gen
-import Generated.erc20shim.ERC20Shim.panic_error_0x11_gen
-import Generated.erc20shim.ERC20Shim.abi_encode_bool_to_bool
-import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_fromStack_user
-import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256_user
-import Generated.erc20shim.ERC20Shim.fun_decimals
-import Generated.erc20shim.ERC20Shim.abi_decode_address_user
-import Generated.erc20shim.ERC20Shim.fun__transfer_gen
-import Generated.erc20shim.ERC20Shim.panic_error_0x22
-import Generated.erc20shim.ERC20Shim.fun_allowance_user
+import Generated.erc20shim.ERC20Shim.fun_transfer_gen
 import Generated.erc20shim.ERC20Shim.abi_decode_addresst_addresst_uint256_gen
-import Generated.erc20shim.ERC20Shim.abi_decode_addresst_addresst_uint256
-import Generated.erc20shim.ERC20Shim.revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen
-import Generated.erc20shim.ERC20Shim.validator_revert_uint256_user
-import Generated.erc20shim.ERC20Shim.panic_error_0x41_gen
-import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_user
+import Generated.erc20shim.ERC20Shim.fun_approve_420_user
+import Generated.erc20shim.ERC20Shim.fun_msgSender_gen
+import Generated.erc20shim.ERC20Shim.fun__approve_gen
+import Generated.erc20shim.ERC20Shim.revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74
 import Generated.erc20shim.ERC20Shim.fun__approve
-import Generated.erc20shim.ERC20Shim.fun_transferFrom_gen
-import Generated.erc20shim.ERC20Shim.fun_approve_420
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_gen
-import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
-import Generated.erc20shim.ERC20Shim.validator_revert_address
 import Generated.erc20shim.ERC20Shim.fun_decimals_user
-import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_gen
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_user
-import Generated.erc20shim.ERC20Shim.revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen
-import Generated.erc20shim.ERC20Shim.abi_decode_address
-import Generated.erc20shim.ERC20Shim.panic_error_0x41
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address_user
-import Generated.erc20shim.ERC20Shim.abi_encode_address_user
+import Generated.erc20shim.ERC20Shim.abi_encode_string_memory_ptr
+import Generated.erc20shim.ERC20Shim.abi_encode_address_gen
+import Generated.erc20shim.ERC20Shim.fun_transferFrom_gen
+import Generated.erc20shim.ERC20Shim.fun__transfer
 import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256_gen
-import Generated.erc20shim.ERC20Shim.fun_spendAllowance_user
+import Generated.erc20shim.ERC20Shim.fun_symbol_user
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256
+import Generated.erc20shim.ERC20Shim.fun_allowance_user
+import Generated.erc20shim.ERC20Shim.extract_byte_array_length_gen
+import Generated.erc20shim.ERC20Shim.panic_error_0x11
+import Generated.erc20shim.ERC20Shim.extract_byte_array_length_user
+import Generated.erc20shim.ERC20Shim.revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_user
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_user
+import Generated.erc20shim.ERC20Shim.fun_symbol
+import Generated.erc20shim.ERC20Shim.fun_transfer_user
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_user
+import Generated.erc20shim.ERC20Shim.fun_allowance_gen
+import Generated.erc20shim.ERC20Shim.abi_decode_address_user
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_to_uint8_user
 import Generated.erc20shim.ERC20Shim.abi_encode_bool
+import Generated.erc20shim.ERC20Shim.update_byte_slice_shift
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_addresst_uint256
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_gen
+import Generated.erc20shim.ERC20Shim.checked_add_uint256_gen
+import Generated.erc20shim.ERC20Shim.copy_memory_to_memory_with_cleanup_user
+import Generated.erc20shim.ERC20Shim.abi_encode_bool_to_bool
+import Generated.erc20shim.ERC20Shim.panic_error_0x11_user
+import Generated.erc20shim.ERC20Shim.validator_revert_address
+import Generated.erc20shim.ERC20Shim.abi_encode_string
 import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string_gen
-import Generated.erc20shim.ERC20Shim.abi_decode_uint256_gen
-import Generated.erc20shim.ERC20Shim.fun_update
-import Generated.erc20shim.ERC20Shim.abi_encode_string_gen
-import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256_user
-import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string_user
-import Generated.erc20shim.ERC20Shim.abi_decode_address_gen
+import Generated.erc20shim.ERC20Shim.fun_totalSupply_user
+import Generated.erc20shim.ERC20Shim.fun_approve
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_fromStack_user
 import Generated.erc20shim.ERC20Shim.revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb
-import Generated.erc20shim.ERC20Shim.fun_totalSupply_gen
-import Generated.erc20shim.ERC20Shim.abi_encode_uint256
+import Generated.erc20shim.ERC20Shim.abi_encode_address_user
+import Generated.erc20shim.ERC20Shim.fun_decimals_gen
+import Generated.erc20shim.ERC20Shim.revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen
+import Generated.erc20shim.ERC20Shim.fun_symbol_gen
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.update_byte_slice_shift_user
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address_user
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_uint256
+import Generated.erc20shim.ERC20Shim.abi_encode_string_memory_ptr_user
 import Generated.erc20shim.ERC20Shim.fun_update_gen
-import Generated.erc20shim.ERC20Shim.fun_approve_420_gen
-import Generated.erc20shim.ERC20Shim.revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_user
+import Generated.erc20shim.ERC20Shim.fun_name_gen
+import Generated.erc20shim.ERC20Shim.fun_totalSupply
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_to_uint8
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_gen
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.panic_error_0x11_gen
 import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_user
-import Generated.erc20shim.ERC20Shim.fun_transfer_user
-import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address_user
+import Generated.erc20shim.ERC20Shim.copy_memory_to_memory_with_cleanup
+import Generated.erc20shim.ERC20Shim.abi_decode_uint256_user
 import Generated.erc20shim.ERC20Shim.fun_spendAllowance
-import Generated.erc20shim.ERC20Shim.abi_decode_addresst_address_user
+import Generated.erc20shim.ERC20Shim.revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_user
+import Generated.erc20shim.ERC20Shim.finalize_allocation_gen
+import Generated.erc20shim.ERC20Shim.fun_transferFrom
 import Generated.erc20shim.ERC20Shim.abi_encode_bool_to_bool_user
-import Generated.erc20shim.ERC20Shim.fun_approve
-import Generated.erc20shim.ERC20Shim.abi_encode_string_storage_gen
-import Generated.erc20shim.ERC20Shim.fun__transfer
-import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string
-import Generated.erc20shim.ERC20Shim.checked_add_uint256
-import Generated.erc20shim.ERC20Shim.fun_approve_420_user
-import Generated.erc20shim.ERC20Shim.abi_encode_uint8
-import Generated.erc20shim.ERC20Shim.checked_add_uint256_gen
-import Generated.erc20shim.ERC20Shim.fun__transfer_user
-import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage
-import Generated.erc20shim.ERC20Shim.abi_decode_gen
-import Generated.erc20shim.ERC20Shim.update_byte_slice_shift_user
+import Generated.erc20shim.ERC20Shim.abi_decode_tuple_address
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256_gen
+import Generated.erc20shim.ERC20Shim.copy_memory_to_memory_with_cleanup_gen
+import Generated.erc20shim.ERC20Shim.abi_decode
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_uint256_user
+import Generated.erc20shim.ERC20Shim.fun__approve_user
 import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
-import Generated.erc20shim.ERC20Shim.abi_decode_tuple_address_user
+import Generated.erc20shim.ERC20Shim.checked_add_uint256
+import Generated.erc20shim.ERC20Shim.fun_msgSender
+import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256_user
+import Generated.erc20shim.ERC20Shim.fun_allowance
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256_user
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_gen
+import Generated.erc20shim.ERC20Shim.panic_error_0x41
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_user
 import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address_gen
-import Generated.erc20shim.ERC20Shim.fun_spendAllowance_gen
+import Generated.erc20shim.ERC20Shim.abi_encode_string_memory_ptr_gen
+import Generated.erc20shim.ERC20Shim.fun_decimals
+import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string_user
+import Generated.erc20shim.ERC20Shim.panic_error_0x22_gen
 import Generated.erc20shim.ERC20Shim.abi_decode_addresst_addresst_uint256_user
-import Generated.erc20shim.ERC20Shim.fun__approve_gen
-import Generated.erc20shim.ERC20Shim.abi_decode_tuple_address
-import Generated.erc20shim.ERC20Shim.abi_encode_address
-import Generated.erc20shim.ERC20Shim.abi_decode_addresst_uint256_user
-import Generated.erc20shim.ERC20Shim.fun_name
-import Generated.erc20shim.ERC20Shim.fun_msgSender_gen
-import Generated.erc20shim.ERC20Shim.abi_encode_string_storage
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address
-import Generated.erc20shim.ERC20Shim.fun_transfer
-import Generated.erc20shim.ERC20Shim.fun_update_user
+import Generated.erc20shim.ERC20Shim.abi_decode_tuple_address_user
+import Generated.erc20shim.ERC20Shim.abi_decode_address_gen
 import Generated.erc20shim.ERC20Shim.checked_add_uint256_user
-import Generated.erc20shim.ERC20Shim.fun_name_gen
-import Generated.erc20shim.ERC20Shim.copy_memory_to_memory_with_cleanup
-import Generated.erc20shim.ERC20Shim.abi_encode_uint256_user
-import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256_user
-import Generated.erc20shim.ERC20Shim.abi_encode_bool_user
-import Generated.erc20shim.ERC20Shim.panic_error_0x11_user
-import Generated.erc20shim.ERC20Shim.abi_encode_string_memory_ptr
-import Generated.erc20shim.ERC20Shim.fun_symbol
-import Generated.erc20shim.ERC20Shim.abi_encode_uint8_user
-import Generated.erc20shim.ERC20Shim.abi_encode_uint8_to_uint8_user
+import Generated.erc20shim.ERC20Shim.abi_encode_string_storage_gen
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256_gen
 import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_fromStack
-import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256
-import Generated.erc20shim.ERC20Shim.fun_approve_gen
-import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256_gen
-import Generated.erc20shim.ERC20Shim.fun_msgSender_user
-import Generated.erc20shim.ERC20Shim.abi_decode_uint256
-import Generated.erc20shim.ERC20Shim.extract_byte_array_length_user
-import Generated.erc20shim.ERC20Shim.abi_decode_uint256_user
-import Generated.erc20shim.ERC20Shim.extract_byte_array_length
+import Generated.erc20shim.ERC20Shim.abi_decode_address
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.fun_name_user
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_address_gen
+import Generated.erc20shim.ERC20Shim.fun_balanceOf_gen
+import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string
+import Generated.erc20shim.ERC20Shim.fun_spendAllowance_gen
+import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage_user
 import Generated.erc20shim.ERC20Shim.abi_encode_bool_to_bool_gen
-import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage_gen
-import Generated.erc20shim.ERC20Shim.abi_decode_user
+import Generated.erc20shim.ERC20Shim.fun_name
 import Generated.erc20shim.ERC20Shim.finalize_allocation_user
-import Generated.erc20shim.ERC20Shim.fun_transferFrom
-import Generated.erc20shim.ERC20Shim.panic_error_0x41_user
-import Generated.erc20shim.ERC20Shim.finalize_allocation
-import Generated.erc20shim.ERC20Shim.update_storage_value_offsett_uint256_to_uint256
-import Generated.erc20shim.ERC20Shim.fun_name_user
-import Generated.erc20shim.ERC20Shim.validator_revert_uint256
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_user
+import Generated.erc20shim.ERC20Shim.abi_decode_user
+import Generated.erc20shim.ERC20Shim.fun_approve_user
+import Generated.erc20shim.ERC20Shim.abi_encode_string_storage
+import Generated.erc20shim.ERC20Shim.validator_revert_address_gen
 import Generated.erc20shim.ERC20Shim.validator_revert_address_user
-import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
-import Generated.erc20shim.ERC20Shim.extract_byte_array_length_gen
-import Generated.erc20shim.ERC20Shim.fun_symbol_user
-import Generated.erc20shim.ERC20Shim.copy_array_from_storage_to_memory_string
-import Generated.erc20shim.ERC20Shim.fun__approve_user
-import Generated.erc20shim.ERC20Shim.fun_allowance_gen
-import Generated.erc20shim.ERC20Shim.copy_memory_to_memory_with_cleanup_gen
-import Generated.erc20shim.ERC20Shim.fun_balanceOf
-import Generated.erc20shim.ERC20Shim.abi_encode_string_memory_ptr_gen
-import Generated.erc20shim.ERC20Shim.fun_decimals_gen
-import Generated.erc20shim.ERC20Shim.fun_totalSupply
-import Generated.erc20shim.ERC20Shim.abi_encode_string
-import Generated.erc20shim.ERC20Shim.abi_decode_addresst_address
-import Generated.erc20shim.ERC20Shim.abi_decode
-import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_fromStack_gen
-import Generated.erc20shim.ERC20Shim.panic_error_0x11
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen
+import Generated.erc20shim.ERC20Shim.fun_approve_gen
+import Generated.erc20shim.ERC20Shim.fun_msgSender_user
+import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256
+import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen
 import Generated.erc20shim.ERC20Shim.abi_encode_uint8_to_uint8_gen
+import Generated.erc20shim.ERC20Shim.revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen
+import Generated.erc20shim.ERC20Shim.fun_update_user
 import Generated.erc20shim.ERC20Shim.validator_revert_uint256_gen
-import Generated.erc20shim.ERC20Shim.revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen
-import Generated.erc20shim.ERC20Shim.abi_encode_bool_gen
-import Generated.erc20shim.ERC20Shim.revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_user
-import Generated.erc20shim.ERC20Shim.validator_revert_address_gen
-import Generated.erc20shim.ERC20Shim.fun_balanceOf_gen
-import Generated.erc20shim.ERC20Shim.fun_transfer_gen
-import Generated.erc20shim.ERC20Shim.panic_error_0x22_gen
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen
-import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage_user
-import Generated.erc20shim.ERC20Shim.fun_symbol_gen
-import Generated.erc20shim.ERC20Shim.update_byte_slice_shift
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address
+import Generated.erc20shim.ERC20Shim.panic_error_0x22_user
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_address
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string_fromStack_gen
+import Generated.erc20shim.ERC20Shim.abi_encode_string_gen
+import Generated.erc20shim.ERC20Shim.update_byte_slice_shift_gen
+import Generated.erc20shim.ERC20Shim.extract_byte_array_length
+import Generated.erc20shim.ERC20Shim.abi_encode_tuple_address_user
+import Generated.erc20shim.ERC20Shim.abi_decode_uint256
+import Generated.erc20shim.ERC20Shim.validator_revert_uint256
+import Generated.erc20shim.ERC20Shim.abi_decode_tuple_address_gen
+import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage_gen
+import Generated.erc20shim.ERC20Shim.validator_revert_uint256_user
+import Generated.erc20shim.ERC20Shim.abi_encode_address
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256_user
+import Generated.erc20shim.ERC20Shim.fun_totalSupply_gen
+import Generated.erc20shim.ERC20Shim.fun_approve_420
+import Generated.erc20shim.ERC20Shim.panic_error_0x22
+import Generated.erc20shim.ERC20Shim.abi_decode_gen
+import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string
+import Generated.erc20shim.ERC20Shim.fun_transfer
+import Generated.erc20shim.ERC20Shim.fun_spendAllowance_user
+import Generated.erc20shim.ERC20Shim.fun_approve_420_gen
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_user
+import Generated.erc20shim.ERC20Shim.fun_balanceOf
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_uint256_gen
+import Generated.erc20shim.ERC20Shim.fun__transfer_user
+import Generated.erc20shim.ERC20Shim.array_dataslot_string_storage
+import Generated.erc20shim.ERC20Shim.fun_balanceOf_user
+import Generated.erc20shim.ERC20Shim.abi_encode_uint8_gen
+import Generated.erc20shim.ERC20Shim.finalize_allocation
+import Generated.erc20shim.ERC20Shim.panic_error_0x41_user
+import Generated.erc20shim.ERC20Shim.abi_encode_string_user
+import Generated.erc20shim.ERC20Shim.abi_encode_string_storage_user
 import Generated.erc20shim.ERC20Shim.fun_transferFrom_user
-import Generated.erc20shim.ERC20Shim.abi_encode_uint8_to_uint8
-import Generated.erc20shim.ERC20Shim.revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74
-import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110_gen
-import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506_user
+import Generated.erc20shim.ERC20Shim.panic_error_0x41_gen
+import Generated.erc20shim.ERC20Shim.abi_decode_uint256_gen
+import Generated.erc20shim.ERC20Shim.fun_update
+import Generated.erc20shim.ERC20Shim.fun__transfer_gen
+import Generated.erc20shim.ERC20Shim.abi_decode_addresst_address_user
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_gen
+import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229
 import Generated.erc20shim.ERC20Shim.Common.if_2792370840247009933
-import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040
-import Generated.erc20shim.ERC20Shim.Common.if_2792370840247009933_gen
+import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657_gen
+import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657_user
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831_gen
+import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506_user
+import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919_user
+import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941_gen
+import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189_gen
+import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899
+import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326
+import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734
+import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473_user
+import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942_gen
+import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473
 import Generated.erc20shim.ERC20Shim.Common.if_5042234445269809685_user
-import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838_user
-import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506
-import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348
-import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831_user
-import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348_gen
 import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734_gen
-import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453_user
-import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229
 import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453
 import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040_user
-import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040_gen
-import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189
-import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453_gen
-import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899
-import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657
-import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335_user
-import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335_gen
-import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189_gen
-import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229_user
-import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734
-import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899_user
-import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335
-import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110
+import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506
+import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172
 import Generated.erc20shim.ERC20Shim.Common.if_2792370840247009933_user
-import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225
-import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734_user
-import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942_gen
-import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506_gen
-import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225_user
-import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838_gen
-import Generated.erc20shim.ERC20Shim.Common.if_5042234445269809685
-import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899_gen
-import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326_gen
-import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229_gen
-import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348_user
-import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172_user
-import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941_gen
 import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326_user
-import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838
-import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110_user
-import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942
-import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172
-import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326
+import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453_user
+import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189
+import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335_gen
+import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348_gen
+import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189_user
 import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172_gen
-import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831_gen
+import Generated.erc20shim.ERC20Shim.Common.if_5042234445269809685
+import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473_gen
+import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040_gen
+import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919
+import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831_user
+import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225
+import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335
 import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225_gen
 import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941
-import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657_gen
+import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040
+import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453_gen
+import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225_user
+import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229_user
 import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941_user
-import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657_user
+import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734_user
+import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348_user
+import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326_gen
+import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942
+import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172_user
+import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919_gen
+import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899_gen
+import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335_user
+import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348
 import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942_user
-import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189_user
+import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657
+import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229_gen
+import Generated.erc20shim.ERC20Shim.Common.if_2792370840247009933_gen
 import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
+import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506_gen
 import Generated.erc20shim.ERC20Shim.Common.if_5042234445269809685_gen
+import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899_user
+import Generated.peano.Peano.expk_gen
+import Generated.peano.Peano.mulk
+import Generated.peano.Peano.expk
+import Generated.peano.Peano.addk_user
+import Generated.peano.Peano.expk_user
+import Generated.peano.Peano.addk
+import Generated.peano.Peano.mulk_gen
+import Generated.peano.Peano.mulk_user
+import Generated.peano.Peano.addk_gen
+import Generated.peano.Peano.Common.for_4806375509446804985_user
+import Generated.peano.Peano.Common.for_84821961910748561_gen
+import Generated.peano.Peano.Common.for_84821961910748561_user
+import Generated.peano.Peano.Common.if_6183625948864629624_user
+import Generated.peano.Peano.Common.for_4806375509446804985
+import Generated.peano.Peano.Common.for_4806375509446804985_gen
+import Generated.peano.Peano.Common.for_84821961910748561
+import Generated.peano.Peano.Common.if_6183625948864629624
+import Generated.peano.Peano.Common.if_6183625948864629624_gen
+import Generated.peano.Peano.Common.for_727972558926940900_user
+import Generated.peano.Peano.Common.for_727972558926940900_gen
+import Generated.peano.Peano.Common.for_727972558926940900
diff --git a/Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453_gen.lean b/Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453_gen.lean
index 9dc33fd..1f5872a 100644
--- a/Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/for_1821242857744567453_gen.lean
@@ -72,7 +72,7 @@ def for_1821242857744567453_post_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
@@ -110,24 +110,24 @@ def for_1821242857744567453_body_concrete_of_code
   revert h
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSload']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335_gen.lean b/Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335_gen.lean
index 91be11f..06b20b2 100644
--- a/Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/for_6088573059593786335_gen.lean
@@ -70,7 +70,7 @@ def for_6088573059593786335_post_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
@@ -108,22 +108,22 @@ def for_6088573059593786335_body_concrete_of_code
   revert h
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMMload']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229_gen.lean
index 43e52cb..1f0b965 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_1438067688173587229_gen.lean
@@ -43,12 +43,12 @@ def if_1438067688173587229_concrete_of_code : {
 
   -- AST-specific tactics
 
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMRevert']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838.lean b/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838.lean
deleted file mode 100644
index 7dae188..0000000
--- a/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838.lean
+++ /dev/null
@@ -1,23 +0,0 @@
-import Clear.ReasoningPrinciple
-
-import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
-
-import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838_gen
-
-import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838_user
-
-
-namespace ERC20Shim.Common
-
-section
-
-open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
-
-lemma if_2130076443351184838_abs_of_code {s₀ : State} {fuel : Nat} :
-  ∀ s₉, exec fuel if_2130076443351184838 s₀ = s₉ →
-        Spec A_if_2130076443351184838 s₀ s₉ :=
-  λ _ h ↦ if_2130076443351184838_abs_of_concrete (if_2130076443351184838_concrete_of_code.2 h)
-
-end
-
-end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_gen.lean
deleted file mode 100644
index bbf0dde..0000000
--- a/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_gen.lean
+++ /dev/null
@@ -1,118 +0,0 @@
-import Clear.ReasoningPrinciple
-
-import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
-
-
-namespace ERC20Shim.Common
-
-section
-
-open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
-
-def if_2130076443351184838 := <s
-  if _4 
-{
-    let expr := var_spender
-    let expr_1 := var_currentAllowance
-    let expr_2 := var_value
-    let _5 := 64
-    let _6 := mload(_5)
-    let _7 := shl(225, 2110234841)
-    mstore(_6, _7)
-    let _8 := 4
-    let _9 := add(_6, _8)
-    let _10 := abi_encode_address_uint256_uint256(_9, var_spender, var_currentAllowance, var_value)
-    let _11 := sub(_10, _6)
-    revert(_6, _11)
-}
->
-
-set_option maxRecDepth 5000
-set_option maxHeartbeats 400000
-
-def if_2130076443351184838_concrete_of_code : {
-    C : State → State → Prop
-    // ∀ {s₀ s₉ fuel}
-    , exec fuel if_2130076443351184838 s₀ = s₉
-    → Spec C s₀ s₉
-  } := by
-  constructor
-  intros s₀ s₉ fuel
-
-  unfold Spec if_2130076443351184838
-  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
-  rotate_left 1
-  · generalize If _ _ = f; aesop
-  · generalize If _ _ = f; aesop
-  swap
-  generalize hok : Ok evm₀ store₀ = s₀
-  intros h _
-  revert h
-
-  rw [If']
-
-  -- AST-specific tactics
-
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  -- simp [Var']
-  rw [cons]; simp only [LetEq', Assign', Lit', Var']
-  rw [cons]; simp only [LetEq', Assign', Lit', Var']
-  rw [cons]; simp only [LetEq', Assign', Lit', Var']
-  rw [cons]; simp only [LetEq', Assign', Lit', Var']
-  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  rw [EVMMload']
-  try simp
-  
-  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  rw [EVMShl']
-  try simp
-  
-  rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  -- EXPR 
-  rw [EVMMstore']
-  try simp
-  
-  rw [cons]; simp only [LetEq', Assign', Lit', Var']
-  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  rw [EVMAdd']
-  try simp
-  
-  rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  -- EXPR 
-  try simp
-  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
-  intros h
-  try intros h'
-  refine' Exists.intro s (And.intro (abi_encode_address_uint256_uint256_abs_of_code hs) ?_)
-  swap; clear hs
-  try revert h'
-  revert h
-  
-  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  rw [EVMSub']
-  try simp
-  
-  rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  -- EXPR 
-  rw [EVMRevert']
-  try simp
-  
-  
-  
-  -- tacticsOfStmt offsetting
-  try rw [nil]
-  try simp [Bool.toUInt256, UInt256.size]
-  intros h
-  exact h
-
-
-end
-
-end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657_gen.lean
index d3185f5..51d23f6 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_2395397427938978657_gen.lean
@@ -51,34 +51,34 @@ def if_2395397427938978657_concrete_of_code : {
 
   -- AST-specific tactics
 
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMMload']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMShl']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -90,12 +90,12 @@ def if_2395397427938978657_concrete_of_code : {
   revert h
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMRevert']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933_gen.lean
index 6dee4d2..3f04238 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_2792370840247009933_gen.lean
@@ -40,10 +40,10 @@ def if_2792370840247009933_concrete_of_code : {
 
   -- AST-specific tactics
 
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   try simp
   
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189_gen.lean
index c6dd13d..64a65b8 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_3812165059632449189_gen.lean
@@ -51,34 +51,34 @@ def if_3812165059632449189_concrete_of_code : {
 
   -- AST-specific tactics
 
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMMload']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMShl']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -90,12 +90,12 @@ def if_3812165059632449189_concrete_of_code : {
   revert h
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMRevert']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_384845947645085899_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_384845947645085899_gen.lean
index 91f6a3e..280756f 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_384845947645085899_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_384845947645085899_gen.lean
@@ -40,10 +40,10 @@ def if_384845947645085899_concrete_of_code : {
 
   -- AST-specific tactics
 
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   try simp
   
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473.lean b/Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473.lean
new file mode 100644
index 0000000..5179389
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+
+import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma if_3856757177752523473_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_3856757177752523473 s₀ = s₉ →
+        Spec A_if_3856757177752523473 s₀ s₉ :=
+  λ _ h ↦ if_3856757177752523473_abs_of_concrete (if_3856757177752523473_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473_gen.lean
new file mode 100644
index 0000000..bd26a86
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473_gen.lean
@@ -0,0 +1,118 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+def if_3856757177752523473 := <s
+  if _3 
+{
+    let expr := var_spender
+    let expr_1 := var_currentAllowance
+    let expr_2 := var_value
+    let _4 := 64
+    let _5 := mload(_4)
+    let _6 := shl(225, 2110234841)
+    mstore(_5, _6)
+    let _7 := 4
+    let _8 := add(_5, _7)
+    let _9 := abi_encode_address_uint256_uint256(_8, var_spender, var_currentAllowance, var_value)
+    let _10 := sub(_9, _5)
+    revert(_5, _10)
+}
+>
+
+set_option maxRecDepth 5000
+set_option maxHeartbeats 400000
+
+def if_3856757177752523473_concrete_of_code : {
+    C : State → State → Prop
+    // ∀ {s₀ s₉ fuel}
+    , exec fuel if_3856757177752523473 s₀ = s₉
+    → Spec C s₀ s₉
+  } := by
+  constructor
+  intros s₀ s₉ fuel
+
+  unfold Spec if_3856757177752523473
+  rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
+  rotate_left 1
+  · generalize If _ _ = f; aesop
+  · generalize If _ _ = f; aesop
+  swap
+  generalize hok : Ok evm₀ store₀ = s₀
+  intros h _
+  revert h
+
+  rw [If']
+
+  -- AST-specific tactics
+
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
+  -- simp [Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
+  rw [EVMMload']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
+  rw [EVMShl']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
+  -- EXPR 
+  rw [EVMMstore']
+  try simp
+  
+  rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
+  rw [EVMAdd']
+  try simp
+  
+  rw [cons]; simp only [LetCall', AssignCall']
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
+  -- EXPR 
+  try simp
+  generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
+  intros h
+  try intros h'
+  refine' Exists.intro s (And.intro (abi_encode_address_uint256_uint256_abs_of_code hs) ?_)
+  swap; clear hs
+  try revert h'
+  revert h
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
+  rw [EVMSub']
+  try simp
+  
+  rw [cons, ExprStmtPrimCall']; try simp only
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
+  -- EXPR 
+  rw [EVMRevert']
+  try simp
+  
+  
+  
+  -- tacticsOfStmt offsetting
+  try rw [nil]
+  try simp [Bool.toUInt256, UInt256.size]
+  intros h
+  exact h
+
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473_user.lean
similarity index 54%
rename from Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_user.lean
rename to Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473_user.lean
index a1df7c6..cff7d37 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_user.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473_user.lean
@@ -2,7 +2,7 @@ import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
 
-import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838_gen
+import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473_gen
 
 
 namespace ERC20Shim.Common
@@ -11,11 +11,11 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-def A_if_2130076443351184838 (s₀ s₉ : State) : Prop := sorry
+def A_if_3856757177752523473 (s₀ s₉ : State) : Prop := sorry
 
-lemma if_2130076443351184838_abs_of_concrete {s₀ s₉ : State} :
-  Spec if_2130076443351184838_concrete_of_code s₀ s₉ →
-  Spec A_if_2130076443351184838 s₀ s₉ := by
+lemma if_3856757177752523473_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_3856757177752523473_concrete_of_code s₀ s₉ →
+  Spec A_if_3856757177752523473 s₀ s₉ := by
   sorry
 
 end
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942_gen.lean
index 7e61a04..9f5ea7a 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_3989404597755436942_gen.lean
@@ -53,36 +53,36 @@ def if_3989404597755436942_concrete_of_code : {
 
   -- AST-specific tactics
 
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMMload']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMShl']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -94,12 +94,12 @@ def if_3989404597755436942_concrete_of_code : {
   revert h
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMRevert']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172_gen.lean
index c1f5397..aa54b47 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_4024499920364541172_gen.lean
@@ -42,11 +42,11 @@ def if_4024499920364541172_concrete_of_code : {
 
   -- AST-specific tactics
 
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326_gen.lean
index 2df0e7a..18a8879 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_4692225504622348326_gen.lean
@@ -51,34 +51,34 @@ def if_4692225504622348326_concrete_of_code : {
 
   -- AST-specific tactics
 
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMMload']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMShl']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -90,12 +90,12 @@ def if_4692225504622348326_concrete_of_code : {
   revert h
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMRevert']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685_gen.lean
index a17212f..810acc1 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_5042234445269809685_gen.lean
@@ -52,7 +52,7 @@ def if_5042234445269809685_concrete_of_code : {
 
   -- AST-specific tactics
 
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
@@ -62,12 +62,12 @@ def if_5042234445269809685_concrete_of_code : {
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMMload']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -79,12 +79,12 @@ def if_5042234445269809685_concrete_of_code : {
   revert h
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMLog3']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110.lean b/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110.lean
deleted file mode 100644
index f1e1110..0000000
--- a/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110.lean
+++ /dev/null
@@ -1,25 +0,0 @@
-import Clear.ReasoningPrinciple
-
-import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838
-import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
-import Generated.erc20shim.ERC20Shim.fun__approve
-
-import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110_gen
-
-import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110_user
-
-
-namespace ERC20Shim.Common
-
-section
-
-open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
-
-lemma if_5327145078839977110_abs_of_code {s₀ : State} {fuel : Nat} :
-  ∀ s₉, exec fuel if_5327145078839977110 s₀ = s₉ →
-        Spec A_if_5327145078839977110 s₀ s₉ :=
-  λ _ h ↦ if_5327145078839977110_abs_of_concrete (if_5327145078839977110_concrete_of_code.2 h)
-
-end
-
-end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831_gen.lean
index 4f7b2d7..396e7c2 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_7164014626810332831_gen.lean
@@ -40,10 +40,10 @@ def if_7164014626810332831_concrete_of_code : {
 
   -- AST-specific tactics
 
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   try simp
   
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506_gen.lean
index e3785d8..f218f96 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_8073281237182003506_gen.lean
@@ -43,12 +43,12 @@ def if_8073281237182003506_concrete_of_code : {
 
   -- AST-specific tactics
 
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMRevert']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919.lean b/Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919.lean
new file mode 100644
index 0000000..cbd184c
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.fun__approve
+
+import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma if_8475192588736690919_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_8475192588736690919 s₀ = s₉ →
+        Spec A_if_8475192588736690919 s₀ s₉ :=
+  λ _ h ↦ if_8475192588736690919_abs_of_concrete (if_8475192588736690919_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919_gen.lean
similarity index 54%
rename from Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_gen.lean
rename to Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919_gen.lean
index 39239b5..8499ab5 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919_gen.lean
@@ -1,6 +1,6 @@
 import Clear.ReasoningPrinciple
 
-import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838
+import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473
 import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
 import Generated.erc20shim.ERC20Shim.fun__approve
 
@@ -11,46 +11,46 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
 
-def if_5327145078839977110 := <s
-  if _3 
+def if_8475192588736690919 := <s
+  if _2 
 {
-    let _4 := lt(var_currentAllowance, var_value)
-    if _4 
+    let _3 := lt(var_currentAllowance, var_value)
+    if _3 
     {
         let expr := var_spender
         let expr_1 := var_currentAllowance
         let expr_2 := var_value
-        let _5 := 64
-        let _6 := mload(_5)
-        let _7 := shl(225, 2110234841)
-        mstore(_6, _7)
-        let _8 := 4
-        let _9 := add(_6, _8)
-        let _10 := abi_encode_address_uint256_uint256(_9, var_spender, var_currentAllowance, var_value)
-        let _11 := sub(_10, _6)
-        revert(_6, _11)
+        let _4 := 64
+        let _5 := mload(_4)
+        let _6 := shl(225, 2110234841)
+        mstore(_5, _6)
+        let _7 := 4
+        let _8 := add(_5, _7)
+        let _9 := abi_encode_address_uint256_uint256(_8, var_spender, var_currentAllowance, var_value)
+        let _10 := sub(_9, _5)
+        revert(_5, _10)
     }
     let expr_3 := var_owner
     let expr_4 := var_spender
-    let _12 := 0
-    let _13 := sub(var_currentAllowance, var_value)
-    fun__approve(var_owner, var_spender, _13, _12)
+    let _11 := 0
+    let _12 := sub(var_currentAllowance, var_value)
+    fun__approve(var_owner, var_spender, _12, _11)
 }
 >
 
 set_option maxRecDepth 5000
 set_option maxHeartbeats 400000
 
-def if_5327145078839977110_concrete_of_code : {
+def if_8475192588736690919_concrete_of_code : {
     C : State → State → Prop
     // ∀ {s₀ s₉ fuel}
-    , exec fuel if_5327145078839977110 s₀ = s₉
+    , exec fuel if_8475192588736690919 s₀ = s₉
     → Spec C s₀ s₉
   } := by
   constructor
   intros s₀ s₉ fuel
 
-  unfold Spec if_5327145078839977110
+  unfold Spec if_8475192588736690919
   rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
   rotate_left 1
   · generalize If _ _ = f; aesop
@@ -64,17 +64,17 @@ def if_5327145078839977110_concrete_of_code : {
 
   -- AST-specific tactics
 
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMLt']
   try simp
   
   -- abstraction offsetting
   rw [cons]
   generalize hxs : Block _ = xs
-  abstract if_2130076443351184838_abs_of_code if_2130076443351184838 with ss hs
+  abstract if_3856757177752523473_abs_of_code if_3856757177752523473 with ss hs
   try rw [← hs₁, hok] at hs
   intros h
   try intros h'
@@ -88,12 +88,12 @@ def if_5327145078839977110_concrete_of_code : {
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   -- simp [Var']
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919_user.lean
similarity index 54%
rename from Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_user.lean
rename to Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919_user.lean
index 781b147..0de7810 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_user.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919_user.lean
@@ -1,10 +1,10 @@
 import Clear.ReasoningPrinciple
 
-import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838
+import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473
 import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
 import Generated.erc20shim.ERC20Shim.fun__approve
 
-import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110_gen
+import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919_gen
 
 
 namespace ERC20Shim.Common
@@ -13,11 +13,11 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
 
-def A_if_5327145078839977110 (s₀ s₉ : State) : Prop := sorry
+def A_if_8475192588736690919 (s₀ s₉ : State) : Prop := sorry
 
-lemma if_5327145078839977110_abs_of_concrete {s₀ s₉ : State} :
-  Spec if_5327145078839977110_concrete_of_code s₀ s₉ →
-  Spec A_if_5327145078839977110 s₀ s₉ := by
+lemma if_8475192588736690919_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_8475192588736690919_concrete_of_code s₀ s₉ →
+  Spec A_if_8475192588736690919 s₀ s₉ := by
   sorry
 
 end
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040_gen.lean
index 6dfbad4..8793495 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_9141570808380448040_gen.lean
@@ -51,34 +51,34 @@ def if_9141570808380448040_concrete_of_code : {
 
   -- AST-specific tactics
 
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMMload']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMShl']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -90,12 +90,12 @@ def if_9141570808380448040_concrete_of_code : {
   revert h
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMRevert']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225_gen.lean
index c89eafb..5e4c1bc 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_9222169807163418225_gen.lean
@@ -40,10 +40,10 @@ def if_9222169807163418225_concrete_of_code : {
 
   -- AST-specific tactics
 
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   try simp
   
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
diff --git a/Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734_gen.lean b/Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734_gen.lean
index 48013ad..46b968d 100644
--- a/Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/switch_1041419350816529734_gen.lean
@@ -58,12 +58,13 @@ def switch_1041419350816529734_concrete_of_code : {
   -- AST-specific tactics
 
   unfold execSwitchCases
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
+  (try (unfold execSwitchCases))
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -75,18 +76,18 @@ def switch_1041419350816529734_concrete_of_code : {
   revert h
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSload']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   try simp
@@ -101,23 +102,23 @@ def switch_1041419350816529734_concrete_of_code : {
   
   
   generalize hdefault : exec _ _ _ = sdef
-  unfold execSwitchCases
+  (try (unfold execSwitchCases))
   subst hdefault
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSload']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941_gen.lean b/Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941_gen.lean
index 3af3eeb..dea724b 100644
--- a/Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/switch_2364266820542243941_gen.lean
@@ -78,11 +78,12 @@ def switch_2364266820542243941_concrete_of_code : {
   -- AST-specific tactics
 
   unfold execSwitchCases
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
+  (try (unfold execSwitchCases))
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -94,13 +95,13 @@ def switch_2364266820542243941_concrete_of_code : {
   revert h
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSload']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMLt']
   try simp
   
@@ -118,13 +119,13 @@ def switch_2364266820542243941_concrete_of_code : {
   subst xs
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -136,7 +137,7 @@ def switch_2364266820542243941_concrete_of_code : {
   revert h
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   try simp
@@ -151,17 +152,17 @@ def switch_2364266820542243941_concrete_of_code : {
   
   
   generalize hdefault : exec _ _ _ = sdef
-  unfold execSwitchCases
+  (try (unfold execSwitchCases))
   subst hdefault
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSload']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -174,7 +175,7 @@ def switch_2364266820542243941_concrete_of_code : {
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348_gen.lean b/Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348_gen.lean
index aa2d869..60ae003 100644
--- a/Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/switch_8164987986085659348_gen.lean
@@ -66,46 +66,48 @@ def switch_8164987986085659348_concrete_of_code : {
   -- AST-specific tactics
 
   unfold execSwitchCases
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
+  (try (unfold execSwitchCases))
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMNot']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMIszero']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMIszero']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMShl']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
+  (try (unfold execSwitchCases))
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -131,13 +133,13 @@ def switch_8164987986085659348_concrete_of_code : {
   subst xs
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   
   generalize hdefault : exec _ _ _ = sdef
-  unfold execSwitchCases
+  (try (unfold execSwitchCases))
   subst hdefault
   
   
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_address_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_address_gen.lean
index a04aa82..0f682a6 100644
--- a/Generated/erc20shim/ERC20Shim/abi_decode_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_address_gen.lean
@@ -60,12 +60,12 @@ def abi_decode_address_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMCalldataload']
   try simp
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_gen.lean
index 234ecc9..08d5435 100644
--- a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_gen.lean
@@ -70,12 +70,12 @@ def abi_decode_addresst_address_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSlt']
   try simp
   
@@ -93,7 +93,7 @@ def abi_decode_addresst_address_concrete_of_code
   subst xs
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -106,12 +106,12 @@ def abi_decode_addresst_address_concrete_of_code
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_gen.lean
index e4d8c00..a72e618 100644
--- a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_gen.lean
@@ -74,12 +74,12 @@ def abi_decode_addresst_addresst_uint256_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSlt']
   try simp
   
@@ -97,7 +97,7 @@ def abi_decode_addresst_addresst_uint256_concrete_of_code
   subst xs
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -110,12 +110,12 @@ def abi_decode_addresst_addresst_uint256_concrete_of_code
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -128,12 +128,12 @@ def abi_decode_addresst_addresst_uint256_concrete_of_code
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_gen.lean
index c4b0094..fb215a6 100644
--- a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_gen.lean
@@ -71,12 +71,12 @@ def abi_decode_addresst_uint256_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSlt']
   try simp
   
@@ -94,7 +94,7 @@ def abi_decode_addresst_uint256_concrete_of_code
   subst xs
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -107,12 +107,12 @@ def abi_decode_addresst_uint256_concrete_of_code
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_gen.lean
index 0a78a89..a9557e8 100644
--- a/Generated/erc20shim/ERC20Shim/abi_decode_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_gen.lean
@@ -65,12 +65,12 @@ def abi_decode_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSlt']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_gen.lean
index 1caa0fa..6f78b05 100644
--- a/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_gen.lean
@@ -67,12 +67,12 @@ def abi_decode_tuple_address_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSlt']
   try simp
   
@@ -90,7 +90,7 @@ def abi_decode_tuple_address_concrete_of_code
   subst xs
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_uint256_gen.lean
index 67a91b9..e1b4e2d 100644
--- a/Generated/erc20shim/ERC20Shim/abi_decode_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_uint256_gen.lean
@@ -60,12 +60,12 @@ def abi_decode_uint256_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMCalldataload']
   try simp
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_address_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_address_gen.lean
index 424b407..0f0e900 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_address_gen.lean
@@ -60,17 +60,17 @@ def abi_encode_address_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_gen.lean
index 77baa0f..751ec98 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_gen.lean
@@ -69,12 +69,12 @@ def abi_encode_address_uint256_uint256_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   try simp
@@ -89,12 +89,12 @@ def abi_encode_address_uint256_uint256_concrete_of_code
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   try simp
@@ -109,12 +109,12 @@ def abi_encode_address_uint256_uint256_concrete_of_code
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_bool_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_bool_gen.lean
index c055b75..508a9b1 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_bool_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_bool_gen.lean
@@ -62,12 +62,12 @@ def abi_encode_bool_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_gen.lean
index 2aa804e..6263a22 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_gen.lean
@@ -60,17 +60,17 @@ def abi_encode_bool_to_bool_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMIszero']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMIszero']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_string_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_string_gen.lean
index d2bf6ca..a163efb 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_string_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_string_gen.lean
@@ -64,19 +64,19 @@ def abi_encode_string_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_gen.lean
index 7b28dc0..f9a3315 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_gen.lean
@@ -69,12 +69,12 @@ def abi_encode_string_memory_ptr_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMMload']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -87,12 +87,12 @@ def abi_encode_string_memory_ptr_concrete_of_code
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   -- simp [Var']
@@ -107,23 +107,23 @@ def abi_encode_string_memory_ptr_concrete_of_code
   revert h
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMNot']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_string_storage_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_string_storage_gen.lean
index 571f622..a166c41 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_string_storage_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_string_storage_gen.lean
@@ -92,12 +92,12 @@ def abi_encode_string_storage_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSload']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -109,7 +109,7 @@ def abi_encode_string_storage_concrete_of_code
   revert h
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -122,7 +122,7 @@ def abi_encode_string_storage_concrete_of_code
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_gen.lean
index 8fddf63..82afa21 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_gen.lean
@@ -62,12 +62,12 @@ def abi_encode_tuple_address_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_gen.lean
index 0ccc665..55ba6b1 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_gen.lean
@@ -62,12 +62,12 @@ def abi_encode_uint256_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_gen.lean
index 1a1dd79..722b66c 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_gen.lean
@@ -56,7 +56,7 @@ def abi_encode_uint256_to_uint256_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint8_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_gen.lean
index 67d4226..0a1d1bb 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_uint8_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_gen.lean
@@ -62,12 +62,12 @@ def abi_encode_uint8_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_gen.lean
index f130df9..d2a0883 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_gen.lean
@@ -61,12 +61,12 @@ def abi_encode_uint8_to_uint8_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_gen.lean b/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_gen.lean
index 6841ce4..74d6e50 100644
--- a/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_gen.lean
@@ -63,7 +63,7 @@ def array_dataslot_string_storage_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
@@ -71,7 +71,7 @@ def array_dataslot_string_storage_concrete_of_code
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMKeccak256']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_gen.lean b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_gen.lean
index a6937e1..31ee150 100644
--- a/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_gen.lean
@@ -60,14 +60,14 @@ def array_storeLengthForEncoding_string_fromStack_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_gen.lean b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_gen.lean
index 38d877c..a102de3 100644
--- a/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_gen.lean
@@ -60,14 +60,14 @@ def array_storeLengthForEncoding_string_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/checked_add_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/checked_add_uint256_gen.lean
index ebd9bd1..376e2c9 100644
--- a/Generated/erc20shim/ERC20Shim/checked_add_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/checked_add_uint256_gen.lean
@@ -67,12 +67,12 @@ def checked_add_uint256_concrete_of_code
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMGt']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_gen.lean b/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_gen.lean
index 7090514..d204ba8 100644
--- a/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_gen.lean
@@ -65,12 +65,12 @@ def copy_array_from_storage_to_memory_string_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMMload']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -82,12 +82,12 @@ def copy_array_from_storage_to_memory_string_concrete_of_code
   revert h
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_gen.lean b/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_gen.lean
index 43ea68f..ba1318c 100644
--- a/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_gen.lean
@@ -86,12 +86,12 @@ def copy_memory_to_memory_with_cleanup_concrete_of_code
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/extract_byte_array_length_gen.lean b/Generated/erc20shim/ERC20Shim/extract_byte_array_length_gen.lean
index b0db6b0..a006d6e 100644
--- a/Generated/erc20shim/ERC20Shim/extract_byte_array_length_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/extract_byte_array_length_gen.lean
@@ -76,18 +76,18 @@ def extract_byte_array_length_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMShr']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMIszero']
   try simp
   
@@ -106,12 +106,12 @@ def extract_byte_array_length_concrete_of_code
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMLt']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMEq']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/finalize_allocation_gen.lean b/Generated/erc20shim/ERC20Shim/finalize_allocation_gen.lean
index fed9d67..253dc1b 100644
--- a/Generated/erc20shim/ERC20Shim/finalize_allocation_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/finalize_allocation_gen.lean
@@ -72,39 +72,39 @@ def finalize_allocation_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMNot']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAdd']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMLt']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMGt']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMOr']
   try simp
   
@@ -123,7 +123,7 @@ def finalize_allocation_concrete_of_code
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/fun__approve_gen.lean b/Generated/erc20shim/ERC20Shim/fun__approve_gen.lean
index 56e06b5..951dd09 100644
--- a/Generated/erc20shim/ERC20Shim/fun__approve_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun__approve_gen.lean
@@ -119,17 +119,17 @@ def fun__approve_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMIszero']
   try simp
   
@@ -149,12 +149,12 @@ def fun__approve_concrete_of_code
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMIszero']
   try simp
   
@@ -174,7 +174,7 @@ def fun__approve_concrete_of_code
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -186,7 +186,7 @@ def fun__approve_concrete_of_code
   revert h
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -198,7 +198,7 @@ def fun__approve_concrete_of_code
   revert h
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/fun__transfer_gen.lean b/Generated/erc20shim/ERC20Shim/fun__transfer_gen.lean
index 16bcf0c..ef6523b 100644
--- a/Generated/erc20shim/ERC20Shim/fun__transfer_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun__transfer_gen.lean
@@ -97,17 +97,17 @@ def fun__transfer_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMIszero']
   try simp
   
@@ -127,12 +127,12 @@ def fun__transfer_concrete_of_code
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMIszero']
   try simp
   
@@ -150,7 +150,7 @@ def fun__transfer_concrete_of_code
   subst xs
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   -- simp [Var']
diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_gen.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_gen.lean
index b96ca2c..f860489 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_gen.lean
@@ -64,7 +64,7 @@ def fun_allowance_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -76,7 +76,7 @@ def fun_allowance_concrete_of_code
   revert h
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -88,7 +88,7 @@ def fun_allowance_concrete_of_code
   revert h
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSload']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve_420_gen.lean b/Generated/erc20shim/ERC20Shim/fun_approve_420_gen.lean
index 6464052..732f968 100644
--- a/Generated/erc20shim/ERC20Shim/fun_approve_420_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_approve_420_gen.lean
@@ -63,7 +63,7 @@ def fun_approve_420_concrete_of_code
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   -- simp [Var']
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve_gen.lean b/Generated/erc20shim/ERC20Shim/fun_approve_gen.lean
index 4f0fc2b..1e3ad15 100644
--- a/Generated/erc20shim/ERC20Shim/fun_approve_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_approve_gen.lean
@@ -62,7 +62,7 @@ def fun_approve_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -74,7 +74,7 @@ def fun_approve_concrete_of_code
   revert h
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   -- simp [Var']
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean
index 6f1dd58..e6ee60b 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean
@@ -62,7 +62,7 @@ def fun_balanceOf_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -74,7 +74,7 @@ def fun_balanceOf_concrete_of_code
   revert h
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSload']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/fun_msgSender_gen.lean b/Generated/erc20shim/ERC20Shim/fun_msgSender_gen.lean
index 7616f54..87c01bc 100644
--- a/Generated/erc20shim/ERC20Shim/fun_msgSender_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_msgSender_gen.lean
@@ -56,7 +56,7 @@ def fun_msgSender_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMCaller']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/fun_name_gen.lean b/Generated/erc20shim/ERC20Shim/fun_name_gen.lean
index 580e28d..46e8c7d 100644
--- a/Generated/erc20shim/ERC20Shim/fun_name_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_name_gen.lean
@@ -61,7 +61,7 @@ def fun_name_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance.lean
index 6b9232c..8dd3d3b 100644
--- a/Generated/erc20shim/ERC20Shim/fun_spendAllowance.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance.lean
@@ -1,7 +1,7 @@
 import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.fun_allowance
-import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110
+import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919
 import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
 import Generated.erc20shim.ERC20Shim.fun__approve
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean
index c42503b..8e6a3b0 100644
--- a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean
@@ -1,7 +1,7 @@
 import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.fun_allowance
-import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110
+import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919
 import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
 import Generated.erc20shim.ERC20Shim.fun__approve
 
@@ -18,31 +18,30 @@ def fun_spendAllowance : FunctionDefinition := <f
 {
     let var_currentAllowance := fun_allowance(var_owner, var_spender)
     let _1 := not(0)
-    let _2 := eq(var_currentAllowance, _1)
-    let _3 := iszero(_2)
-    if _3 
+    let _2 := lt(var_currentAllowance, _1)
+    if _2 
     {
-        let _4 := lt(var_currentAllowance, var_value)
-        if _4 
+        let _3 := lt(var_currentAllowance, var_value)
+        if _3 
         {
             let expr := var_spender
             let expr_1 := var_currentAllowance
             let expr_2 := var_value
-            let _5 := 64
-            let _6 := mload(_5)
-            let _7 := shl(225, 2110234841)
-            mstore(_6, _7)
-            let _8 := 4
-            let _9 := add(_6, _8)
-            let _10 := abi_encode_address_uint256_uint256(_9, var_spender, var_currentAllowance, var_value)
-            let _11 := sub(_10, _6)
-            revert(_6, _11)
+            let _4 := 64
+            let _5 := mload(_4)
+            let _6 := shl(225, 2110234841)
+            mstore(_5, _6)
+            let _7 := 4
+            let _8 := add(_5, _7)
+            let _9 := abi_encode_address_uint256_uint256(_8, var_spender, var_currentAllowance, var_value)
+            let _10 := sub(_9, _5)
+            revert(_5, _10)
         }
         let expr_3 := var_owner
         let expr_4 := var_spender
-        let _12 := 0
-        let _13 := sub(var_currentAllowance, var_value)
-        fun__approve(var_owner, var_spender, _13, _12)
+        let _11 := 0
+        let _12 := sub(var_currentAllowance, var_value)
+        fun__approve(var_owner, var_spender, _12, _11)
     }
 }
     
@@ -89,7 +88,7 @@ def fun_spendAllowance_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -101,24 +100,19 @@ def fun_spendAllowance_concrete_of_code
   revert h
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMNot']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  rw [EVMEq']
-  try simp
-  
-  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  rw [EVMIszero']
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
+  rw [EVMLt']
   try simp
   
   -- abstraction offsetting
   rw [cons]
   generalize hxs : Block _ = xs
-  abstract if_5327145078839977110_abs_of_code if_5327145078839977110 with ss hs
+  abstract if_8475192588736690919_abs_of_code if_8475192588736690919 with ss hs
   try rw [← hs₁, hok] at hs
   intros h
   try intros h'
diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
index 33a7410..d5f09a2 100644
--- a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
@@ -1,7 +1,7 @@
 import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.fun_allowance
-import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110
+import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919
 import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
 import Generated.erc20shim.ERC20Shim.fun__approve
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_symbol_gen.lean b/Generated/erc20shim/ERC20Shim/fun_symbol_gen.lean
index 719ce49..a1cb0f4 100644
--- a/Generated/erc20shim/ERC20Shim/fun_symbol_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_symbol_gen.lean
@@ -61,7 +61,7 @@ def fun_symbol_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
diff --git a/Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean b/Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean
index 9785664..ea24a8e 100644
--- a/Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean
@@ -60,7 +60,7 @@ def fun_totalSupply_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSload']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom_gen.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom_gen.lean
index ad4baf9..1b98fc6 100644
--- a/Generated/erc20shim/ERC20Shim/fun_transferFrom_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom_gen.lean
@@ -64,7 +64,7 @@ def fun_transferFrom_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -76,7 +76,7 @@ def fun_transferFrom_concrete_of_code
   revert h
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   -- simp [Var']
@@ -91,7 +91,7 @@ def fun_transferFrom_concrete_of_code
   revert h
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   -- simp [Var']
diff --git a/Generated/erc20shim/ERC20Shim/fun_transfer_gen.lean b/Generated/erc20shim/ERC20Shim/fun_transfer_gen.lean
index 7a22dc2..bce2df9 100644
--- a/Generated/erc20shim/ERC20Shim/fun_transfer_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_transfer_gen.lean
@@ -62,7 +62,7 @@ def fun_transfer_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -74,7 +74,7 @@ def fun_transfer_concrete_of_code
   revert h
   
   rw [cons, ExprStmtCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- simp [Var']
   -- simp [Var']
   -- simp [Var']
diff --git a/Generated/erc20shim/ERC20Shim/fun_update_gen.lean b/Generated/erc20shim/ERC20Shim/fun_update_gen.lean
index 98dc07d..3d41811 100644
--- a/Generated/erc20shim/ERC20Shim/fun_update_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_update_gen.lean
@@ -137,17 +137,17 @@ def fun_update_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMIszero']
   try simp
   
@@ -167,12 +167,12 @@ def fun_update_concrete_of_code
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMIszero']
   try simp
   
@@ -197,12 +197,12 @@ def fun_update_concrete_of_code
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMMload']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -214,12 +214,12 @@ def fun_update_concrete_of_code
   revert h
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMLog3']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen.lean
index 082c33e..fc149a7 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen.lean
@@ -65,20 +65,20 @@ def mapping_index_access_mapping_address_mapping_address_uint256_of_address_conc
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
@@ -86,7 +86,7 @@ def mapping_index_access_mapping_address_mapping_address_uint256_of_address_conc
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMKeccak256']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_gen.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_gen.lean
index b44d4bb..f9c748b 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_gen.lean
@@ -65,20 +65,20 @@ def mapping_index_access_mapping_address_uint256_of_address_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
@@ -86,7 +86,7 @@ def mapping_index_access_mapping_address_uint256_of_address_concrete_of_code
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMKeccak256']
   try simp
   
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x11.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x11.lean
index 24cc0d7..0a72141 100644
--- a/Generated/erc20shim/ERC20Shim/panic_error_0x11.lean
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x11.lean
@@ -12,7 +12,7 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-lemma panic_error_0x11_abs_of_code {s₀ s₉ : State}  } {fuel : Nat} :
+lemma panic_error_0x11_abs_of_code {s₀ s₉ : State}  {fuel : Nat} :
   execCall fuel panic_error_0x11 [] (s₀, []) = s₉ →
   Spec (A_panic_error_0x11  ) s₀ s₉
 := λ h ↦ panic_error_0x11_abs_of_concrete (panic_error_0x11_concrete_of_code.2 h)
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean
index ad856c9..8df71fd 100644
--- a/Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean
@@ -30,7 +30,10 @@ set_option maxHeartbeats 300000
 
 def panic_error_0x11_concrete_of_code
 : {
-    C : State → State → Prop // ∀ {s₀ s₉ : State} {  fuel},
+    C :
+      
+      State → State → Prop
+    // ∀ {s₀ s₉ : State} {  fuel},
          execCall fuel panic_error_0x11 [] (s₀, []) = s₉ →
          Spec (C  ) s₀ s₉
   } := by
@@ -63,31 +66,30 @@ def panic_error_0x11_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp only [Fin.isValue]
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMShl']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  -- EXPR
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
+  -- EXPR 
   rw [EVMMstore']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  -- EXPR
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
+  -- EXPR 
   rw [EVMMstore']
   try simp
-
+  
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
-  -- EXPR
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
+  -- EXPR 
   rw [EVMRevert']
   try simp
   
@@ -114,6 +116,7 @@ def panic_error_0x11_concrete_of_code
   intros h
   exact h
 
+
 end
 
 end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x11_user.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x11_user.lean
index ac78615..77716bf 100644
--- a/Generated/erc20shim/ERC20Shim/panic_error_0x11_user.lean
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x11_user.lean
@@ -12,7 +12,7 @@ open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemma
 
 def A_panic_error_0x11   (s₀ s₉ : State) : Prop := sorry
 
-lemma panic_error_0x11_abs_of_concrete {s₀ s₉ : State}  } :
+lemma panic_error_0x11_abs_of_concrete {s₀ s₉ : State}  :
   Spec (panic_error_0x11_concrete_of_code.1  ) s₀ s₉ →
   Spec (A_panic_error_0x11  ) s₀ s₉ := by
   unfold panic_error_0x11_concrete_of_code A_panic_error_0x11
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x22.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x22.lean
index e94476c..94f0264 100644
--- a/Generated/erc20shim/ERC20Shim/panic_error_0x22.lean
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x22.lean
@@ -12,7 +12,7 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-lemma panic_error_0x22_abs_of_code {s₀ s₉ : State}  } {fuel : Nat} :
+lemma panic_error_0x22_abs_of_code {s₀ s₉ : State}  {fuel : Nat} :
   execCall fuel panic_error_0x22 [] (s₀, []) = s₉ →
   Spec (A_panic_error_0x22  ) s₀ s₉
 := λ h ↦ panic_error_0x22_abs_of_concrete (panic_error_0x22_concrete_of_code.2 h)
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x22_gen.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x22_gen.lean
index 55c046b..320e099 100644
--- a/Generated/erc20shim/ERC20Shim/panic_error_0x22_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x22_gen.lean
@@ -66,13 +66,13 @@ def panic_error_0x22_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMShl']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
@@ -80,7 +80,7 @@ def panic_error_0x22_concrete_of_code
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
@@ -88,7 +88,7 @@ def panic_error_0x22_concrete_of_code
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMRevert']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x22_user.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x22_user.lean
index 6cdddce..5ad3b95 100644
--- a/Generated/erc20shim/ERC20Shim/panic_error_0x22_user.lean
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x22_user.lean
@@ -12,7 +12,7 @@ open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemma
 
 def A_panic_error_0x22   (s₀ s₉ : State) : Prop := sorry
 
-lemma panic_error_0x22_abs_of_concrete {s₀ s₉ : State}  } :
+lemma panic_error_0x22_abs_of_concrete {s₀ s₉ : State}  :
   Spec (panic_error_0x22_concrete_of_code.1  ) s₀ s₉ →
   Spec (A_panic_error_0x22  ) s₀ s₉ := by
   unfold panic_error_0x22_concrete_of_code A_panic_error_0x22
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x41.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x41.lean
index 033e1f0..b882fb4 100644
--- a/Generated/erc20shim/ERC20Shim/panic_error_0x41.lean
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x41.lean
@@ -12,7 +12,7 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-lemma panic_error_0x41_abs_of_code {s₀ s₉ : State}  } {fuel : Nat} :
+lemma panic_error_0x41_abs_of_code {s₀ s₉ : State}  {fuel : Nat} :
   execCall fuel panic_error_0x41 [] (s₀, []) = s₉ →
   Spec (A_panic_error_0x41  ) s₀ s₉
 := λ h ↦ panic_error_0x41_abs_of_concrete (panic_error_0x41_concrete_of_code.2 h)
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x41_gen.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x41_gen.lean
index b1634cc..b012f1e 100644
--- a/Generated/erc20shim/ERC20Shim/panic_error_0x41_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x41_gen.lean
@@ -66,13 +66,13 @@ def panic_error_0x41_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMShl']
   try simp
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
@@ -80,7 +80,7 @@ def panic_error_0x41_concrete_of_code
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMMstore']
   try simp
@@ -88,7 +88,7 @@ def panic_error_0x41_concrete_of_code
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMRevert']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x41_user.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x41_user.lean
index 4826936..5e30215 100644
--- a/Generated/erc20shim/ERC20Shim/panic_error_0x41_user.lean
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x41_user.lean
@@ -12,7 +12,7 @@ open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemma
 
 def A_panic_error_0x41   (s₀ s₉ : State) : Prop := sorry
 
-lemma panic_error_0x41_abs_of_concrete {s₀ s₉ : State}  } :
+lemma panic_error_0x41_abs_of_concrete {s₀ s₉ : State}  :
   Spec (panic_error_0x41_concrete_of_code.1  ) s₀ s₉ →
   Spec (A_panic_error_0x41  ) s₀ s₉ := by
   unfold panic_error_0x41_concrete_of_code A_panic_error_0x41
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74.lean b/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74.lean
index 97c0e34..6d1bc5f 100644
--- a/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74.lean
+++ b/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74.lean
@@ -12,7 +12,7 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-lemma revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_abs_of_code {s₀ s₉ : State}  } {fuel : Nat} :
+lemma revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_abs_of_code {s₀ s₉ : State}  {fuel : Nat} :
   execCall fuel revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74 [] (s₀, []) = s₉ →
   Spec (A_revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74  ) s₀ s₉
 := λ h ↦ revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_abs_of_concrete (revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_concrete_of_code.2 h)
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen.lean b/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen.lean
index 7a7fefe..d5bb9ec 100644
--- a/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen.lean
@@ -62,7 +62,7 @@ def revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f7
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMRevert']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_user.lean b/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_user.lean
index 19aae0d..549228a 100644
--- a/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_user.lean
+++ b/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_user.lean
@@ -12,7 +12,7 @@ open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemma
 
 def A_revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74   (s₀ s₉ : State) : Prop := sorry
 
-lemma revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_abs_of_concrete {s₀ s₉ : State}  } :
+lemma revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_abs_of_concrete {s₀ s₉ : State}  :
   Spec (revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_concrete_of_code.1  ) s₀ s₉ →
   Spec (A_revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74  ) s₀ s₉ := by
   unfold revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_concrete_of_code A_revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb.lean b/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb.lean
index 71185ec..4a2bab6 100644
--- a/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb.lean
+++ b/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb.lean
@@ -12,7 +12,7 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-lemma revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_abs_of_code {s₀ s₉ : State}  } {fuel : Nat} :
+lemma revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_abs_of_code {s₀ s₉ : State}  {fuel : Nat} :
   execCall fuel revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb [] (s₀, []) = s₉ →
   Spec (A_revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb  ) s₀ s₉
 := λ h ↦ revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_abs_of_concrete (revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_concrete_of_code.2 h)
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen.lean b/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen.lean
index fbc34ac..cf8386a 100644
--- a/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen.lean
@@ -62,7 +62,7 @@ def revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4b
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMRevert']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_user.lean b/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_user.lean
index 668329e..573eac3 100644
--- a/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_user.lean
+++ b/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_user.lean
@@ -12,7 +12,7 @@ open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemma
 
 def A_revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb   (s₀ s₉ : State) : Prop := sorry
 
-lemma revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_abs_of_concrete {s₀ s₉ : State}  } :
+lemma revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_abs_of_concrete {s₀ s₉ : State}  :
   Spec (revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_concrete_of_code.1  ) s₀ s₉ →
   Spec (A_revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb  ) s₀ s₉ := by
   unfold revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_concrete_of_code A_revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b.lean b/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b.lean
index 45e55ba..c14848e 100644
--- a/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b.lean
+++ b/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b.lean
@@ -12,7 +12,7 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-lemma revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_abs_of_code {s₀ s₉ : State}  } {fuel : Nat} :
+lemma revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_abs_of_code {s₀ s₉ : State}  {fuel : Nat} :
   execCall fuel revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b [] (s₀, []) = s₉ →
   Spec (A_revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b  ) s₀ s₉
 := λ h ↦ revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_abs_of_concrete (revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_concrete_of_code.2 h)
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen.lean b/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen.lean
index 2c27564..fa81597 100644
--- a/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen.lean
@@ -62,7 +62,7 @@ def revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMRevert']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_user.lean b/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_user.lean
index 8ef0836..c3df60e 100644
--- a/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_user.lean
+++ b/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_user.lean
@@ -12,7 +12,7 @@ open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemma
 
 def A_revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b   (s₀ s₉ : State) : Prop := sorry
 
-lemma revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_abs_of_concrete {s₀ s₉ : State}  } :
+lemma revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_abs_of_concrete {s₀ s₉ : State}  :
   Spec (revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_concrete_of_code.1  ) s₀ s₉ →
   Spec (A_revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b  ) s₀ s₉ := by
   unfold revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_concrete_of_code A_revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b
diff --git a/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_gen.lean
index 7bb39fc..52aad03 100644
--- a/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_gen.lean
@@ -61,12 +61,12 @@ def update_storage_value_offsett_uint256_to_uint256_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSload']
   try simp
   
   rw [cons]; simp only [LetCall', AssignCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   try simp
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
@@ -78,7 +78,7 @@ def update_storage_value_offsett_uint256_to_uint256_concrete_of_code
   revert h
   
   rw [cons, ExprStmtPrimCall']; try simp only
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   -- EXPR 
   rw [EVMSstore']
   try simp
diff --git a/Generated/erc20shim/ERC20Shim/validator_revert_address_gen.lean b/Generated/erc20shim/ERC20Shim/validator_revert_address_gen.lean
index 124de7a..a146940 100644
--- a/Generated/erc20shim/ERC20Shim/validator_revert_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/validator_revert_address_gen.lean
@@ -68,22 +68,22 @@ def validator_revert_address_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMSub']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMAnd']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMEq']
   try simp
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
-  simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
   rw [EVMIszero']
   try simp
   

From 715d1729e4be23c6502d97b4eb9456bc54d60b39 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Wed, 20 Nov 2024 00:38:20 +0000
Subject: [PATCH 60/89] [To revert] Regenerate rest of ERC20, overwriting
 existing proofs

---
 .../ERC20Shim/fun_allowance_user.lean         | 392 +-----------------
 .../ERC20Shim/fun_balanceOf_user.lean         | 188 +--------
 .../ERC20Shim/fun_totalSupply_user.lean       |  28 +-
 ...pping_address_uint256_of_address_user.lean |   9 +-
 ...pping_address_uint256_of_address_user.lean | 153 +------
 5 files changed, 19 insertions(+), 751 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index cadcc00..1a0d8f7 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -1,8 +1,10 @@
 import Clear.ReasoningPrinciple
 
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+
 import Generated.erc20shim.ERC20Shim.fun_allowance_gen
 
-import Generated.erc20shim.ERC20Shim.Predicate
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -10,397 +12,13 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-set_option maxHeartbeats 1000000
-
-def A_fun_allowance (var : Identifier) (var_owner var_spender : Literal) (s₀ s₉ : State) : Prop :=
-  (∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
-  let owner := Address.ofUInt256 var_owner
-  let spender := Address.ofUInt256 var_spender
-  IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
-  s₉[var]!! = (erc20.allowances.lookup ⟨owner, spender⟩).getD 0 ∧
-  s₉.evm.hash_collision = false)
-  ∨ s₉.evm.hash_collision = true
+def A_fun_allowance (var : Identifier) (var_owner var_spender : Literal) (s₀ s₉ : State) : Prop := sorry
 
 lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spender} :
   Spec (fun_allowance_concrete_of_code.1 var var_owner var_spender) s₀ s₉ →
   Spec (A_fun_allowance var var_owner var_spender) s₀ s₉ := by
   unfold fun_allowance_concrete_of_code A_fun_allowance
-
-  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
-  apply spec_eq
-  clr_funargs
-  rintro hasFuel ⟨s, mapping, ⟨s', mapping', code⟩⟩
-
-  clr_varstore
-
-  -- what we can get right now from mapping function
-  unfold A_mapping_index_access_mapping_address_mapping_address_uint256_of_address
-         A_mapping_index_access_mapping_address_uint256_of_address at mapping
-  clr_spec at mapping
-  
-  
-
-  obtain ⟨⟨preservesEvm, s_isOk, s_isEVMStatePreserved, ⟨⟨intermediate_keccak, keccak_using_intermediate, hStore⟩,hHashCollision⟩⟩, hHashCollision₁⟩ := mapping -- Adds a goal
-  · -- No hash collision from first keccak
-    
-    obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
-    have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_owner), 1] s.evm.keccak_map = some (s["_2"]!!) := by
-      unfold store State.insert at hStore
-      unfold lookup!
-      aesop
-    rw [ ← Variables.allowances_def
-     , s_eq_ok, get_evm_of_ok, ← s_eq_ok
-     ] at keccak
-
-    -- what we can get right now from mapping' function
-    unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
-    clr_spec at mapping'
-    
-    obtain ⟨⟨preservesEvm', s_isOk', s_isEVMStatePreserved', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
-    · -- No hash collision from second keccak
-      left
-      intro erc20 is_erc20 s₀_isEVMState
-      obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
-      have keccak' : Finmap.lookup [↑↑(Address.ofUInt256 (s["var_spender"]!!)), s["_2"]!!] s'.evm.keccak_map = some (s'["_3"]!!) := by
-        rw [s_eq_ok]
-        rw [s_eq_ok] at hStore'
-        rw [s_eq_ok']
-        rw [s_eq_ok'] at hStore'
-        unfold store at hStore'
-        simp at hStore'
-        unfold State.insert at hStore'
-        simp at hStore'
-        conv_lhs => rw[←s_eq_ok]; rw[←s_eq_ok']
-        rw [hStore']
-        unfold lookup!
-        simp
-        exact keccak_using_intermediate'
-      rw [ s_eq_ok', get_evm_of_ok, ← s_eq_ok'
-        ] at keccak'
-
-      -- simplify contract
-      unfold reviveJump at code
-      simp [s_eq_ok, s_eq_ok'] at code
-      rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
-      clr_varstore
-
-      -- get underlying Preserved from preservesEvm
-      rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
-      have hPreserved := Preserved_of_preservesEvm_of_Ok preservesEvm
-
-      -- get underlying Preserved from preservesEvm'
-      rw [ s_eq_ok, s_eq_ok'] at preservesEvm'
-      have hPreserved' := Preserved_of_preservesEvm_of_Ok preservesEvm'
-
-      -- make use of transitivity of Preserved
-      have hPreserved'' : Clear.Preserved evm evmₛ' := Preserved.trans hPreserved hPreserved'
-      
-      refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
-      rw [← code]
-      -- lookup allowance
-      clr_varstore
-      by_cases mem : ⟨Address.ofUInt256 var_owner, Address.ofUInt256 var_spender⟩ ∈ erc20.allowances
-      · -- there is such ⟨owner, spender⟩ in allowances
-        split_ands <;> [skip; aesop]
-
-        obtain ⟨address, intermediate, has_intermediate, has_address, allowance⟩ := is_erc20.hasAllowance mem
-
-        have intermediate_def : s["_2"]!! = intermediate := by
-          rw [s_eq_ok]
-          rw [← Option.some_inj]
-          trans
-          · have := Eq.symm (s_eq_ok ▸ keccak)
-            exact this
-          · exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved has_intermediate
-              ▸ has_intermediate)
-
-        have address_def : s'["_3"]!! = address := by
-          rw [s_eq_ok']
-          rw [← Option.some_inj]
-          trans
-          · have := Eq.symm (s_eq_ok' ▸ keccak')
-            exact this
-          · rw [intermediate_def]
-            have : s["var_spender"]!! = var_spender := by
-              rw [s_eq_ok]
-              rw [s_eq_ok] at hStore
-              unfold store at hStore
-              unfold State.insert at hStore
-              simp at hStore
-              rw [hStore]
-              unfold lookup!
-              simp
-              rw [Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
-                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
-                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)]
-              simp
-            rw [this]
-            exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address ▸ has_address)
-
-        rw [address_def] at code ⊢
-        rw [ allowance
-          , Option.getD_some
-          , State.get_evm_of_ok
-          , ← sload_eq_of_preserved hPreserved''
-          ]
-      · -- there is *no* such account in allowances
-        -- so sload should return 0
-
-        split_ands <;> [skip; aesop]
-
-        rw [ Finmap.lookup_eq_none.mpr mem
-          , Option.getD_none
-          ]
-
-        -- in order to do that it should be given storage address outside of
-        -- its domain
-        apply sload_of_not_mem_dom
-        have := State.get_evm_of_ok ▸ is_erc20.storageDom
-        rw [ ← storage_eq_of_preserved hPreserved''
-          , this
-          ]
-        clear this
-        simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
-        have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
-          IsERC20_of_ok_of_Preserved hPreserved is_erc20
-        have s_erc20' : IsERC20 erc20 (Ok evmₛ' _) :=
-          IsERC20_of_ok_of_Preserved hPreserved' s_erc20
-
-        split_ands
-        -- address not in balances
-        · intro account account_mem_balances
-          obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
-          rw [ ← keccak'
-            , keccak_map_lookup_eq_of_Preserved_of_lookup
-                hPreserved'' has_address ]
-          by_contra h
-          have : [↑↑account, ERC20Private.balances] ∈ evmₛ'.keccak_map.keys := by
-            rw [Finmap.mem_keys]
-            apply Finmap.lookup_isSome.mp
-            have := get_evm_of_ok ▸ has_address
-            rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address
-              , this ]
-            simp
-          have IsEVMₛ' : evmₛ'.isEVMState := by aesop
-          have keccak_inj := IsEVMₛ'.1 this (Eq.symm h)
-
-          rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
-          unfold Fin.ofNat'' at keccak_inj
-          simp at keccak_inj
-          obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
-
-          have : ERC20Private.balances ≠ s["_2"]!! := by
-            obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.2.1
-            rw [ keccak ] at blocked_range
-            apply not_mem_private_of_some at blocked_range
-            rw [@ne_comm]
-            unfold PrivateAddresses.toFinset at blocked_range
-            rw [Finset.mem_def] at blocked_range
-            simp at blocked_range -- Fails with: set_option maxHeartbeats 200000
-            exact blocked_range.1
-          contradiction
-
-        -- address not in allowances
-        · intro owner spender owner_spender_mem_allowances
-
-          obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
-            is_erc20.hasAllowance owner_spender_mem_allowances
-
-          rw [ ← keccak'
-          , keccak_map_lookup_eq_of_Preserved_of_lookup
-              hPreserved'' owner_lookup ]
-          by_contra h
-          have : [↑↑owner, ERC20Private.allowances] ∈ evmₛ.keccak_map.keys := by
-            rw [Finmap.mem_keys]
-            apply Finmap.lookup_isSome.mp
-            have owner_lookup' := get_evm_of_ok ▸ owner_lookup
-            have spender_lookup' := get_evm_of_ok ▸ spender_lookup
-            rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved owner_lookup
-              , owner_lookup' ]
-            simp
-          have owner_lookup' := get_evm_of_ok ▸ owner_lookup
-          have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' owner_lookup
-          rw [this] at owner_lookup'
-          have hSpender := h owner_lookup'
-
-
-          have spender_lookup' := get_evm_of_ok ▸ spender_lookup
-          have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' spender_lookup'
-          rw [this] at hSpender
-
-          have : [↑↑(Address.ofUInt256 (s["var_spender"]!!)), s["_2"]!!] ∈ evmₛ'.keccak_map.keys := by
-            clear * -keccak_using_intermediate' s_eq_ok'
-            rw [s_eq_ok'] at keccak_using_intermediate'
-            simp at keccak_using_intermediate'
-            exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate'
-          have IsEVMₛ' : evmₛ'.isEVMState := by aesop
-          have keccak_inj := IsEVMₛ'.1 this (Eq.symm hSpender)
-          rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
-          unfold Fin.ofNat'' at keccak_inj
-          simp at keccak_inj
-          rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj <;> [skip; exact Address.val_lt_UInt256_size; exact Address.val_lt_UInt256_size]
-
-          obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
-
-
-          have hOwner : owner = Address.ofUInt256 var_owner := by
-            have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved owner_lookup
-            rw [←keccak_inj₂] at owner_lookup
-            rw [←keccak] at owner_lookup
-            have owner_lookup'' := get_evm_of_ok ▸ owner_lookup
-            rw [this] at owner_lookup''
-
-            have : [↑↑(Address.ofUInt256 var_owner), ERC20Private.allowances] ∈ evmₛ.keccak_map.keys := by
-              clear * -keccak_using_intermediate s_eq_ok
-              rw [s_eq_ok] at keccak_using_intermediate
-              simp at keccak_using_intermediate
-              exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate
-            have IsEVMₛ : evmₛ.isEVMState := by aesop
-            have keccak_inj := IsEVMₛ.1 this (Eq.symm owner_lookup'')
-            rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
-            unfold Fin.ofNat'' at keccak_inj
-            simp at keccak_inj
-            rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj <;> [skip; exact Address.val_lt_UInt256_size; exact Address.val_lt_UInt256_size]
-            symm
-            exact keccak_inj
-
-          have hSpender : spender = Address.ofUInt256 var_spender := by
-            have : s["var_spender"]!! = var_spender := by
-              rw [s_eq_ok]
-              rw [s_eq_ok] at hStore
-              unfold store at hStore
-              unfold State.insert at hStore
-              simp at hStore
-              rw [hStore]
-              unfold lookup!
-              simp
-              rw [Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
-                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
-                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)]
-              simp
-            rw [this] at keccak_inj₁
-            symm
-            exact keccak_inj₁
-            done
-          rw [←hOwner, ←hSpender] at mem
-          contradiction
-
-        -- address not in reserved space
-        · obtain blocked_range := get_evm_of_ok ▸ (s_erc20'.block_acc_range.2.2)
-          have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved' keccak
-          rw [this] at keccak
-          rw [ keccak ] at blocked_range
-
-          have blocked_range' := blocked_range (↑↑(Address.ofUInt256 (s["var_spender"]!!))) (s["_2"]!!) (by rfl)
-          rw [←Finset.mem_map' Function.Embedding.some]
-
-          -- TODO make simpler:
-          have : Function.Embedding.some (s'["_3"]!!) = (some (s'["_3"]!!)) := by
-            simp
-          rw [this]
-          rw [←keccak']
-          
-          unfold not_mem_private at blocked_range'
-          rw [keccak'] at blocked_range'
-          simp at blocked_range'
-          rw [keccak']
-          simp
-          exact blocked_range'
-
-      done
-    · -- Hash collision from second keccak
-      rename_i hHashCollisionTrue
-      right
-      have :   hash_collision (Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm)
-         = evm.hash_collision := by
-        simp
-      rw [this] at hHashCollision₁
-      by_cases s_isOk' : s'.isOk
-      · obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
-        -- simplify contract
-        unfold reviveJump at code
-        simp [s_eq_ok, s_eq_ok'] at code
-        rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
-        clr_varstore
-
-        rw [←code]
-        aesop
-      · rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
-        · unfold reviveJump at code
-          simp at code
-          rw [←code]
-          aesop
-        · unfold reviveJump at code
-          simp at code
-
-          rename_i j
-          unfold evm at hHashCollisionTrue
-          simp at hHashCollisionTrue
-  · -- Hash collision from first keccak
-    rename_i hHashCollisionTrue
-    right
-
-    by_cases s_isOk : s.isOk
-    · unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
-      clr_spec at mapping'
-      
-      obtain ⟨⟨preservesEvm', s_isOk', s_isEVMStatePreserved', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
-
-      have :   hash_collision (Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm)
-          = evm.hash_collision := by
-          simp
-      rw [this] at hHashCollision₁
-      by_cases s_isOk' : s'.isOk
-      · obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
-        -- simplify contract
-        unfold reviveJump at code
-        simp [s_eq_ok'] at code
-        rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
-        clr_varstore
-        
-        · rw [←code]
-          have : Ok evmₛ' varstore⟦var↦sload evmₛ' (s'["_3"]!!)⟧.evm.hash_collision
-                = evmₛ'.hash_collision := by simp
-          rw [this]
-          aesop
-        
-
-      · rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
-        · unfold reviveJump at code
-          simp at code
-          rw [←code]
-          aesop
-          
-        · unfold reviveJump at code
-          simp at code
-          rename_i j
-          rcases j
-      · rename_i hHashCollisionTrue'
-        have : Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm.hash_collision
-              = evm.hash_collision := by simp
-        rw [this] at hHashCollision₁
-        rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
-        · unfold reviveJump at code
-          simp at code
-          rw [←code]
-          aesop
-          
-        · unfold reviveJump at code
-          simp at code
-          unfold evm at hHashCollisionTrue'
-          simp at hHashCollisionTrue'
-    · unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
-      unfold Spec at mapping'
-      rcases s with ⟨evm, varstore⟩ | _ | _ <;> [skip; skip; skip]
-      · aesop
-      · simp at mapping'
-        rcases s' with ⟨evm, varstore⟩ | _ | _ <;> aesop_spec
-      · simp at mapping'
-        rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip;skip;skip]
-        · simp at mapping'
-        · simp at mapping'
-        · unfold evm at hHashCollisionTrue
-          simp at hHashCollisionTrue
+  sorry
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index 54efb58..daddd88 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -1,9 +1,9 @@
 import Clear.ReasoningPrinciple
 
--- import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+
 import Generated.erc20shim.ERC20Shim.fun_balanceOf_gen
 
-import Generated.erc20shim.ERC20Shim.Predicate
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -11,193 +11,13 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop :=
-  (∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
-  let account := Address.ofUInt256 var_account
-  IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
-  s₉[var]!! = (erc20.balances.lookup account).getD 0 ∧
-  s₉.evm.hash_collision = false)
-  ∨ s₉.evm.hash_collision = true
+def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop := sorry
 
 lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   Spec (fun_balanceOf_concrete_of_code.1 var var_account) s₀ s₉ →
   Spec (A_fun_balanceOf var var_account) s₀ s₉ := by
   unfold fun_balanceOf_concrete_of_code A_fun_balanceOf
-
-  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
-  apply spec_eq
-  clr_funargs
-  rintro hasFuel ⟨s, mapping, code⟩
-
-  clr_varstore
-
-  -- what we can get right now from mapping function
-  unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
-  clr_spec at mapping
-
-  
-  obtain ⟨⟨preservesEvm, s_isOk, s_isEVMStatePreserved, ⟨⟨keccak_value, keccak_using_keccak_value, hStore⟩,hHashCollision⟩⟩, hHashCollision₁⟩ := mapping -- Adds a goal
-  · -- No hash collision from keccak
-    left
-    intro erc20 is_erc20 s₀_isEVMState
-
-    obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
-
-    have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_account), 0] s.evm.keccak_map = some (s["_2"]!!) := by
-      unfold store State.insert at hStore
-      unfold lookup!
-      aesop
-
-    rw [ ← Variables.balances_def
-      , s_eq_ok, get_evm_of_ok, ← s_eq_ok
-      ] at keccak
-
-    -- simplify contract
-    unfold reviveJump at code
-    simp [s_eq_ok] at code
-    rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok ] at code
-    clr_varstore
-
-    -- get underlying Preserved from preservesEvm
-    rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
-    have Preserved := Preserved_of_preservesEvm_of_Ok preservesEvm
-
-    refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
-
-    rw [← code]
-    -- lookup balance
-    clr_varstore
-    by_cases mem : Address.ofUInt256 var_account ∈ erc20.balances
-    · -- there is such account in balances
-      split_ands <;> [skip; aesop]
-
-      obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance mem
-
-      have address_def : s["_2"]!! = address := by
-        rw [s_eq_ok]
-        rw [← Option.some_inj]
-        trans
-        · exact Eq.symm (s_eq_ok ▸ keccak)
-        · exact (keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
-            ▸ has_address)
-
-      rw [address_def] at code ⊢
-      rw [ balance
-        , Option.getD_some
-        , State.get_evm_of_ok
-        , ← sload_eq_of_preserved Preserved
-        ]
-
-    · -- there is *no* such account in balances
-      -- so sload should return 0
-    
-      split_ands <;> [skip; aesop]
-
-      rw [ Finmap.lookup_eq_none.mpr mem
-        , Option.getD_none
-        ]
-
-      -- in order to do that it should be given storage address outside of
-      -- it's domain
-      apply sload_of_not_mem_dom
-      have := State.get_evm_of_ok ▸ is_erc20.storageDom
-      rw [ ← storage_eq_of_preserved Preserved
-        , this
-        ]
-      clear this
-      simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
-      have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
-        IsERC20_of_ok_of_Preserved Preserved is_erc20
-
-      split_ands
-      -- address not in balances
-      · intro account account_mem_balances
-        obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
-        rw [ ← keccak
-          , keccak_map_lookup_eq_of_Preserved_of_lookup
-              Preserved has_address ]
-        by_contra h
-        have : [↑↑account, ERC20Private.balances] ∈ evmₛ.keccak_map.keys := by
-          rw [Finmap.mem_keys]
-          apply Finmap.lookup_isSome.mp
-          have := get_evm_of_ok ▸ has_address
-          rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
-            , this ]
-          simp
-        have IsEVMₛ : evmₛ.isEVMState := by aesop
-        have keccak_inj := IsEVMₛ.1 this (Eq.symm h)
-
-        rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
-        unfold Fin.ofNat'' at keccak_inj
-        simp at keccak_inj
-        rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj
-        rw [keccak_inj] at account_mem_balances
-        exact (mem account_mem_balances)
-        · exact Address.ofUInt256_lt_UInt256_size
-        · exact Address.val_lt_UInt256_size
-
-      -- address not in allowances
-      · intro owner spender mem_allowances
-        obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
-          is_erc20.hasAllowance mem_allowances
-        rw [get_evm_of_ok] at owner_lookup spender_lookup
-        have spender_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup Preserved spender_lookup
-        push_neg
-        use erc_intermediate
-        rw [ ← keccak ]
-        by_contra h
-        rw [not_and'] at h
-        apply h at owner_lookup
-        exact owner_lookup
-
-        rw [spender_lookup_s]
-        by_contra h
-        have : [↑↑spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
-          rw [Finmap.mem_keys]
-          apply Finmap.lookup_isSome.mp
-          have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
-          rw [this]
-          simp
-        have IsEVMₛ : evmₛ.isEVMState := by aesop
-        have keccak_inj := IsEVMₛ.1 this h
-        simp at keccak_inj
-        have intermediate_ne_balances : erc_intermediate ≠ ERC20Private.balances := by
-          obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2.1
-          rw [owner_lookup] at blocked_range
-          unfold not_mem_private at blocked_range
-          simp at blocked_range
-          rw [← Finset.forall_mem_not_eq] at blocked_range
-          have bal_mem_private: ERC20Private.balances ∈ ERC20Private.toFinset := by
-            unfold PrivateAddresses.toFinset
-            simp
-          specialize blocked_range ERC20Private.balances
-          exact blocked_range bal_mem_private
-
-        tauto
-
-      -- address not in reserved space
-      · obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.1
-        rw [ keccak ] at blocked_range
-        apply not_mem_private_of_some at blocked_range
-        exact blocked_range
-  · -- Hash collision from keccak
-    rename_i hHashCollisionTrue
-    right
-    have :   Ok evm Inhabited.default⟦"var_account"↦var_account⟧⟦"_1"↦0⟧.evm.hash_collision
-        = evm.hash_collision := by
-      simp
-    rw [this] at hHashCollision₁
-    rcases s with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
-    · unfold reviveJump at code
-      simp at code
-      rw [←code]
-      aesop
-    · unfold reviveJump at code
-      simp at code
-
-      rename_i j
-      unfold evm at hHashCollisionTrue
-      simp at hHashCollisionTrue
+  sorry
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
index d6cdf7c..50a105b 100644
--- a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
@@ -2,8 +2,7 @@ import Clear.ReasoningPrinciple
 
 
 import Generated.erc20shim.ERC20Shim.fun_totalSupply_gen
-import Generated.erc20shim.ERC20Shim.Predicate
-import Generated.erc20shim.ERC20Shim.Variables
+
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -11,34 +10,13 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-def A_fun_totalSupply (var_ : Identifier) (s₀ s₉ : State) : Prop :=
-  ∀ {erc20}, IsERC20 erc20 s₀ →
-  IsERC20 erc20 s₉ ∧ s₉ = s₀⟦var_ ↦ erc20.supply⟧
+def A_fun_totalSupply (var_ : Identifier)  (s₀ s₉ : State) : Prop := sorry
 
 lemma fun_totalSupply_abs_of_concrete {s₀ s₉ : State} {var_ } :
   Spec (fun_totalSupply_concrete_of_code.1 var_ ) s₀ s₉ →
   Spec (A_fun_totalSupply var_ ) s₀ s₉ := by
   unfold fun_totalSupply_concrete_of_code A_fun_totalSupply
-  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
-  apply spec_eq  
-  clr_funargs
-  intro hasFuel code erc20 is_erc20
-
-  unfold reviveJump at code
-  simp at code
-  rw [ ← State.insert_of_ok,  ← State.insert_of_ok ] at code
-  rw [ ← State.insert_of_ok ]
-  clr_varstore
-
-  have := is_erc20.hasSupply
-  simp at this
-  rw [← Variables.totalSupply_def, this] at code
-
-  apply And.intro
-  · rw [← code]
-    exact IsERC20_of_insert is_erc20
-  · symm
-    assumption
+  sorry
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
index dc0b2cb..ff0e10f 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
@@ -2,22 +2,21 @@ import Clear.ReasoningPrinciple
 
 
 import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_user
+
 
 namespace Generated.erc20shim.ERC20Shim
 
 section
 
-open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-def A_mapping_index_access_mapping_address_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
-  A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key s₀ s₉
+def A_mapping_index_access_mapping_address_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop := sorry
 
 lemma mapping_index_access_mapping_address_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
   Spec (mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
   Spec (A_mapping_index_access_mapping_address_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
   unfold mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_mapping_address_uint256_of_address
-  apply mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete
+  sorry
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index 542d840..d5574bc 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -3,8 +3,6 @@ import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_gen
 
-import Generated.erc20shim.ERC20Shim.Predicate
-import Generated.erc20shim.ERC20Shim.Variables
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -12,159 +10,14 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-abbrev AddressMap := Finmap (λ _ : Address ↦ UInt256)
-
-set_option linter.setOption false
-set_option pp.coercions false
-
-def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
-  ((preservesEvm s₀ s₉ ∧ s₉.isOk ∧ (s₀.evm.isEVMState → s₉.evm.isEVMState) ∧ (∃ keccak,
-  s₉.evm.keccak_map.lookup [ ↑(Address.ofUInt256 key), slot ] = some keccak ∧
-  s₉.store = s₀⟦dataSlot ↦ keccak⟧.store) ∧
-  s₉.evm.hash_collision = false)
-  ∨ s₉.evm.hash_collision = true)
-  ∧ (s₀.evm.hash_collision = true → s₉.evm.hash_collision = true)
-
--- Helper reifications
-lemma shift_eq_size : Fin.shiftLeft (n := UInt256.size) 1 160 = Address.size := by
-  constructor
-
-lemma EVMAddrSize' {s : State} : (s, [Fin.shiftLeft 1 160]) = (s, [Address.size.toUInt256]) := by
-  simp
-  exact shift_eq_size
+def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop := sorry
 
 lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
   Spec (mapping_index_access_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
   Spec (A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
   unfold mapping_index_access_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_uint256_of_address
-  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
-  apply spec_eq
-  intro hasFuel
-  clr_funargs
-  
-  rw [ EVMSub', EVMShl', EVMAddrSize' ]; simp
-  rw [ Address.and_size_eq_ofUInt256 ]
-  rw [ multifill_cons, multifill_nil ]
-  simp
-
-  clr_varstore
-
-  generalize acconut_def : Address.ofUInt256 key = account
-  intro code
-  unfold reviveJump at code
-
-  generalize prep_def : (mstore evm 0 ↑↑account).mstore 32 slot = state_prep at code
-  have Preserved_prep : Preserved evm state_prep := by
-    rw [← prep_def];
-    exact Preserved.trans mstore_preserved mstore_preserved
-
-  split at code
-  case h_1 _ res keccak_eq_some_res =>
-    clr_match at code
-    rw [← code]
-
-    have res_collision := hash_collision_of_keccak256_eq_some keccak_eq_some_res
-    have prep_collision : state_prep.hash_collision = evm.hash_collision := by
-      rw [← prep_def]
-      exact Eq.trans hash_collision_of_mstore hash_collision_of_mstore
-      
-    have preserves_collision :
-      evm.hash_collision = true → Ok res.2 varstore⟦dataSlot↦res.1⟧.evm.hash_collision = true := by      
-      rw [State.insert_of_ok, get_evm_of_ok, res_collision, prep_collision]
-      intro h; exact h
-    
-    apply And.intro
-    swap; exact preserves_collision
-    
-    by_cases h : evm.hash_collision
-    right
-    -- hash_collision from the previous state
-    exact preserves_collision h
-    
-    -- no hash collision from the previous state
-    left; split_ands
-    -- preservesEvm
-    rw [preservesEvm_of_insert']
-    apply preservesEvm_of_preserved
-    rw [get_evm_of_ok, get_evm_of_ok]
-    exact Preserved.trans Preserved_prep (Preserved_of_keccek256 keccak_eq_some_res)
-
-    -- state is ok
-    exact State.isOk_Ok
-    -- s₉.evm.isEVMState
-    intro hIsEVMState
-    obtain ⟨res₁,res₂⟩ := res
-    simp
-    
-    have state_prep_isEVMState : isEVMState state_prep := by
-      rw [←prep_def]
-      
-      unfold isEVMState
-      split_ands
-      unfold isKeccakInjective
-      simp
-      intros a b h₁ h₂
-      rw [mstore_preserves_keccak_map, mstore_preserves_keccak_map] at h₂
-      unfold isEVMState at hIsEVMState
-      aesop
-      
-      unfold isKeccakUsedRange
-      simp  
-      rw [mstore_preserves_keccak_map, mstore_preserves_keccak_map,
-          mstore_preserves_used_range, mstore_preserves_used_range]
-      unfold isEVMState at hIsEVMState
-      aesop
-    
-    apply @isEVMState_of_keccak256 ⟨state_prep, state_prep_isEVMState⟩ _ _ _ _ keccak_eq_some_res
-    
-    -- keccak
-    use res.1
-    split_ands
-    -- keccak lookup for last
-    rotate_left
-    -- varstore preservation
-    rw [State.insert_of_ok]
-    simp only [State.store]
-    
-    -- no hash collision
-    rw [State.insert_of_ok, get_evm_of_ok, res_collision, prep_collision]
-    rw [Bool.eq_false_eq_not_eq_true] at h; exact h
-    
-    -- keccak lookup
-    rw [State.insert_of_ok, get_evm_of_ok]
-    unfold keccak256 at keccak_eq_some_res
-    rw [ interval'_eq_interval 2 two_ne_zero (by norm_cast)
-       , ← prep_def
-       , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
-       , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
-       , interval_of_0_eq_nil
-       ] at keccak_eq_some_res
-    unfold_let at keccak_eq_some_res
-
-    split at keccak_eq_some_res
-    case h_1 _ v h_lookup =>
-      rw [Option.some_inj] at keccak_eq_some_res
-      rw [← keccak_eq_some_res]
-      exact h_lookup
-    case h_2 _ h_lookup =>
-      split at keccak_eq_some_res
-      swap; contradiction
-      rw [Option.some_inj] at keccak_eq_some_res
-      rw [← keccak_eq_some_res]
-      simp only [];
-      rw [Finmap.lookup_insert]
-
-  case h_2 res keccak_eq_none =>
-    clr_match at code
-
-    have final_destination : s₉.evm.hash_collision := by
-      rw [← code, State.insert_of_ok, get_evm_of_ok]
-      exact hash_collision_of_addHashCollision state_prep
-
-    apply And.intro
-    right; exact final_destination
-    intro _; exact final_destination
+  sorry
 
-  end
+end
 
 end Generated.erc20shim.ERC20Shim

From d9d3122a7c996616d9ba14b1aaf92b7ed6036872 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Wed, 20 Nov 2024 00:40:25 +0000
Subject: [PATCH 61/89] Revert "[To revert] Regenerate rest of ERC20,
 overwriting existing proofs"

Restore existing proofs overwritten by the generator.
---
 .../ERC20Shim/fun_allowance_user.lean         | 392 +++++++++++++++++-
 .../ERC20Shim/fun_balanceOf_user.lean         | 188 ++++++++-
 .../ERC20Shim/fun_totalSupply_user.lean       |  28 +-
 ...pping_address_uint256_of_address_user.lean |   9 +-
 ...pping_address_uint256_of_address_user.lean | 153 ++++++-
 5 files changed, 751 insertions(+), 19 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index 1a0d8f7..cadcc00 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -1,10 +1,8 @@
 import Clear.ReasoningPrinciple
 
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
-
 import Generated.erc20shim.ERC20Shim.fun_allowance_gen
 
+import Generated.erc20shim.ERC20Shim.Predicate
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -12,13 +10,397 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-def A_fun_allowance (var : Identifier) (var_owner var_spender : Literal) (s₀ s₉ : State) : Prop := sorry
+set_option maxHeartbeats 1000000
+
+def A_fun_allowance (var : Identifier) (var_owner var_spender : Literal) (s₀ s₉ : State) : Prop :=
+  (∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
+  let owner := Address.ofUInt256 var_owner
+  let spender := Address.ofUInt256 var_spender
+  IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
+  s₉[var]!! = (erc20.allowances.lookup ⟨owner, spender⟩).getD 0 ∧
+  s₉.evm.hash_collision = false)
+  ∨ s₉.evm.hash_collision = true
 
 lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spender} :
   Spec (fun_allowance_concrete_of_code.1 var var_owner var_spender) s₀ s₉ →
   Spec (A_fun_allowance var var_owner var_spender) s₀ s₉ := by
   unfold fun_allowance_concrete_of_code A_fun_allowance
-  sorry
+
+  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+  apply spec_eq
+  clr_funargs
+  rintro hasFuel ⟨s, mapping, ⟨s', mapping', code⟩⟩
+
+  clr_varstore
+
+  -- what we can get right now from mapping function
+  unfold A_mapping_index_access_mapping_address_mapping_address_uint256_of_address
+         A_mapping_index_access_mapping_address_uint256_of_address at mapping
+  clr_spec at mapping
+  
+  
+
+  obtain ⟨⟨preservesEvm, s_isOk, s_isEVMStatePreserved, ⟨⟨intermediate_keccak, keccak_using_intermediate, hStore⟩,hHashCollision⟩⟩, hHashCollision₁⟩ := mapping -- Adds a goal
+  · -- No hash collision from first keccak
+    
+    obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
+    have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_owner), 1] s.evm.keccak_map = some (s["_2"]!!) := by
+      unfold store State.insert at hStore
+      unfold lookup!
+      aesop
+    rw [ ← Variables.allowances_def
+     , s_eq_ok, get_evm_of_ok, ← s_eq_ok
+     ] at keccak
+
+    -- what we can get right now from mapping' function
+    unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
+    clr_spec at mapping'
+    
+    obtain ⟨⟨preservesEvm', s_isOk', s_isEVMStatePreserved', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
+    · -- No hash collision from second keccak
+      left
+      intro erc20 is_erc20 s₀_isEVMState
+      obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
+      have keccak' : Finmap.lookup [↑↑(Address.ofUInt256 (s["var_spender"]!!)), s["_2"]!!] s'.evm.keccak_map = some (s'["_3"]!!) := by
+        rw [s_eq_ok]
+        rw [s_eq_ok] at hStore'
+        rw [s_eq_ok']
+        rw [s_eq_ok'] at hStore'
+        unfold store at hStore'
+        simp at hStore'
+        unfold State.insert at hStore'
+        simp at hStore'
+        conv_lhs => rw[←s_eq_ok]; rw[←s_eq_ok']
+        rw [hStore']
+        unfold lookup!
+        simp
+        exact keccak_using_intermediate'
+      rw [ s_eq_ok', get_evm_of_ok, ← s_eq_ok'
+        ] at keccak'
+
+      -- simplify contract
+      unfold reviveJump at code
+      simp [s_eq_ok, s_eq_ok'] at code
+      rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
+      clr_varstore
+
+      -- get underlying Preserved from preservesEvm
+      rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
+      have hPreserved := Preserved_of_preservesEvm_of_Ok preservesEvm
+
+      -- get underlying Preserved from preservesEvm'
+      rw [ s_eq_ok, s_eq_ok'] at preservesEvm'
+      have hPreserved' := Preserved_of_preservesEvm_of_Ok preservesEvm'
+
+      -- make use of transitivity of Preserved
+      have hPreserved'' : Clear.Preserved evm evmₛ' := Preserved.trans hPreserved hPreserved'
+      
+      refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
+      rw [← code]
+      -- lookup allowance
+      clr_varstore
+      by_cases mem : ⟨Address.ofUInt256 var_owner, Address.ofUInt256 var_spender⟩ ∈ erc20.allowances
+      · -- there is such ⟨owner, spender⟩ in allowances
+        split_ands <;> [skip; aesop]
+
+        obtain ⟨address, intermediate, has_intermediate, has_address, allowance⟩ := is_erc20.hasAllowance mem
+
+        have intermediate_def : s["_2"]!! = intermediate := by
+          rw [s_eq_ok]
+          rw [← Option.some_inj]
+          trans
+          · have := Eq.symm (s_eq_ok ▸ keccak)
+            exact this
+          · exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved has_intermediate
+              ▸ has_intermediate)
+
+        have address_def : s'["_3"]!! = address := by
+          rw [s_eq_ok']
+          rw [← Option.some_inj]
+          trans
+          · have := Eq.symm (s_eq_ok' ▸ keccak')
+            exact this
+          · rw [intermediate_def]
+            have : s["var_spender"]!! = var_spender := by
+              rw [s_eq_ok]
+              rw [s_eq_ok] at hStore
+              unfold store at hStore
+              unfold State.insert at hStore
+              simp at hStore
+              rw [hStore]
+              unfold lookup!
+              simp
+              rw [Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)]
+              simp
+            rw [this]
+            exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address ▸ has_address)
+
+        rw [address_def] at code ⊢
+        rw [ allowance
+          , Option.getD_some
+          , State.get_evm_of_ok
+          , ← sload_eq_of_preserved hPreserved''
+          ]
+      · -- there is *no* such account in allowances
+        -- so sload should return 0
+
+        split_ands <;> [skip; aesop]
+
+        rw [ Finmap.lookup_eq_none.mpr mem
+          , Option.getD_none
+          ]
+
+        -- in order to do that it should be given storage address outside of
+        -- its domain
+        apply sload_of_not_mem_dom
+        have := State.get_evm_of_ok ▸ is_erc20.storageDom
+        rw [ ← storage_eq_of_preserved hPreserved''
+          , this
+          ]
+        clear this
+        simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
+        have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
+          IsERC20_of_ok_of_Preserved hPreserved is_erc20
+        have s_erc20' : IsERC20 erc20 (Ok evmₛ' _) :=
+          IsERC20_of_ok_of_Preserved hPreserved' s_erc20
+
+        split_ands
+        -- address not in balances
+        · intro account account_mem_balances
+          obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
+          rw [ ← keccak'
+            , keccak_map_lookup_eq_of_Preserved_of_lookup
+                hPreserved'' has_address ]
+          by_contra h
+          have : [↑↑account, ERC20Private.balances] ∈ evmₛ'.keccak_map.keys := by
+            rw [Finmap.mem_keys]
+            apply Finmap.lookup_isSome.mp
+            have := get_evm_of_ok ▸ has_address
+            rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address
+              , this ]
+            simp
+          have IsEVMₛ' : evmₛ'.isEVMState := by aesop
+          have keccak_inj := IsEVMₛ'.1 this (Eq.symm h)
+
+          rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+          unfold Fin.ofNat'' at keccak_inj
+          simp at keccak_inj
+          obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
+
+          have : ERC20Private.balances ≠ s["_2"]!! := by
+            obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.2.1
+            rw [ keccak ] at blocked_range
+            apply not_mem_private_of_some at blocked_range
+            rw [@ne_comm]
+            unfold PrivateAddresses.toFinset at blocked_range
+            rw [Finset.mem_def] at blocked_range
+            simp at blocked_range -- Fails with: set_option maxHeartbeats 200000
+            exact blocked_range.1
+          contradiction
+
+        -- address not in allowances
+        · intro owner spender owner_spender_mem_allowances
+
+          obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
+            is_erc20.hasAllowance owner_spender_mem_allowances
+
+          rw [ ← keccak'
+          , keccak_map_lookup_eq_of_Preserved_of_lookup
+              hPreserved'' owner_lookup ]
+          by_contra h
+          have : [↑↑owner, ERC20Private.allowances] ∈ evmₛ.keccak_map.keys := by
+            rw [Finmap.mem_keys]
+            apply Finmap.lookup_isSome.mp
+            have owner_lookup' := get_evm_of_ok ▸ owner_lookup
+            have spender_lookup' := get_evm_of_ok ▸ spender_lookup
+            rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved owner_lookup
+              , owner_lookup' ]
+            simp
+          have owner_lookup' := get_evm_of_ok ▸ owner_lookup
+          have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' owner_lookup
+          rw [this] at owner_lookup'
+          have hSpender := h owner_lookup'
+
+
+          have spender_lookup' := get_evm_of_ok ▸ spender_lookup
+          have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' spender_lookup'
+          rw [this] at hSpender
+
+          have : [↑↑(Address.ofUInt256 (s["var_spender"]!!)), s["_2"]!!] ∈ evmₛ'.keccak_map.keys := by
+            clear * -keccak_using_intermediate' s_eq_ok'
+            rw [s_eq_ok'] at keccak_using_intermediate'
+            simp at keccak_using_intermediate'
+            exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate'
+          have IsEVMₛ' : evmₛ'.isEVMState := by aesop
+          have keccak_inj := IsEVMₛ'.1 this (Eq.symm hSpender)
+          rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+          unfold Fin.ofNat'' at keccak_inj
+          simp at keccak_inj
+          rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj <;> [skip; exact Address.val_lt_UInt256_size; exact Address.val_lt_UInt256_size]
+
+          obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
+
+
+          have hOwner : owner = Address.ofUInt256 var_owner := by
+            have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved owner_lookup
+            rw [←keccak_inj₂] at owner_lookup
+            rw [←keccak] at owner_lookup
+            have owner_lookup'' := get_evm_of_ok ▸ owner_lookup
+            rw [this] at owner_lookup''
+
+            have : [↑↑(Address.ofUInt256 var_owner), ERC20Private.allowances] ∈ evmₛ.keccak_map.keys := by
+              clear * -keccak_using_intermediate s_eq_ok
+              rw [s_eq_ok] at keccak_using_intermediate
+              simp at keccak_using_intermediate
+              exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate
+            have IsEVMₛ : evmₛ.isEVMState := by aesop
+            have keccak_inj := IsEVMₛ.1 this (Eq.symm owner_lookup'')
+            rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+            unfold Fin.ofNat'' at keccak_inj
+            simp at keccak_inj
+            rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj <;> [skip; exact Address.val_lt_UInt256_size; exact Address.val_lt_UInt256_size]
+            symm
+            exact keccak_inj
+
+          have hSpender : spender = Address.ofUInt256 var_spender := by
+            have : s["var_spender"]!! = var_spender := by
+              rw [s_eq_ok]
+              rw [s_eq_ok] at hStore
+              unfold store at hStore
+              unfold State.insert at hStore
+              simp at hStore
+              rw [hStore]
+              unfold lookup!
+              simp
+              rw [Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)]
+              simp
+            rw [this] at keccak_inj₁
+            symm
+            exact keccak_inj₁
+            done
+          rw [←hOwner, ←hSpender] at mem
+          contradiction
+
+        -- address not in reserved space
+        · obtain blocked_range := get_evm_of_ok ▸ (s_erc20'.block_acc_range.2.2)
+          have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved' keccak
+          rw [this] at keccak
+          rw [ keccak ] at blocked_range
+
+          have blocked_range' := blocked_range (↑↑(Address.ofUInt256 (s["var_spender"]!!))) (s["_2"]!!) (by rfl)
+          rw [←Finset.mem_map' Function.Embedding.some]
+
+          -- TODO make simpler:
+          have : Function.Embedding.some (s'["_3"]!!) = (some (s'["_3"]!!)) := by
+            simp
+          rw [this]
+          rw [←keccak']
+          
+          unfold not_mem_private at blocked_range'
+          rw [keccak'] at blocked_range'
+          simp at blocked_range'
+          rw [keccak']
+          simp
+          exact blocked_range'
+
+      done
+    · -- Hash collision from second keccak
+      rename_i hHashCollisionTrue
+      right
+      have :   hash_collision (Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm)
+         = evm.hash_collision := by
+        simp
+      rw [this] at hHashCollision₁
+      by_cases s_isOk' : s'.isOk
+      · obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
+        -- simplify contract
+        unfold reviveJump at code
+        simp [s_eq_ok, s_eq_ok'] at code
+        rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
+        clr_varstore
+
+        rw [←code]
+        aesop
+      · rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
+        · unfold reviveJump at code
+          simp at code
+          rw [←code]
+          aesop
+        · unfold reviveJump at code
+          simp at code
+
+          rename_i j
+          unfold evm at hHashCollisionTrue
+          simp at hHashCollisionTrue
+  · -- Hash collision from first keccak
+    rename_i hHashCollisionTrue
+    right
+
+    by_cases s_isOk : s.isOk
+    · unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
+      clr_spec at mapping'
+      
+      obtain ⟨⟨preservesEvm', s_isOk', s_isEVMStatePreserved', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
+
+      have :   hash_collision (Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm)
+          = evm.hash_collision := by
+          simp
+      rw [this] at hHashCollision₁
+      by_cases s_isOk' : s'.isOk
+      · obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
+        -- simplify contract
+        unfold reviveJump at code
+        simp [s_eq_ok'] at code
+        rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
+        clr_varstore
+        
+        · rw [←code]
+          have : Ok evmₛ' varstore⟦var↦sload evmₛ' (s'["_3"]!!)⟧.evm.hash_collision
+                = evmₛ'.hash_collision := by simp
+          rw [this]
+          aesop
+        
+
+      · rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
+        · unfold reviveJump at code
+          simp at code
+          rw [←code]
+          aesop
+          
+        · unfold reviveJump at code
+          simp at code
+          rename_i j
+          rcases j
+      · rename_i hHashCollisionTrue'
+        have : Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm.hash_collision
+              = evm.hash_collision := by simp
+        rw [this] at hHashCollision₁
+        rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
+        · unfold reviveJump at code
+          simp at code
+          rw [←code]
+          aesop
+          
+        · unfold reviveJump at code
+          simp at code
+          unfold evm at hHashCollisionTrue'
+          simp at hHashCollisionTrue'
+    · unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
+      unfold Spec at mapping'
+      rcases s with ⟨evm, varstore⟩ | _ | _ <;> [skip; skip; skip]
+      · aesop
+      · simp at mapping'
+        rcases s' with ⟨evm, varstore⟩ | _ | _ <;> aesop_spec
+      · simp at mapping'
+        rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip;skip;skip]
+        · simp at mapping'
+        · simp at mapping'
+        · unfold evm at hHashCollisionTrue
+          simp at hHashCollisionTrue
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index daddd88..54efb58 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -1,9 +1,9 @@
 import Clear.ReasoningPrinciple
 
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
-
+-- import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
 import Generated.erc20shim.ERC20Shim.fun_balanceOf_gen
 
+import Generated.erc20shim.ERC20Shim.Predicate
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -11,13 +11,193 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop := sorry
+def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop :=
+  (∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
+  let account := Address.ofUInt256 var_account
+  IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
+  s₉[var]!! = (erc20.balances.lookup account).getD 0 ∧
+  s₉.evm.hash_collision = false)
+  ∨ s₉.evm.hash_collision = true
 
 lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   Spec (fun_balanceOf_concrete_of_code.1 var var_account) s₀ s₉ →
   Spec (A_fun_balanceOf var var_account) s₀ s₉ := by
   unfold fun_balanceOf_concrete_of_code A_fun_balanceOf
-  sorry
+
+  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+  apply spec_eq
+  clr_funargs
+  rintro hasFuel ⟨s, mapping, code⟩
+
+  clr_varstore
+
+  -- what we can get right now from mapping function
+  unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
+  clr_spec at mapping
+
+  
+  obtain ⟨⟨preservesEvm, s_isOk, s_isEVMStatePreserved, ⟨⟨keccak_value, keccak_using_keccak_value, hStore⟩,hHashCollision⟩⟩, hHashCollision₁⟩ := mapping -- Adds a goal
+  · -- No hash collision from keccak
+    left
+    intro erc20 is_erc20 s₀_isEVMState
+
+    obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
+
+    have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_account), 0] s.evm.keccak_map = some (s["_2"]!!) := by
+      unfold store State.insert at hStore
+      unfold lookup!
+      aesop
+
+    rw [ ← Variables.balances_def
+      , s_eq_ok, get_evm_of_ok, ← s_eq_ok
+      ] at keccak
+
+    -- simplify contract
+    unfold reviveJump at code
+    simp [s_eq_ok] at code
+    rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok ] at code
+    clr_varstore
+
+    -- get underlying Preserved from preservesEvm
+    rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
+    have Preserved := Preserved_of_preservesEvm_of_Ok preservesEvm
+
+    refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
+
+    rw [← code]
+    -- lookup balance
+    clr_varstore
+    by_cases mem : Address.ofUInt256 var_account ∈ erc20.balances
+    · -- there is such account in balances
+      split_ands <;> [skip; aesop]
+
+      obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance mem
+
+      have address_def : s["_2"]!! = address := by
+        rw [s_eq_ok]
+        rw [← Option.some_inj]
+        trans
+        · exact Eq.symm (s_eq_ok ▸ keccak)
+        · exact (keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
+            ▸ has_address)
+
+      rw [address_def] at code ⊢
+      rw [ balance
+        , Option.getD_some
+        , State.get_evm_of_ok
+        , ← sload_eq_of_preserved Preserved
+        ]
+
+    · -- there is *no* such account in balances
+      -- so sload should return 0
+    
+      split_ands <;> [skip; aesop]
+
+      rw [ Finmap.lookup_eq_none.mpr mem
+        , Option.getD_none
+        ]
+
+      -- in order to do that it should be given storage address outside of
+      -- it's domain
+      apply sload_of_not_mem_dom
+      have := State.get_evm_of_ok ▸ is_erc20.storageDom
+      rw [ ← storage_eq_of_preserved Preserved
+        , this
+        ]
+      clear this
+      simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
+      have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
+        IsERC20_of_ok_of_Preserved Preserved is_erc20
+
+      split_ands
+      -- address not in balances
+      · intro account account_mem_balances
+        obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
+        rw [ ← keccak
+          , keccak_map_lookup_eq_of_Preserved_of_lookup
+              Preserved has_address ]
+        by_contra h
+        have : [↑↑account, ERC20Private.balances] ∈ evmₛ.keccak_map.keys := by
+          rw [Finmap.mem_keys]
+          apply Finmap.lookup_isSome.mp
+          have := get_evm_of_ok ▸ has_address
+          rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
+            , this ]
+          simp
+        have IsEVMₛ : evmₛ.isEVMState := by aesop
+        have keccak_inj := IsEVMₛ.1 this (Eq.symm h)
+
+        rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+        unfold Fin.ofNat'' at keccak_inj
+        simp at keccak_inj
+        rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj
+        rw [keccak_inj] at account_mem_balances
+        exact (mem account_mem_balances)
+        · exact Address.ofUInt256_lt_UInt256_size
+        · exact Address.val_lt_UInt256_size
+
+      -- address not in allowances
+      · intro owner spender mem_allowances
+        obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
+          is_erc20.hasAllowance mem_allowances
+        rw [get_evm_of_ok] at owner_lookup spender_lookup
+        have spender_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup Preserved spender_lookup
+        push_neg
+        use erc_intermediate
+        rw [ ← keccak ]
+        by_contra h
+        rw [not_and'] at h
+        apply h at owner_lookup
+        exact owner_lookup
+
+        rw [spender_lookup_s]
+        by_contra h
+        have : [↑↑spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
+          rw [Finmap.mem_keys]
+          apply Finmap.lookup_isSome.mp
+          have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
+          rw [this]
+          simp
+        have IsEVMₛ : evmₛ.isEVMState := by aesop
+        have keccak_inj := IsEVMₛ.1 this h
+        simp at keccak_inj
+        have intermediate_ne_balances : erc_intermediate ≠ ERC20Private.balances := by
+          obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2.1
+          rw [owner_lookup] at blocked_range
+          unfold not_mem_private at blocked_range
+          simp at blocked_range
+          rw [← Finset.forall_mem_not_eq] at blocked_range
+          have bal_mem_private: ERC20Private.balances ∈ ERC20Private.toFinset := by
+            unfold PrivateAddresses.toFinset
+            simp
+          specialize blocked_range ERC20Private.balances
+          exact blocked_range bal_mem_private
+
+        tauto
+
+      -- address not in reserved space
+      · obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.1
+        rw [ keccak ] at blocked_range
+        apply not_mem_private_of_some at blocked_range
+        exact blocked_range
+  · -- Hash collision from keccak
+    rename_i hHashCollisionTrue
+    right
+    have :   Ok evm Inhabited.default⟦"var_account"↦var_account⟧⟦"_1"↦0⟧.evm.hash_collision
+        = evm.hash_collision := by
+      simp
+    rw [this] at hHashCollision₁
+    rcases s with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
+    · unfold reviveJump at code
+      simp at code
+      rw [←code]
+      aesop
+    · unfold reviveJump at code
+      simp at code
+
+      rename_i j
+      unfold evm at hHashCollisionTrue
+      simp at hHashCollisionTrue
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
index 50a105b..d6cdf7c 100644
--- a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
@@ -2,7 +2,8 @@ import Clear.ReasoningPrinciple
 
 
 import Generated.erc20shim.ERC20Shim.fun_totalSupply_gen
-
+import Generated.erc20shim.ERC20Shim.Predicate
+import Generated.erc20shim.ERC20Shim.Variables
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -10,13 +11,34 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-def A_fun_totalSupply (var_ : Identifier)  (s₀ s₉ : State) : Prop := sorry
+def A_fun_totalSupply (var_ : Identifier) (s₀ s₉ : State) : Prop :=
+  ∀ {erc20}, IsERC20 erc20 s₀ →
+  IsERC20 erc20 s₉ ∧ s₉ = s₀⟦var_ ↦ erc20.supply⟧
 
 lemma fun_totalSupply_abs_of_concrete {s₀ s₉ : State} {var_ } :
   Spec (fun_totalSupply_concrete_of_code.1 var_ ) s₀ s₉ →
   Spec (A_fun_totalSupply var_ ) s₀ s₉ := by
   unfold fun_totalSupply_concrete_of_code A_fun_totalSupply
-  sorry
+  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+  apply spec_eq  
+  clr_funargs
+  intro hasFuel code erc20 is_erc20
+
+  unfold reviveJump at code
+  simp at code
+  rw [ ← State.insert_of_ok,  ← State.insert_of_ok ] at code
+  rw [ ← State.insert_of_ok ]
+  clr_varstore
+
+  have := is_erc20.hasSupply
+  simp at this
+  rw [← Variables.totalSupply_def, this] at code
+
+  apply And.intro
+  · rw [← code]
+    exact IsERC20_of_insert is_erc20
+  · symm
+    assumption
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
index ff0e10f..dc0b2cb 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
@@ -2,21 +2,22 @@ import Clear.ReasoningPrinciple
 
 
 import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen
-
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_user
 
 namespace Generated.erc20shim.ERC20Shim
 
 section
 
-open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities
 
-def A_mapping_index_access_mapping_address_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop := sorry
+def A_mapping_index_access_mapping_address_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
+  A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key s₀ s₉
 
 lemma mapping_index_access_mapping_address_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
   Spec (mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
   Spec (A_mapping_index_access_mapping_address_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
   unfold mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_mapping_address_uint256_of_address
-  sorry
+  apply mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index d5574bc..542d840 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -3,6 +3,8 @@ import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_gen
 
+import Generated.erc20shim.ERC20Shim.Predicate
+import Generated.erc20shim.ERC20Shim.Variables
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -10,14 +12,159 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop := sorry
+abbrev AddressMap := Finmap (λ _ : Address ↦ UInt256)
+
+set_option linter.setOption false
+set_option pp.coercions false
+
+def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
+  ((preservesEvm s₀ s₉ ∧ s₉.isOk ∧ (s₀.evm.isEVMState → s₉.evm.isEVMState) ∧ (∃ keccak,
+  s₉.evm.keccak_map.lookup [ ↑(Address.ofUInt256 key), slot ] = some keccak ∧
+  s₉.store = s₀⟦dataSlot ↦ keccak⟧.store) ∧
+  s₉.evm.hash_collision = false)
+  ∨ s₉.evm.hash_collision = true)
+  ∧ (s₀.evm.hash_collision = true → s₉.evm.hash_collision = true)
+
+-- Helper reifications
+lemma shift_eq_size : Fin.shiftLeft (n := UInt256.size) 1 160 = Address.size := by
+  constructor
+
+lemma EVMAddrSize' {s : State} : (s, [Fin.shiftLeft 1 160]) = (s, [Address.size.toUInt256]) := by
+  simp
+  exact shift_eq_size
 
 lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
   Spec (mapping_index_access_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
   Spec (A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
   unfold mapping_index_access_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_uint256_of_address
-  sorry
+  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+  apply spec_eq
+  intro hasFuel
+  clr_funargs
+  
+  rw [ EVMSub', EVMShl', EVMAddrSize' ]; simp
+  rw [ Address.and_size_eq_ofUInt256 ]
+  rw [ multifill_cons, multifill_nil ]
+  simp
+
+  clr_varstore
+
+  generalize acconut_def : Address.ofUInt256 key = account
+  intro code
+  unfold reviveJump at code
+
+  generalize prep_def : (mstore evm 0 ↑↑account).mstore 32 slot = state_prep at code
+  have Preserved_prep : Preserved evm state_prep := by
+    rw [← prep_def];
+    exact Preserved.trans mstore_preserved mstore_preserved
+
+  split at code
+  case h_1 _ res keccak_eq_some_res =>
+    clr_match at code
+    rw [← code]
+
+    have res_collision := hash_collision_of_keccak256_eq_some keccak_eq_some_res
+    have prep_collision : state_prep.hash_collision = evm.hash_collision := by
+      rw [← prep_def]
+      exact Eq.trans hash_collision_of_mstore hash_collision_of_mstore
+      
+    have preserves_collision :
+      evm.hash_collision = true → Ok res.2 varstore⟦dataSlot↦res.1⟧.evm.hash_collision = true := by      
+      rw [State.insert_of_ok, get_evm_of_ok, res_collision, prep_collision]
+      intro h; exact h
+    
+    apply And.intro
+    swap; exact preserves_collision
+    
+    by_cases h : evm.hash_collision
+    right
+    -- hash_collision from the previous state
+    exact preserves_collision h
+    
+    -- no hash collision from the previous state
+    left; split_ands
+    -- preservesEvm
+    rw [preservesEvm_of_insert']
+    apply preservesEvm_of_preserved
+    rw [get_evm_of_ok, get_evm_of_ok]
+    exact Preserved.trans Preserved_prep (Preserved_of_keccek256 keccak_eq_some_res)
+
+    -- state is ok
+    exact State.isOk_Ok
+    -- s₉.evm.isEVMState
+    intro hIsEVMState
+    obtain ⟨res₁,res₂⟩ := res
+    simp
+    
+    have state_prep_isEVMState : isEVMState state_prep := by
+      rw [←prep_def]
+      
+      unfold isEVMState
+      split_ands
+      unfold isKeccakInjective
+      simp
+      intros a b h₁ h₂
+      rw [mstore_preserves_keccak_map, mstore_preserves_keccak_map] at h₂
+      unfold isEVMState at hIsEVMState
+      aesop
+      
+      unfold isKeccakUsedRange
+      simp  
+      rw [mstore_preserves_keccak_map, mstore_preserves_keccak_map,
+          mstore_preserves_used_range, mstore_preserves_used_range]
+      unfold isEVMState at hIsEVMState
+      aesop
+    
+    apply @isEVMState_of_keccak256 ⟨state_prep, state_prep_isEVMState⟩ _ _ _ _ keccak_eq_some_res
+    
+    -- keccak
+    use res.1
+    split_ands
+    -- keccak lookup for last
+    rotate_left
+    -- varstore preservation
+    rw [State.insert_of_ok]
+    simp only [State.store]
+    
+    -- no hash collision
+    rw [State.insert_of_ok, get_evm_of_ok, res_collision, prep_collision]
+    rw [Bool.eq_false_eq_not_eq_true] at h; exact h
+    
+    -- keccak lookup
+    rw [State.insert_of_ok, get_evm_of_ok]
+    unfold keccak256 at keccak_eq_some_res
+    rw [ interval'_eq_interval 2 two_ne_zero (by norm_cast)
+       , ← prep_def
+       , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
+       , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
+       , interval_of_0_eq_nil
+       ] at keccak_eq_some_res
+    unfold_let at keccak_eq_some_res
+
+    split at keccak_eq_some_res
+    case h_1 _ v h_lookup =>
+      rw [Option.some_inj] at keccak_eq_some_res
+      rw [← keccak_eq_some_res]
+      exact h_lookup
+    case h_2 _ h_lookup =>
+      split at keccak_eq_some_res
+      swap; contradiction
+      rw [Option.some_inj] at keccak_eq_some_res
+      rw [← keccak_eq_some_res]
+      simp only [];
+      rw [Finmap.lookup_insert]
+
+  case h_2 res keccak_eq_none =>
+    clr_match at code
+
+    have final_destination : s₉.evm.hash_collision := by
+      rw [← code, State.insert_of_ok, get_evm_of_ok]
+      exact hash_collision_of_addHashCollision state_prep
+
+    apply And.intro
+    right; exact final_destination
+    intro _; exact final_destination
 
-end
+  end
 
 end Generated.erc20shim.ERC20Shim

From 892c143b1519116d50d24f01bb793d12d19d47ee Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Wed, 20 Nov 2024 01:15:25 +0000
Subject: [PATCH 62/89] =?UTF-8?q?Improve=20`balanceOf`=20proof.=20By=20Fra?=
 =?UTF-8?q?nti=C5=A1ek.=20Copied=20in=20from=20`Ferinko/balanceOf`=20branc?=
 =?UTF-8?q?h,=20currently=20673b85.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Frantisek Silvasi <silvasi.frantisek@gmail.com>
---
 .../ERC20Shim/fun_balanceOf_user.lean         | 316 +++++++++---------
 1 file changed, 153 insertions(+), 163 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index 54efb58..5c31c67 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -11,6 +11,15 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
+section PleaseMoveTheseWhereAppropriatte
+
+variable {jmp : Jump}
+
+@[simp]
+lemma hash_collision_evm_Checkpoint_eq_false : (Checkpoint jmp).evm.hash_collision = false := rfl
+
+end PleaseMoveTheseWhereAppropriatte
+
 def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop :=
   (∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
   let account := Address.ofUInt256 var_account
@@ -23,181 +32,162 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   Spec (fun_balanceOf_concrete_of_code.1 var var_account) s₀ s₉ →
   Spec (A_fun_balanceOf var var_account) s₀ s₉ := by
   unfold fun_balanceOf_concrete_of_code A_fun_balanceOf
-
   rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
   apply spec_eq
   clr_funargs
   rintro hasFuel ⟨s, mapping, code⟩
-
   clr_varstore
 
   -- what we can get right now from mapping function
   unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
   clr_spec at mapping
 
+  -- Discharge the hash-colliding case immediately using `aesop_spec`.
+  rcases mapping with ⟨
+    ⟨preservesEvm, s_isOk, s_isEVMStatePreserved,
+    ⟨⟨keccak_value, keccak_using_keccak_value, hStore⟩,hHashCollision⟩⟩ | _, hHashCollision₁
+  ⟩ <;> [left; rcases s <;> aesop_spec]
+
+  intro erc20 is_erc20 s₀_isEVMState
+
+  obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
+
+  have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_account), 0] s.evm.keccak_map = some (s["_2"]!!) := by
+    unfold store State.insert at hStore
+    unfold lookup!
+    aesop
+
+  rw [ ← Variables.balances_def
+    , s_eq_ok, get_evm_of_ok, ← s_eq_ok
+    ] at keccak
+
+  -- simplify contract
+  unfold reviveJump at code
+  simp [s_eq_ok] at code
+  rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok ] at code
+  clr_varstore
+
+  -- get underlying Preserved from preservesEvm
+  rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
+  have Preserved := Preserved_of_preservesEvm_of_Ok preservesEvm
+
+  refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
+
+  rw [← code]
+  -- lookup balance
+  clr_varstore
+  by_cases mem : Address.ofUInt256 var_account ∈ erc20.balances
+  · -- there is such account in balances
+    split_ands <;> [skip; aesop]
+
+    obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance mem
+
+    have address_def : s["_2"]!! = address := by
+      rw [s_eq_ok]
+      rw [← Option.some_inj]
+      trans
+      · exact Eq.symm (s_eq_ok ▸ keccak)
+      · exact (keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
+          ▸ has_address)
+
+    rw [address_def] at code ⊢
+    rw [ balance
+      , Option.getD_some
+      , State.get_evm_of_ok
+      , ← sload_eq_of_preserved Preserved
+      ]
+
+  · -- there is *no* such account in balances
+    -- so sload should return 0
   
-  obtain ⟨⟨preservesEvm, s_isOk, s_isEVMStatePreserved, ⟨⟨keccak_value, keccak_using_keccak_value, hStore⟩,hHashCollision⟩⟩, hHashCollision₁⟩ := mapping -- Adds a goal
-  · -- No hash collision from keccak
-    left
-    intro erc20 is_erc20 s₀_isEVMState
-
-    obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
-
-    have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_account), 0] s.evm.keccak_map = some (s["_2"]!!) := by
-      unfold store State.insert at hStore
-      unfold lookup!
-      aesop
-
-    rw [ ← Variables.balances_def
-      , s_eq_ok, get_evm_of_ok, ← s_eq_ok
-      ] at keccak
-
-    -- simplify contract
-    unfold reviveJump at code
-    simp [s_eq_ok] at code
-    rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok ] at code
-    clr_varstore
-
-    -- get underlying Preserved from preservesEvm
-    rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
-    have Preserved := Preserved_of_preservesEvm_of_Ok preservesEvm
-
-    refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
-
-    rw [← code]
-    -- lookup balance
-    clr_varstore
-    by_cases mem : Address.ofUInt256 var_account ∈ erc20.balances
-    · -- there is such account in balances
-      split_ands <;> [skip; aesop]
-
-      obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance mem
-
-      have address_def : s["_2"]!! = address := by
-        rw [s_eq_ok]
-        rw [← Option.some_inj]
-        trans
-        · exact Eq.symm (s_eq_ok ▸ keccak)
-        · exact (keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
-            ▸ has_address)
-
-      rw [address_def] at code ⊢
-      rw [ balance
-        , Option.getD_some
-        , State.get_evm_of_ok
-        , ← sload_eq_of_preserved Preserved
-        ]
-
-    · -- there is *no* such account in balances
-      -- so sload should return 0
-    
-      split_ands <;> [skip; aesop]
-
-      rw [ Finmap.lookup_eq_none.mpr mem
-        , Option.getD_none
-        ]
-
-      -- in order to do that it should be given storage address outside of
-      -- it's domain
-      apply sload_of_not_mem_dom
-      have := State.get_evm_of_ok ▸ is_erc20.storageDom
-      rw [ ← storage_eq_of_preserved Preserved
-        , this
-        ]
-      clear this
-      simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
-      have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
-        IsERC20_of_ok_of_Preserved Preserved is_erc20
-
-      split_ands
-      -- address not in balances
-      · intro account account_mem_balances
-        obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
-        rw [ ← keccak
-          , keccak_map_lookup_eq_of_Preserved_of_lookup
-              Preserved has_address ]
-        by_contra h
-        have : [↑↑account, ERC20Private.balances] ∈ evmₛ.keccak_map.keys := by
-          rw [Finmap.mem_keys]
-          apply Finmap.lookup_isSome.mp
-          have := get_evm_of_ok ▸ has_address
-          rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
-            , this ]
-          simp
-        have IsEVMₛ : evmₛ.isEVMState := by aesop
-        have keccak_inj := IsEVMₛ.1 this (Eq.symm h)
-
-        rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
-        unfold Fin.ofNat'' at keccak_inj
-        simp at keccak_inj
-        rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj
-        rw [keccak_inj] at account_mem_balances
-        exact (mem account_mem_balances)
-        · exact Address.ofUInt256_lt_UInt256_size
-        · exact Address.val_lt_UInt256_size
-
-      -- address not in allowances
-      · intro owner spender mem_allowances
-        obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
-          is_erc20.hasAllowance mem_allowances
-        rw [get_evm_of_ok] at owner_lookup spender_lookup
-        have spender_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup Preserved spender_lookup
-        push_neg
-        use erc_intermediate
-        rw [ ← keccak ]
-        by_contra h
-        rw [not_and'] at h
-        apply h at owner_lookup
-        exact owner_lookup
-
-        rw [spender_lookup_s]
-        by_contra h
-        have : [↑↑spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
-          rw [Finmap.mem_keys]
-          apply Finmap.lookup_isSome.mp
-          have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
-          rw [this]
+    split_ands <;> [skip; aesop]
+
+    rw [ Finmap.lookup_eq_none.mpr mem
+      , Option.getD_none
+      ]
+
+    -- in order to do that it should be given storage address outside of
+    -- it's domain
+    apply sload_of_not_mem_dom
+    have := State.get_evm_of_ok ▸ is_erc20.storageDom
+    rw [ ← storage_eq_of_preserved Preserved
+      , this
+      ]
+    clear this
+    simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
+    have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
+      IsERC20_of_ok_of_Preserved Preserved is_erc20
+
+    split_ands
+    -- address not in balances
+    · intro account account_mem_balances
+      obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
+      rw [ ← keccak
+        , keccak_map_lookup_eq_of_Preserved_of_lookup
+            Preserved has_address ]
+      by_contra h
+      have : [↑↑account, ERC20Private.balances] ∈ evmₛ.keccak_map.keys := by
+        rw [Finmap.mem_keys]
+        apply Finmap.lookup_isSome.mp
+        have := get_evm_of_ok ▸ has_address
+        rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
+          , this ]
+        simp
+      have IsEVMₛ : evmₛ.isEVMState := by aesop
+      have keccak_inj := IsEVMₛ.1 this (Eq.symm h)
+
+      rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+      unfold Fin.ofNat'' at keccak_inj
+      simp at keccak_inj
+      rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj
+      rw [keccak_inj] at account_mem_balances
+      exact (mem account_mem_balances)
+      · exact Address.ofUInt256_lt_UInt256_size
+      · exact Address.val_lt_UInt256_size
+
+    -- address not in allowances
+    · intro owner spender mem_allowances
+      obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
+        is_erc20.hasAllowance mem_allowances
+      rw [get_evm_of_ok] at owner_lookup spender_lookup
+      have spender_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup Preserved spender_lookup
+      push_neg
+      use erc_intermediate
+      rw [ ← keccak ]
+      by_contra h
+      rw [not_and'] at h
+      apply h at owner_lookup
+      exact owner_lookup
+
+      rw [spender_lookup_s]
+      by_contra h
+      have : [↑↑spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
+        rw [Finmap.mem_keys]
+        apply Finmap.lookup_isSome.mp
+        have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
+        rw [this]
+        simp
+      have IsEVMₛ : evmₛ.isEVMState := by aesop
+      have keccak_inj := IsEVMₛ.1 this h
+      simp at keccak_inj
+      have intermediate_ne_balances : erc_intermediate ≠ ERC20Private.balances := by
+        obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2.1
+        rw [owner_lookup] at blocked_range
+        unfold not_mem_private at blocked_range
+        simp at blocked_range
+        rw [← Finset.forall_mem_not_eq] at blocked_range
+        have bal_mem_private: ERC20Private.balances ∈ ERC20Private.toFinset := by
+          unfold PrivateAddresses.toFinset
           simp
-        have IsEVMₛ : evmₛ.isEVMState := by aesop
-        have keccak_inj := IsEVMₛ.1 this h
-        simp at keccak_inj
-        have intermediate_ne_balances : erc_intermediate ≠ ERC20Private.balances := by
-          obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2.1
-          rw [owner_lookup] at blocked_range
-          unfold not_mem_private at blocked_range
-          simp at blocked_range
-          rw [← Finset.forall_mem_not_eq] at blocked_range
-          have bal_mem_private: ERC20Private.balances ∈ ERC20Private.toFinset := by
-            unfold PrivateAddresses.toFinset
-            simp
-          specialize blocked_range ERC20Private.balances
-          exact blocked_range bal_mem_private
-
-        tauto
-
-      -- address not in reserved space
-      · obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.1
-        rw [ keccak ] at blocked_range
-        apply not_mem_private_of_some at blocked_range
-        exact blocked_range
-  · -- Hash collision from keccak
-    rename_i hHashCollisionTrue
-    right
-    have :   Ok evm Inhabited.default⟦"var_account"↦var_account⟧⟦"_1"↦0⟧.evm.hash_collision
-        = evm.hash_collision := by
-      simp
-    rw [this] at hHashCollision₁
-    rcases s with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
-    · unfold reviveJump at code
-      simp at code
-      rw [←code]
-      aesop
-    · unfold reviveJump at code
-      simp at code
-
-      rename_i j
-      unfold evm at hHashCollisionTrue
-      simp at hHashCollisionTrue
+        specialize blocked_range ERC20Private.balances
+        exact blocked_range bal_mem_private
+
+      tauto
+    -- address not in reserved space
+    · -- NOTE: Technically can be a one liner with a bit more infrastructure for keccak.
+      -- QUESTION: I don't think it's worth revisiting post-haste; or is it?
+      have blocked_range := keccak ▸ get_evm_of_ok ▸ s_erc20.block_acc_range.1
+      exact not_mem_private_of_some blocked_range
 
 end
 

From c1b6bdcc894e8c1fb6b5c64ddb68f5cb5881a969 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Wed, 20 Nov 2024 01:22:40 +0000
Subject: [PATCH 63/89] =?UTF-8?q?Change=20`clr=5Fvarstore`=20tactic=20and?=
 =?UTF-8?q?=20include=20it=20in=20generator.=20By=20Franti=C5=A1ek.=20Copi?=
 =?UTF-8?q?ed=20across=20`Wheels.lean`=20and=20`ProofGenerator.hs`=20from?=
 =?UTF-8?q?=20`Ferinko/Workshop`=20branch,=20currently=207631d8.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Frantisek Silvasi <silvasi.frantisek@gmail.com>
---
 Clear/Wheels.lean        | 35 ++++++++++++++++++++++++++---------
 vc/src/ProofGenerator.hs |  1 +
 2 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/Clear/Wheels.lean b/Clear/Wheels.lean
index c07c533..5d30bff 100644
--- a/Clear/Wheels.lean
+++ b/Clear/Wheels.lean
@@ -50,12 +50,29 @@ elab "aesop_varstore" : tactic => do
 
 set_option hygiene false in
 open Lean Elab Tactic in
-elab "clr_varstore" : tactic => do
-  evalTactic <| ← `(tactic| (
-    repeat (
-      first | rw [State.lookup_insert (by assumption)] at * |
-              rw [State.lookup_insert' (by aesop_spec)] at * |
-              rw [State.lookup_insert_of_ne (by decide)] at *
-    )
-  )
-  )
+elab "clr_varstore" id:(ident)? "," : tactic =>
+  match id with
+  | .none => do evalTactic <| ← `(tactic| (
+                repeat (
+                  first | rw [State.lookup_insert (by assumption)] at * |
+                          rw [State.lookup_insert' (by aesop_spec)] at * |
+                          rw [State.lookup_insert_of_ne (by decide)] at *
+                )))
+  | .some id => do
+                evalTactic <| ← `(tactic| (
+                  repeat (
+                    first | rw [State.lookup_insert (by assumption)] at $id:ident |
+                            rw [State.lookup_insert' (by aesop_spec)] at $id:ident |
+                            rw [State.lookup_insert_of_ne (by decide)] at $id:ident
+                  )
+                )
+                )
+
+set_option hygiene false in
+open Lean Elab Tactic in
+elab "clr_varstore_target" : tactic =>
+  do evalTactic <| ← `(tactic| (
+      repeat (
+    first | (rw [State.lookup_insert' ?XX]; case XX => ((try simp [primCall]); aesop_spec)) |
+            rw [State.lookup_insert_of_ne (by decide)]
+  )))
diff --git a/vc/src/ProofGenerator.hs b/vc/src/ProofGenerator.hs
index ebc9829..412feb3 100644
--- a/vc/src/ProofGenerator.hs
+++ b/vc/src/ProofGenerator.hs
@@ -54,6 +54,7 @@ rwPrimop primop = if primop == "delegatecall" then "-- delegate call" else "rw [
 
 finish :: String
 finish = unlines [
+    "try clr_varstore_target",
     "-- finish offsetting",
     "subst hs₉",
     "intros hbody",

From ca1f0a0b762ab7a8d4a4470f80e9273bd6c543c2 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Wed, 20 Nov 2024 01:23:41 +0000
Subject: [PATCH 64/89] Update `stack.yaml.lock` (automatic change from `stack
 build`)

---
 vc/stack.yaml.lock | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/vc/stack.yaml.lock b/vc/stack.yaml.lock
index 315a114..90e049c 100644
--- a/vc/stack.yaml.lock
+++ b/vc/stack.yaml.lock
@@ -9,5 +9,4 @@ snapshots:
     sha256: adbc602422dde10cc330175da7de8609e70afc41449a7e2d6e8b1827aa0e5008
     size: 649342
     url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/20/11.yaml
-  original:
-    url: https://raw.githubusercontent.com/commercialhaskell/stackage-snapshots/master/lts/20/11.yaml
+  original: lts-20.11

From 0c9754a5e80230328aef93abac608fdc56195857 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Wed, 20 Nov 2024 02:05:46 +0000
Subject: [PATCH 65/89] Regenerate ERC20, excluding files with existing proofs

---
 All.lean                                      | 21 -------------------
 .../ERC20Shim/abi_decode_address_gen.lean     |  1 +
 .../abi_decode_addresst_address_gen.lean      |  1 +
 ..._decode_addresst_addresst_uint256_gen.lean |  1 +
 .../abi_decode_addresst_uint256_gen.lean      |  1 +
 .../erc20shim/ERC20Shim/abi_decode_gen.lean   |  1 +
 .../abi_decode_tuple_address_gen.lean         |  1 +
 .../ERC20Shim/abi_decode_uint256_gen.lean     |  1 +
 .../ERC20Shim/abi_encode_address_gen.lean     |  1 +
 ...bi_encode_address_uint256_uint256_gen.lean |  1 +
 .../ERC20Shim/abi_encode_bool_gen.lean        |  1 +
 .../abi_encode_bool_to_bool_gen.lean          |  1 +
 .../ERC20Shim/abi_encode_string_gen.lean      |  1 +
 .../abi_encode_string_memory_ptr_gen.lean     |  1 +
 .../abi_encode_string_storage_gen.lean        |  1 +
 .../abi_encode_tuple_address_gen.lean         |  1 +
 .../ERC20Shim/abi_encode_uint256_gen.lean     |  1 +
 .../abi_encode_uint256_to_uint256_gen.lean    |  1 +
 .../ERC20Shim/abi_encode_uint8_gen.lean       |  1 +
 .../abi_encode_uint8_to_uint8_gen.lean        |  1 +
 .../array_dataslot_string_storage_gen.lean    |  1 +
 ...engthForEncoding_string_fromStack_gen.lean |  1 +
 ...ray_storeLengthForEncoding_string_gen.lean |  1 +
 .../ERC20Shim/checked_add_uint256_gen.lean    |  1 +
 ...ray_from_storage_to_memory_string_gen.lean |  1 +
 ...opy_memory_to_memory_with_cleanup_gen.lean |  1 +
 .../extract_byte_array_length_gen.lean        |  1 +
 .../ERC20Shim/finalize_allocation_gen.lean    |  1 +
 .../erc20shim/ERC20Shim/fun__approve_gen.lean |  1 +
 .../ERC20Shim/fun__transfer_gen.lean          |  1 +
 .../ERC20Shim/fun_allowance_gen.lean          |  1 +
 .../ERC20Shim/fun_approve_420_gen.lean        |  1 +
 .../erc20shim/ERC20Shim/fun_approve_gen.lean  |  1 +
 .../ERC20Shim/fun_balanceOf_gen.lean          |  1 +
 .../erc20shim/ERC20Shim/fun_decimals_gen.lean |  1 +
 .../ERC20Shim/fun_msgSender_gen.lean          |  1 +
 .../erc20shim/ERC20Shim/fun_name_gen.lean     |  1 +
 .../ERC20Shim/fun_spendAllowance_gen.lean     |  1 +
 .../erc20shim/ERC20Shim/fun_symbol_gen.lean   |  1 +
 .../ERC20Shim/fun_totalSupply_gen.lean        |  1 +
 .../ERC20Shim/fun_transferFrom_gen.lean       |  1 +
 .../erc20shim/ERC20Shim/fun_transfer_gen.lean |  1 +
 .../erc20shim/ERC20Shim/fun_update_gen.lean   |  1 +
 ...apping_address_uint256_of_address_gen.lean |  1 +
 ...apping_address_uint256_of_address_gen.lean |  1 +
 .../ERC20Shim/panic_error_0x11_gen.lean       |  1 +
 .../ERC20Shim/panic_error_0x22_gen.lean       |  1 +
 .../ERC20Shim/panic_error_0x41_gen.lean       |  1 +
 ...91c1b902ef5e3cb8d9f6f304cf7446f74_gen.lean |  1 +
 ...774001b90d25810abd9040049be7bf4bb_gen.lean |  1 +
 ...18d802a52331272ac6fdb6a7c4aea3b1b_gen.lean |  1 +
 .../update_byte_slice_shift_gen.lean          |  1 +
 ..._value_offsett_uint256_to_uint256_gen.lean |  1 +
 .../validator_revert_address_gen.lean         |  1 +
 .../validator_revert_uint256_gen.lean         |  1 +
 55 files changed, 54 insertions(+), 21 deletions(-)

diff --git a/All.lean b/All.lean
index 72093da..43ce68a 100644
--- a/All.lean
+++ b/All.lean
@@ -1,24 +1,3 @@
-import Generated.peano.Peano.addk_user
-import Generated.peano.Peano.expk_gen
-import Generated.peano.Peano.addk_gen
-import Generated.peano.Peano.mulk
-import Generated.peano.Peano.expk_user
-import Generated.peano.Peano.mulk_gen
-import Generated.peano.Peano.expk
-import Generated.peano.Peano.addk
-import Generated.peano.Peano.mulk_user
-import Generated.peano.Peano.Common.if_6183625948864629624_user
-import Generated.peano.Peano.Common.for_727972558926940900_user
-import Generated.peano.Peano.Common.for_4806375509446804985_gen
-import Generated.peano.Peano.Common.for_84821961910748561_gen
-import Generated.peano.Peano.Common.for_4806375509446804985_user
-import Generated.peano.Peano.Common.for_4806375509446804985
-import Generated.peano.Peano.Common.for_727972558926940900_gen
-import Generated.peano.Peano.Common.for_84821961910748561
-import Generated.peano.Peano.Common.if_6183625948864629624
-import Generated.peano.Peano.Common.for_727972558926940900
-import Generated.peano.Peano.Common.if_6183625948864629624_gen
-import Generated.peano.Peano.Common.for_84821961910748561_user
 import Generated.erc20shim.ERC20Shim.fun_transfer_gen
 import Generated.erc20shim.ERC20Shim.abi_decode_addresst_addresst_uint256_gen
 import Generated.erc20shim.ERC20Shim.fun_approve_420_user
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_address_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_address_gen.lean
index 0f682a6..fbb0e05 100644
--- a/Generated/erc20shim/ERC20Shim/abi_decode_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_address_gen.lean
@@ -77,6 +77,7 @@ def abi_decode_address_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_gen.lean
index 08d5435..8a677bd 100644
--- a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_address_gen.lean
@@ -122,6 +122,7 @@ def abi_decode_addresst_address_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_gen.lean
index a72e618..b3a27de 100644
--- a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_addresst_uint256_gen.lean
@@ -144,6 +144,7 @@ def abi_decode_addresst_addresst_uint256_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_gen.lean
index fb215a6..9c9f979 100644
--- a/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_addresst_uint256_gen.lean
@@ -123,6 +123,7 @@ def abi_decode_addresst_uint256_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_gen.lean
index a9557e8..0151f5b 100644
--- a/Generated/erc20shim/ERC20Shim/abi_decode_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_gen.lean
@@ -87,6 +87,7 @@ def abi_decode_concrete_of_code
   revert h
   subst xs
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_gen.lean
index 6f78b05..4740746 100644
--- a/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_tuple_address_gen.lean
@@ -101,6 +101,7 @@ def abi_decode_tuple_address_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_decode_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_decode_uint256_gen.lean
index e1b4e2d..10f1d4b 100644
--- a/Generated/erc20shim/ERC20Shim/abi_decode_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_decode_uint256_gen.lean
@@ -77,6 +77,7 @@ def abi_decode_uint256_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_address_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_address_gen.lean
index 0f0e900..1408f79 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_address_gen.lean
@@ -75,6 +75,7 @@ def abi_encode_address_concrete_of_code
   rw [EVMMstore']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_gen.lean
index 751ec98..d43c14a 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_address_uint256_uint256_gen.lean
@@ -127,6 +127,7 @@ def abi_encode_address_uint256_uint256_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_bool_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_bool_gen.lean
index 508a9b1..af224c1 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_bool_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_bool_gen.lean
@@ -80,6 +80,7 @@ def abi_encode_bool_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_gen.lean
index 6263a22..e117752 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_bool_to_bool_gen.lean
@@ -75,6 +75,7 @@ def abi_encode_bool_to_bool_concrete_of_code
   rw [EVMMstore']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_string_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_string_gen.lean
index a163efb..5f1cc73 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_string_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_string_gen.lean
@@ -87,6 +87,7 @@ def abi_encode_string_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_gen.lean
index f9a3315..95219b6 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_string_memory_ptr_gen.lean
@@ -127,6 +127,7 @@ def abi_encode_string_memory_ptr_concrete_of_code
   rw [EVMAdd']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_string_storage_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_string_storage_gen.lean
index a166c41..1f84e27 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_string_storage_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_string_storage_gen.lean
@@ -139,6 +139,7 @@ def abi_encode_string_storage_concrete_of_code
   revert h
   subst xs
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_gen.lean
index 82afa21..7d1f803 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_tuple_address_gen.lean
@@ -80,6 +80,7 @@ def abi_encode_tuple_address_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_gen.lean
index 55ba6b1..3531b62 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_gen.lean
@@ -80,6 +80,7 @@ def abi_encode_uint256_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_gen.lean
index 722b66c..8e9cfdf 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint256_to_uint256_gen.lean
@@ -61,6 +61,7 @@ def abi_encode_uint256_to_uint256_concrete_of_code
   rw [EVMMstore']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint8_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_gen.lean
index 0a1d1bb..574723e 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_uint8_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_gen.lean
@@ -80,6 +80,7 @@ def abi_encode_uint8_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_gen.lean b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_gen.lean
index d2a0883..7d71852 100644
--- a/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/abi_encode_uint8_to_uint8_gen.lean
@@ -71,6 +71,7 @@ def abi_encode_uint8_to_uint8_concrete_of_code
   rw [EVMMstore']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_gen.lean b/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_gen.lean
index 74d6e50..59340df 100644
--- a/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/array_dataslot_string_storage_gen.lean
@@ -75,6 +75,7 @@ def array_dataslot_string_storage_concrete_of_code
   rw [EVMKeccak256']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_gen.lean b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_gen.lean
index 31ee150..e69e579 100644
--- a/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_fromStack_gen.lean
@@ -71,6 +71,7 @@ def array_storeLengthForEncoding_string_fromStack_concrete_of_code
   rw [EVMAdd']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_gen.lean b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_gen.lean
index a102de3..6fb346e 100644
--- a/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/array_storeLengthForEncoding_string_gen.lean
@@ -71,6 +71,7 @@ def array_storeLengthForEncoding_string_concrete_of_code
   rw [EVMAdd']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/checked_add_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/checked_add_uint256_gen.lean
index 376e2c9..701f8e4 100644
--- a/Generated/erc20shim/ERC20Shim/checked_add_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/checked_add_uint256_gen.lean
@@ -89,6 +89,7 @@ def checked_add_uint256_concrete_of_code
   revert h
   subst xs
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_gen.lean b/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_gen.lean
index d204ba8..7193177 100644
--- a/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/copy_array_from_storage_to_memory_string_gen.lean
@@ -100,6 +100,7 @@ def copy_array_from_storage_to_memory_string_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_gen.lean b/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_gen.lean
index ba1318c..72e2b69 100644
--- a/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/copy_memory_to_memory_with_cleanup_gen.lean
@@ -96,6 +96,7 @@ def copy_memory_to_memory_with_cleanup_concrete_of_code
   rw [EVMMstore']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/extract_byte_array_length_gen.lean b/Generated/erc20shim/ERC20Shim/extract_byte_array_length_gen.lean
index a006d6e..ee7ec0c 100644
--- a/Generated/erc20shim/ERC20Shim/extract_byte_array_length_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/extract_byte_array_length_gen.lean
@@ -128,6 +128,7 @@ def extract_byte_array_length_concrete_of_code
   revert h
   subst xs
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/finalize_allocation_gen.lean b/Generated/erc20shim/ERC20Shim/finalize_allocation_gen.lean
index 253dc1b..4033e0c 100644
--- a/Generated/erc20shim/ERC20Shim/finalize_allocation_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/finalize_allocation_gen.lean
@@ -128,6 +128,7 @@ def finalize_allocation_concrete_of_code
   rw [EVMMstore']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/fun__approve_gen.lean b/Generated/erc20shim/ERC20Shim/fun__approve_gen.lean
index 951dd09..014a074 100644
--- a/Generated/erc20shim/ERC20Shim/fun__approve_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun__approve_gen.lean
@@ -224,6 +224,7 @@ def fun__approve_concrete_of_code
   revert h
   subst xs
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/fun__transfer_gen.lean b/Generated/erc20shim/ERC20Shim/fun__transfer_gen.lean
index ef6523b..e6718b7 100644
--- a/Generated/erc20shim/ERC20Shim/fun__transfer_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun__transfer_gen.lean
@@ -164,6 +164,7 @@ def fun__transfer_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_gen.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_gen.lean
index f860489..f500c7a 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_gen.lean
@@ -92,6 +92,7 @@ def fun_allowance_concrete_of_code
   rw [EVMSload']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve_420_gen.lean b/Generated/erc20shim/ERC20Shim/fun_approve_420_gen.lean
index 732f968..2b70feb 100644
--- a/Generated/erc20shim/ERC20Shim/fun_approve_420_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_approve_420_gen.lean
@@ -78,6 +78,7 @@ def fun_approve_420_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve_gen.lean b/Generated/erc20shim/ERC20Shim/fun_approve_gen.lean
index 1e3ad15..a04706a 100644
--- a/Generated/erc20shim/ERC20Shim/fun_approve_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_approve_gen.lean
@@ -89,6 +89,7 @@ def fun_approve_concrete_of_code
   revert h
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean
index e6ee60b..3f76422 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean
@@ -78,6 +78,7 @@ def fun_balanceOf_concrete_of_code
   rw [EVMSload']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/fun_decimals_gen.lean b/Generated/erc20shim/ERC20Shim/fun_decimals_gen.lean
index 0b00328..9fc6d1d 100644
--- a/Generated/erc20shim/ERC20Shim/fun_decimals_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_decimals_gen.lean
@@ -56,6 +56,7 @@ def fun_decimals_concrete_of_code
   generalize hs₉ : multifill' _ _ = s₉'
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/fun_msgSender_gen.lean b/Generated/erc20shim/ERC20Shim/fun_msgSender_gen.lean
index 87c01bc..684a6eb 100644
--- a/Generated/erc20shim/ERC20Shim/fun_msgSender_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_msgSender_gen.lean
@@ -60,6 +60,7 @@ def fun_msgSender_concrete_of_code
   rw [EVMCaller']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/fun_name_gen.lean b/Generated/erc20shim/ERC20Shim/fun_name_gen.lean
index 46e8c7d..774ea5b 100644
--- a/Generated/erc20shim/ERC20Shim/fun_name_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_name_gen.lean
@@ -72,6 +72,7 @@ def fun_name_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean
index 8e6a3b0..3e7e920 100644
--- a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean
@@ -122,6 +122,7 @@ def fun_spendAllowance_concrete_of_code
   revert h
   subst xs
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/fun_symbol_gen.lean b/Generated/erc20shim/ERC20Shim/fun_symbol_gen.lean
index a1cb0f4..f0b703b 100644
--- a/Generated/erc20shim/ERC20Shim/fun_symbol_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_symbol_gen.lean
@@ -72,6 +72,7 @@ def fun_symbol_concrete_of_code
   try revert h'
   revert h
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean b/Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean
index ea24a8e..9e6a199 100644
--- a/Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean
@@ -64,6 +64,7 @@ def fun_totalSupply_concrete_of_code
   rw [EVMSload']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom_gen.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom_gen.lean
index 1b98fc6..1b44f86 100644
--- a/Generated/erc20shim/ERC20Shim/fun_transferFrom_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom_gen.lean
@@ -106,6 +106,7 @@ def fun_transferFrom_concrete_of_code
   revert h
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/fun_transfer_gen.lean b/Generated/erc20shim/ERC20Shim/fun_transfer_gen.lean
index bce2df9..dc73a68 100644
--- a/Generated/erc20shim/ERC20Shim/fun_transfer_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_transfer_gen.lean
@@ -89,6 +89,7 @@ def fun_transfer_concrete_of_code
   revert h
   
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/fun_update_gen.lean b/Generated/erc20shim/ERC20Shim/fun_update_gen.lean
index 3d41811..c1e62be 100644
--- a/Generated/erc20shim/ERC20Shim/fun_update_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_update_gen.lean
@@ -224,6 +224,7 @@ def fun_update_concrete_of_code
   rw [EVMLog3']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen.lean
index fc149a7..466406c 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen.lean
@@ -90,6 +90,7 @@ def mapping_index_access_mapping_address_mapping_address_uint256_of_address_conc
   rw [EVMKeccak256']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_gen.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_gen.lean
index f9c748b..f2eae71 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_gen.lean
@@ -90,6 +90,7 @@ def mapping_index_access_mapping_address_uint256_of_address_concrete_of_code
   rw [EVMKeccak256']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean
index 8df71fd..bb72b23 100644
--- a/Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x11_gen.lean
@@ -93,6 +93,7 @@ def panic_error_0x11_concrete_of_code
   rw [EVMRevert']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x22_gen.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x22_gen.lean
index 320e099..fa5ab77 100644
--- a/Generated/erc20shim/ERC20Shim/panic_error_0x22_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x22_gen.lean
@@ -93,6 +93,7 @@ def panic_error_0x22_concrete_of_code
   rw [EVMRevert']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/panic_error_0x41_gen.lean b/Generated/erc20shim/ERC20Shim/panic_error_0x41_gen.lean
index b012f1e..df4993a 100644
--- a/Generated/erc20shim/ERC20Shim/panic_error_0x41_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/panic_error_0x41_gen.lean
@@ -93,6 +93,7 @@ def panic_error_0x41_concrete_of_code
   rw [EVMRevert']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen.lean b/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen.lean
index d5bb9ec..af0dad4 100644
--- a/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74_gen.lean
@@ -67,6 +67,7 @@ def revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f7
   rw [EVMRevert']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen.lean b/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen.lean
index cf8386a..81cb588 100644
--- a/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4bb_gen.lean
@@ -67,6 +67,7 @@ def revert_error_ca66f745a3ce8ff40e2ccaf1ad45db7774001b90d25810abd9040049be7bf4b
   rw [EVMRevert']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen.lean b/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen.lean
index fa81597..ebac60e 100644
--- a/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1b_gen.lean
@@ -67,6 +67,7 @@ def revert_error_dbdddcbe895c83990c08b3492a0e83918d802a52331272ac6fdb6a7c4aea3b1
   rw [EVMRevert']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/update_byte_slice_shift_gen.lean b/Generated/erc20shim/ERC20Shim/update_byte_slice_shift_gen.lean
index 397e29c..10918a5 100644
--- a/Generated/erc20shim/ERC20Shim/update_byte_slice_shift_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/update_byte_slice_shift_gen.lean
@@ -60,6 +60,7 @@ def update_byte_slice_shift_concrete_of_code
 
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
   rw [cons]; simp only [LetEq', Assign', Lit', Var']
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_gen.lean
index 52aad03..aa76339 100644
--- a/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/update_storage_value_offsett_uint256_to_uint256_gen.lean
@@ -83,6 +83,7 @@ def update_storage_value_offsett_uint256_to_uint256_concrete_of_code
   rw [EVMSstore']
   try simp
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/validator_revert_address_gen.lean b/Generated/erc20shim/ERC20Shim/validator_revert_address_gen.lean
index a146940..de38675 100644
--- a/Generated/erc20shim/ERC20Shim/validator_revert_address_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/validator_revert_address_gen.lean
@@ -100,6 +100,7 @@ def validator_revert_address_concrete_of_code
   revert h
   subst xs
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody
diff --git a/Generated/erc20shim/ERC20Shim/validator_revert_uint256_gen.lean b/Generated/erc20shim/ERC20Shim/validator_revert_uint256_gen.lean
index 6df6a22..f3150ce 100644
--- a/Generated/erc20shim/ERC20Shim/validator_revert_uint256_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/validator_revert_uint256_gen.lean
@@ -78,6 +78,7 @@ def validator_revert_uint256_concrete_of_code
   revert h
   subst xs
   
+  try clr_varstore_target
   -- finish offsetting
   subst hs₉
   intros hbody

From cf4e7551342fc282ee9edd242cf438880f63d325 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Wed, 20 Nov 2024 02:06:59 +0000
Subject: [PATCH 66/89] [To revert] Regenerate ERC20, overwriting existing
 proofs

---
 Generated/erc20shim/ERC20Shim/Predicate.lean  | 113 -----
 Generated/erc20shim/ERC20Shim/Variables.lean  |  48 ---
 .../ERC20Shim/fun_allowance_user.lean         | 392 +-----------------
 .../ERC20Shim/fun_balanceOf_user.lean         | 178 +-------
 .../ERC20Shim/fun_totalSupply_user.lean       |  28 +-
 ...pping_address_uint256_of_address_user.lean |   9 +-
 ...pping_address_uint256_of_address_user.lean | 153 +------
 7 files changed, 19 insertions(+), 902 deletions(-)
 delete mode 100644 Generated/erc20shim/ERC20Shim/Predicate.lean
 delete mode 100644 Generated/erc20shim/ERC20Shim/Variables.lean

diff --git a/Generated/erc20shim/ERC20Shim/Predicate.lean b/Generated/erc20shim/ERC20Shim/Predicate.lean
deleted file mode 100644
index f284fa5..0000000
--- a/Generated/erc20shim/ERC20Shim/Predicate.lean
+++ /dev/null
@@ -1,113 +0,0 @@
-import Mathlib.Data.Finmap
-
-import Clear.State
-import Clear.Utilities
-
-import Generated.erc20shim.ERC20Shim.Variables
-
-open Clear State Utilities
-
-namespace Generated.erc20shim.ERC20Shim
-
-abbrev BalanceMap := Finmap (λ _ : Address ↦ UInt256)
-abbrev AllowanceMap := Finmap (λ _ : Address × Address ↦ UInt256)
-
-structure ERC20 where
-  supply : UInt256
-  balances : BalanceMap
-  allowances : AllowanceMap
-
-set_option linter.setOption false
-set_option pp.coercions false
-
-def not_mem_private (a : Option UInt256) : Prop :=
-  match a with
-  | some el => el ∉ ERC20Private.toFinset
-  | none => true
-
-lemma not_mem_private_of_some {a : UInt256} (h : not_mem_private (some a)) :
-  a ∉ ERC20Private.toFinset := by
-  unfold not_mem_private at h
-  simp at h
-  exact h
-
-structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
-  hasSupply : s.evm.sload ERC20Private.totalSupply = erc20.supply
-
-  hasBalance :
-    ∀ {account}, (account ∈ erc20.balances) →
-    ∃ (address : UInt256),
-    s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some address ∧
-    erc20.balances.lookup account = some (s.evm.sload address)
-
-  hasAllowance :
-    ∀ {owner spender}, ((owner, spender) ∈ erc20.allowances) →
-    ∃ (address  : UInt256) (intermediate : UInt256),
-    s.evm.keccak_map.lookup [ ↑owner , ERC20Private.allowances ] = some intermediate ∧
-    s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address ∧
-    erc20.allowances.lookup ⟨owner, spender⟩ = some (s.evm.sload address)
-
-  storageDom :
-    s.evm.storage.keys =
-      { address | ∃ account,
-        account ∈ erc20.balances ∧
-        some address = s.evm.keccak_map.lookup [ ↑account, ERC20Private.balances ] }.toFinset ∪
-      { address | ∃ owner spender,
-        (owner, spender) ∈ erc20.allowances ∧
-        ∀ {intermediate}, s.evm.keccak_map.lookup [ ↑owner , ERC20Private.allowances ] = some intermediate →
-        s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address }.toFinset ∪
-      ERC20Private.toFinset
-
-  block_acc_range :
-    ∀ {var},
-    not_mem_private (s.evm.keccak_map.lookup [ var, ERC20Private.balances ]) ∧
-    not_mem_private (s.evm.keccak_map.lookup [ var, ERC20Private.allowances ]) ∧
-    (∀ var₂ intermediate, s.evm.keccak_map.lookup [ var, ERC20Private.allowances ] = some intermediate
-                    → not_mem_private (s.evm.keccak_map.lookup [ var₂, intermediate ]))
-
-  -- block_allowance_range :
-  --   ∀ {owner}, s.evm.keccak_map.lookup [ ↑owner, ERC20Private.allowances ] ∉ ERC20Private.toFinset
-
-    -- equivalent statements
-    -- s.evm.sload address ∈ erc20.balances.lookup account
-    -- ⟨account, s.evm.sload address⟩ ∈ erc20.balances.entries
-
-lemma w {erc20} {s} {account} (is_erc20 : IsERC20 erc20 s) (not_mem: account ∉ erc20.balances) :
-  (s.evm.keccak_range.partition (λ x ↦ x ∈ s.evm.used_range)).2 ∩ s.evm.storage.keys.toList = ∅
-  := by
-  sorry
-
-lemma IsERC20_of_insert {erc20} {s : State} :
-  ∀ {var val}, IsERC20 erc20 s → IsERC20 erc20 (s⟦var↦val⟧) := by
-  intro var val is_erc
-  constructor <;> rw [State.evm_insert]
-  · exact is_erc.hasSupply
-  · exact is_erc.hasBalance
-  · exact is_erc.hasAllowance
-  · exact is_erc.storageDom
-  sorry
-
-lemma IsERC20_of_ok_forall_store {erc20} {evm} {s₀ s₁} :
-  IsERC20 erc20 (Ok evm s₀) → IsERC20 erc20 (Ok evm s₁) := by
-  intro is_erc
-  constructor <;> (try simp [State.evm])
-  · exact is_erc.hasSupply
-  · exact is_erc.hasBalance
-  · exact is_erc.hasAllowance
-  · exact is_erc.storageDom
-  sorry
-
-lemma IsERC20_of_ok_of_Preserved {erc20} {store} {σ₀ σ₁} (h : Preserved σ₀ σ₁) : 
-  IsERC20 erc20 (Ok σ₀ store) → IsERC20 erc20 (Ok σ₁ store) := by
-  sorry
-  
-lemma IsERC20_of_preservesEvm {erc20} {s₀ s₁} :
-  preservesEvm s₀ s₁ → IsERC20 erc20 s₀ → IsERC20 erc20 s₁ := by
-  sorry
-
-lemma t {erc20} {s₀ s₁} (is_erc20 : IsERC20 erc20 s₀) (h : preservesEvm s₀ s₁) :
-  ∀ {addr}, addr ∉ s₀.evm.keccak_range ∧ addr ∈ s₁.evm.keccak_range →
-  addr ∉ s₀.evm.storage.keys := by
-  sorry
-
-end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/Variables.lean b/Generated/erc20shim/ERC20Shim/Variables.lean
deleted file mode 100644
index cc02ef7..0000000
--- a/Generated/erc20shim/ERC20Shim/Variables.lean
+++ /dev/null
@@ -1,48 +0,0 @@
-import Mathlib.Data.Finmap
-import Clear.Ast
-import Clear.EVMState
-import Clear.UInt256
-import Clear.State
-
-open Clear
-
-namespace Generated.erc20shim.ERC20Shim
-
-structure PrivateAddresses where
-  balances    : UInt256
-  allowances  : UInt256
-  totalSupply : UInt256
-  name        : UInt256
-  symbol      : UInt256
-
-def PrivateAddresses.toFinset (p : PrivateAddresses) : Finset UInt256 :=
-  { p.balances, p.allowances, p.totalSupply, p.name, p.symbol }
-
-def ERC20Private : PrivateAddresses :=
-  { balances := 0, allowances := 1, totalSupply := 2, name := 3, symbol := 4 }
-
-namespace Variables
-
-lemma balances_def : ERC20Private.balances = 0 := by
-  unfold ERC20Private
-  simp only
-
-lemma allowances_def : ERC20Private.allowances = 1 := by
-  unfold ERC20Private
-  simp only
-
-lemma totalSupply_def : ERC20Private.totalSupply = 2 := by
-  unfold ERC20Private
-  simp only
-
-lemma name_def : ERC20Private.name = 3 := by
-  unfold ERC20Private
-  simp only
-
-lemma symbol_def : ERC20Private.symbol = 4 := by
-  unfold ERC20Private
-  simp only
-
-end Variables
-
-end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index cadcc00..1a0d8f7 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -1,8 +1,10 @@
 import Clear.ReasoningPrinciple
 
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+
 import Generated.erc20shim.ERC20Shim.fun_allowance_gen
 
-import Generated.erc20shim.ERC20Shim.Predicate
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -10,397 +12,13 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-set_option maxHeartbeats 1000000
-
-def A_fun_allowance (var : Identifier) (var_owner var_spender : Literal) (s₀ s₉ : State) : Prop :=
-  (∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
-  let owner := Address.ofUInt256 var_owner
-  let spender := Address.ofUInt256 var_spender
-  IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
-  s₉[var]!! = (erc20.allowances.lookup ⟨owner, spender⟩).getD 0 ∧
-  s₉.evm.hash_collision = false)
-  ∨ s₉.evm.hash_collision = true
+def A_fun_allowance (var : Identifier) (var_owner var_spender : Literal) (s₀ s₉ : State) : Prop := sorry
 
 lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spender} :
   Spec (fun_allowance_concrete_of_code.1 var var_owner var_spender) s₀ s₉ →
   Spec (A_fun_allowance var var_owner var_spender) s₀ s₉ := by
   unfold fun_allowance_concrete_of_code A_fun_allowance
-
-  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
-  apply spec_eq
-  clr_funargs
-  rintro hasFuel ⟨s, mapping, ⟨s', mapping', code⟩⟩
-
-  clr_varstore
-
-  -- what we can get right now from mapping function
-  unfold A_mapping_index_access_mapping_address_mapping_address_uint256_of_address
-         A_mapping_index_access_mapping_address_uint256_of_address at mapping
-  clr_spec at mapping
-  
-  
-
-  obtain ⟨⟨preservesEvm, s_isOk, s_isEVMStatePreserved, ⟨⟨intermediate_keccak, keccak_using_intermediate, hStore⟩,hHashCollision⟩⟩, hHashCollision₁⟩ := mapping -- Adds a goal
-  · -- No hash collision from first keccak
-    
-    obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
-    have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_owner), 1] s.evm.keccak_map = some (s["_2"]!!) := by
-      unfold store State.insert at hStore
-      unfold lookup!
-      aesop
-    rw [ ← Variables.allowances_def
-     , s_eq_ok, get_evm_of_ok, ← s_eq_ok
-     ] at keccak
-
-    -- what we can get right now from mapping' function
-    unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
-    clr_spec at mapping'
-    
-    obtain ⟨⟨preservesEvm', s_isOk', s_isEVMStatePreserved', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
-    · -- No hash collision from second keccak
-      left
-      intro erc20 is_erc20 s₀_isEVMState
-      obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
-      have keccak' : Finmap.lookup [↑↑(Address.ofUInt256 (s["var_spender"]!!)), s["_2"]!!] s'.evm.keccak_map = some (s'["_3"]!!) := by
-        rw [s_eq_ok]
-        rw [s_eq_ok] at hStore'
-        rw [s_eq_ok']
-        rw [s_eq_ok'] at hStore'
-        unfold store at hStore'
-        simp at hStore'
-        unfold State.insert at hStore'
-        simp at hStore'
-        conv_lhs => rw[←s_eq_ok]; rw[←s_eq_ok']
-        rw [hStore']
-        unfold lookup!
-        simp
-        exact keccak_using_intermediate'
-      rw [ s_eq_ok', get_evm_of_ok, ← s_eq_ok'
-        ] at keccak'
-
-      -- simplify contract
-      unfold reviveJump at code
-      simp [s_eq_ok, s_eq_ok'] at code
-      rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
-      clr_varstore
-
-      -- get underlying Preserved from preservesEvm
-      rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
-      have hPreserved := Preserved_of_preservesEvm_of_Ok preservesEvm
-
-      -- get underlying Preserved from preservesEvm'
-      rw [ s_eq_ok, s_eq_ok'] at preservesEvm'
-      have hPreserved' := Preserved_of_preservesEvm_of_Ok preservesEvm'
-
-      -- make use of transitivity of Preserved
-      have hPreserved'' : Clear.Preserved evm evmₛ' := Preserved.trans hPreserved hPreserved'
-      
-      refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
-      rw [← code]
-      -- lookup allowance
-      clr_varstore
-      by_cases mem : ⟨Address.ofUInt256 var_owner, Address.ofUInt256 var_spender⟩ ∈ erc20.allowances
-      · -- there is such ⟨owner, spender⟩ in allowances
-        split_ands <;> [skip; aesop]
-
-        obtain ⟨address, intermediate, has_intermediate, has_address, allowance⟩ := is_erc20.hasAllowance mem
-
-        have intermediate_def : s["_2"]!! = intermediate := by
-          rw [s_eq_ok]
-          rw [← Option.some_inj]
-          trans
-          · have := Eq.symm (s_eq_ok ▸ keccak)
-            exact this
-          · exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved has_intermediate
-              ▸ has_intermediate)
-
-        have address_def : s'["_3"]!! = address := by
-          rw [s_eq_ok']
-          rw [← Option.some_inj]
-          trans
-          · have := Eq.symm (s_eq_ok' ▸ keccak')
-            exact this
-          · rw [intermediate_def]
-            have : s["var_spender"]!! = var_spender := by
-              rw [s_eq_ok]
-              rw [s_eq_ok] at hStore
-              unfold store at hStore
-              unfold State.insert at hStore
-              simp at hStore
-              rw [hStore]
-              unfold lookup!
-              simp
-              rw [Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
-                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
-                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)]
-              simp
-            rw [this]
-            exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address ▸ has_address)
-
-        rw [address_def] at code ⊢
-        rw [ allowance
-          , Option.getD_some
-          , State.get_evm_of_ok
-          , ← sload_eq_of_preserved hPreserved''
-          ]
-      · -- there is *no* such account in allowances
-        -- so sload should return 0
-
-        split_ands <;> [skip; aesop]
-
-        rw [ Finmap.lookup_eq_none.mpr mem
-          , Option.getD_none
-          ]
-
-        -- in order to do that it should be given storage address outside of
-        -- its domain
-        apply sload_of_not_mem_dom
-        have := State.get_evm_of_ok ▸ is_erc20.storageDom
-        rw [ ← storage_eq_of_preserved hPreserved''
-          , this
-          ]
-        clear this
-        simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
-        have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
-          IsERC20_of_ok_of_Preserved hPreserved is_erc20
-        have s_erc20' : IsERC20 erc20 (Ok evmₛ' _) :=
-          IsERC20_of_ok_of_Preserved hPreserved' s_erc20
-
-        split_ands
-        -- address not in balances
-        · intro account account_mem_balances
-          obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
-          rw [ ← keccak'
-            , keccak_map_lookup_eq_of_Preserved_of_lookup
-                hPreserved'' has_address ]
-          by_contra h
-          have : [↑↑account, ERC20Private.balances] ∈ evmₛ'.keccak_map.keys := by
-            rw [Finmap.mem_keys]
-            apply Finmap.lookup_isSome.mp
-            have := get_evm_of_ok ▸ has_address
-            rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address
-              , this ]
-            simp
-          have IsEVMₛ' : evmₛ'.isEVMState := by aesop
-          have keccak_inj := IsEVMₛ'.1 this (Eq.symm h)
-
-          rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
-          unfold Fin.ofNat'' at keccak_inj
-          simp at keccak_inj
-          obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
-
-          have : ERC20Private.balances ≠ s["_2"]!! := by
-            obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.2.1
-            rw [ keccak ] at blocked_range
-            apply not_mem_private_of_some at blocked_range
-            rw [@ne_comm]
-            unfold PrivateAddresses.toFinset at blocked_range
-            rw [Finset.mem_def] at blocked_range
-            simp at blocked_range -- Fails with: set_option maxHeartbeats 200000
-            exact blocked_range.1
-          contradiction
-
-        -- address not in allowances
-        · intro owner spender owner_spender_mem_allowances
-
-          obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
-            is_erc20.hasAllowance owner_spender_mem_allowances
-
-          rw [ ← keccak'
-          , keccak_map_lookup_eq_of_Preserved_of_lookup
-              hPreserved'' owner_lookup ]
-          by_contra h
-          have : [↑↑owner, ERC20Private.allowances] ∈ evmₛ.keccak_map.keys := by
-            rw [Finmap.mem_keys]
-            apply Finmap.lookup_isSome.mp
-            have owner_lookup' := get_evm_of_ok ▸ owner_lookup
-            have spender_lookup' := get_evm_of_ok ▸ spender_lookup
-            rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved owner_lookup
-              , owner_lookup' ]
-            simp
-          have owner_lookup' := get_evm_of_ok ▸ owner_lookup
-          have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' owner_lookup
-          rw [this] at owner_lookup'
-          have hSpender := h owner_lookup'
-
-
-          have spender_lookup' := get_evm_of_ok ▸ spender_lookup
-          have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' spender_lookup'
-          rw [this] at hSpender
-
-          have : [↑↑(Address.ofUInt256 (s["var_spender"]!!)), s["_2"]!!] ∈ evmₛ'.keccak_map.keys := by
-            clear * -keccak_using_intermediate' s_eq_ok'
-            rw [s_eq_ok'] at keccak_using_intermediate'
-            simp at keccak_using_intermediate'
-            exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate'
-          have IsEVMₛ' : evmₛ'.isEVMState := by aesop
-          have keccak_inj := IsEVMₛ'.1 this (Eq.symm hSpender)
-          rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
-          unfold Fin.ofNat'' at keccak_inj
-          simp at keccak_inj
-          rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj <;> [skip; exact Address.val_lt_UInt256_size; exact Address.val_lt_UInt256_size]
-
-          obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
-
-
-          have hOwner : owner = Address.ofUInt256 var_owner := by
-            have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved owner_lookup
-            rw [←keccak_inj₂] at owner_lookup
-            rw [←keccak] at owner_lookup
-            have owner_lookup'' := get_evm_of_ok ▸ owner_lookup
-            rw [this] at owner_lookup''
-
-            have : [↑↑(Address.ofUInt256 var_owner), ERC20Private.allowances] ∈ evmₛ.keccak_map.keys := by
-              clear * -keccak_using_intermediate s_eq_ok
-              rw [s_eq_ok] at keccak_using_intermediate
-              simp at keccak_using_intermediate
-              exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate
-            have IsEVMₛ : evmₛ.isEVMState := by aesop
-            have keccak_inj := IsEVMₛ.1 this (Eq.symm owner_lookup'')
-            rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
-            unfold Fin.ofNat'' at keccak_inj
-            simp at keccak_inj
-            rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj <;> [skip; exact Address.val_lt_UInt256_size; exact Address.val_lt_UInt256_size]
-            symm
-            exact keccak_inj
-
-          have hSpender : spender = Address.ofUInt256 var_spender := by
-            have : s["var_spender"]!! = var_spender := by
-              rw [s_eq_ok]
-              rw [s_eq_ok] at hStore
-              unfold store at hStore
-              unfold State.insert at hStore
-              simp at hStore
-              rw [hStore]
-              unfold lookup!
-              simp
-              rw [Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
-                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
-                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)]
-              simp
-            rw [this] at keccak_inj₁
-            symm
-            exact keccak_inj₁
-            done
-          rw [←hOwner, ←hSpender] at mem
-          contradiction
-
-        -- address not in reserved space
-        · obtain blocked_range := get_evm_of_ok ▸ (s_erc20'.block_acc_range.2.2)
-          have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved' keccak
-          rw [this] at keccak
-          rw [ keccak ] at blocked_range
-
-          have blocked_range' := blocked_range (↑↑(Address.ofUInt256 (s["var_spender"]!!))) (s["_2"]!!) (by rfl)
-          rw [←Finset.mem_map' Function.Embedding.some]
-
-          -- TODO make simpler:
-          have : Function.Embedding.some (s'["_3"]!!) = (some (s'["_3"]!!)) := by
-            simp
-          rw [this]
-          rw [←keccak']
-          
-          unfold not_mem_private at blocked_range'
-          rw [keccak'] at blocked_range'
-          simp at blocked_range'
-          rw [keccak']
-          simp
-          exact blocked_range'
-
-      done
-    · -- Hash collision from second keccak
-      rename_i hHashCollisionTrue
-      right
-      have :   hash_collision (Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm)
-         = evm.hash_collision := by
-        simp
-      rw [this] at hHashCollision₁
-      by_cases s_isOk' : s'.isOk
-      · obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
-        -- simplify contract
-        unfold reviveJump at code
-        simp [s_eq_ok, s_eq_ok'] at code
-        rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
-        clr_varstore
-
-        rw [←code]
-        aesop
-      · rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
-        · unfold reviveJump at code
-          simp at code
-          rw [←code]
-          aesop
-        · unfold reviveJump at code
-          simp at code
-
-          rename_i j
-          unfold evm at hHashCollisionTrue
-          simp at hHashCollisionTrue
-  · -- Hash collision from first keccak
-    rename_i hHashCollisionTrue
-    right
-
-    by_cases s_isOk : s.isOk
-    · unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
-      clr_spec at mapping'
-      
-      obtain ⟨⟨preservesEvm', s_isOk', s_isEVMStatePreserved', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
-
-      have :   hash_collision (Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm)
-          = evm.hash_collision := by
-          simp
-      rw [this] at hHashCollision₁
-      by_cases s_isOk' : s'.isOk
-      · obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
-        -- simplify contract
-        unfold reviveJump at code
-        simp [s_eq_ok'] at code
-        rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
-        clr_varstore
-        
-        · rw [←code]
-          have : Ok evmₛ' varstore⟦var↦sload evmₛ' (s'["_3"]!!)⟧.evm.hash_collision
-                = evmₛ'.hash_collision := by simp
-          rw [this]
-          aesop
-        
-
-      · rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
-        · unfold reviveJump at code
-          simp at code
-          rw [←code]
-          aesop
-          
-        · unfold reviveJump at code
-          simp at code
-          rename_i j
-          rcases j
-      · rename_i hHashCollisionTrue'
-        have : Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm.hash_collision
-              = evm.hash_collision := by simp
-        rw [this] at hHashCollision₁
-        rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
-        · unfold reviveJump at code
-          simp at code
-          rw [←code]
-          aesop
-          
-        · unfold reviveJump at code
-          simp at code
-          unfold evm at hHashCollisionTrue'
-          simp at hHashCollisionTrue'
-    · unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
-      unfold Spec at mapping'
-      rcases s with ⟨evm, varstore⟩ | _ | _ <;> [skip; skip; skip]
-      · aesop
-      · simp at mapping'
-        rcases s' with ⟨evm, varstore⟩ | _ | _ <;> aesop_spec
-      · simp at mapping'
-        rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip;skip;skip]
-        · simp at mapping'
-        · simp at mapping'
-        · unfold evm at hHashCollisionTrue
-          simp at hHashCollisionTrue
+  sorry
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index 5c31c67..daddd88 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -1,9 +1,9 @@
 import Clear.ReasoningPrinciple
 
--- import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+
 import Generated.erc20shim.ERC20Shim.fun_balanceOf_gen
 
-import Generated.erc20shim.ERC20Shim.Predicate
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -11,183 +11,13 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-section PleaseMoveTheseWhereAppropriatte
-
-variable {jmp : Jump}
-
-@[simp]
-lemma hash_collision_evm_Checkpoint_eq_false : (Checkpoint jmp).evm.hash_collision = false := rfl
-
-end PleaseMoveTheseWhereAppropriatte
-
-def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop :=
-  (∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
-  let account := Address.ofUInt256 var_account
-  IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
-  s₉[var]!! = (erc20.balances.lookup account).getD 0 ∧
-  s₉.evm.hash_collision = false)
-  ∨ s₉.evm.hash_collision = true
+def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop := sorry
 
 lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   Spec (fun_balanceOf_concrete_of_code.1 var var_account) s₀ s₉ →
   Spec (A_fun_balanceOf var var_account) s₀ s₉ := by
   unfold fun_balanceOf_concrete_of_code A_fun_balanceOf
-  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
-  apply spec_eq
-  clr_funargs
-  rintro hasFuel ⟨s, mapping, code⟩
-  clr_varstore
-
-  -- what we can get right now from mapping function
-  unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
-  clr_spec at mapping
-
-  -- Discharge the hash-colliding case immediately using `aesop_spec`.
-  rcases mapping with ⟨
-    ⟨preservesEvm, s_isOk, s_isEVMStatePreserved,
-    ⟨⟨keccak_value, keccak_using_keccak_value, hStore⟩,hHashCollision⟩⟩ | _, hHashCollision₁
-  ⟩ <;> [left; rcases s <;> aesop_spec]
-
-  intro erc20 is_erc20 s₀_isEVMState
-
-  obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
-
-  have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_account), 0] s.evm.keccak_map = some (s["_2"]!!) := by
-    unfold store State.insert at hStore
-    unfold lookup!
-    aesop
-
-  rw [ ← Variables.balances_def
-    , s_eq_ok, get_evm_of_ok, ← s_eq_ok
-    ] at keccak
-
-  -- simplify contract
-  unfold reviveJump at code
-  simp [s_eq_ok] at code
-  rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok ] at code
-  clr_varstore
-
-  -- get underlying Preserved from preservesEvm
-  rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
-  have Preserved := Preserved_of_preservesEvm_of_Ok preservesEvm
-
-  refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
-
-  rw [← code]
-  -- lookup balance
-  clr_varstore
-  by_cases mem : Address.ofUInt256 var_account ∈ erc20.balances
-  · -- there is such account in balances
-    split_ands <;> [skip; aesop]
-
-    obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance mem
-
-    have address_def : s["_2"]!! = address := by
-      rw [s_eq_ok]
-      rw [← Option.some_inj]
-      trans
-      · exact Eq.symm (s_eq_ok ▸ keccak)
-      · exact (keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
-          ▸ has_address)
-
-    rw [address_def] at code ⊢
-    rw [ balance
-      , Option.getD_some
-      , State.get_evm_of_ok
-      , ← sload_eq_of_preserved Preserved
-      ]
-
-  · -- there is *no* such account in balances
-    -- so sload should return 0
-  
-    split_ands <;> [skip; aesop]
-
-    rw [ Finmap.lookup_eq_none.mpr mem
-      , Option.getD_none
-      ]
-
-    -- in order to do that it should be given storage address outside of
-    -- it's domain
-    apply sload_of_not_mem_dom
-    have := State.get_evm_of_ok ▸ is_erc20.storageDom
-    rw [ ← storage_eq_of_preserved Preserved
-      , this
-      ]
-    clear this
-    simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
-    have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
-      IsERC20_of_ok_of_Preserved Preserved is_erc20
-
-    split_ands
-    -- address not in balances
-    · intro account account_mem_balances
-      obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
-      rw [ ← keccak
-        , keccak_map_lookup_eq_of_Preserved_of_lookup
-            Preserved has_address ]
-      by_contra h
-      have : [↑↑account, ERC20Private.balances] ∈ evmₛ.keccak_map.keys := by
-        rw [Finmap.mem_keys]
-        apply Finmap.lookup_isSome.mp
-        have := get_evm_of_ok ▸ has_address
-        rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
-          , this ]
-        simp
-      have IsEVMₛ : evmₛ.isEVMState := by aesop
-      have keccak_inj := IsEVMₛ.1 this (Eq.symm h)
-
-      rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
-      unfold Fin.ofNat'' at keccak_inj
-      simp at keccak_inj
-      rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj
-      rw [keccak_inj] at account_mem_balances
-      exact (mem account_mem_balances)
-      · exact Address.ofUInt256_lt_UInt256_size
-      · exact Address.val_lt_UInt256_size
-
-    -- address not in allowances
-    · intro owner spender mem_allowances
-      obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
-        is_erc20.hasAllowance mem_allowances
-      rw [get_evm_of_ok] at owner_lookup spender_lookup
-      have spender_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup Preserved spender_lookup
-      push_neg
-      use erc_intermediate
-      rw [ ← keccak ]
-      by_contra h
-      rw [not_and'] at h
-      apply h at owner_lookup
-      exact owner_lookup
-
-      rw [spender_lookup_s]
-      by_contra h
-      have : [↑↑spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
-        rw [Finmap.mem_keys]
-        apply Finmap.lookup_isSome.mp
-        have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
-        rw [this]
-        simp
-      have IsEVMₛ : evmₛ.isEVMState := by aesop
-      have keccak_inj := IsEVMₛ.1 this h
-      simp at keccak_inj
-      have intermediate_ne_balances : erc_intermediate ≠ ERC20Private.balances := by
-        obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2.1
-        rw [owner_lookup] at blocked_range
-        unfold not_mem_private at blocked_range
-        simp at blocked_range
-        rw [← Finset.forall_mem_not_eq] at blocked_range
-        have bal_mem_private: ERC20Private.balances ∈ ERC20Private.toFinset := by
-          unfold PrivateAddresses.toFinset
-          simp
-        specialize blocked_range ERC20Private.balances
-        exact blocked_range bal_mem_private
-
-      tauto
-    -- address not in reserved space
-    · -- NOTE: Technically can be a one liner with a bit more infrastructure for keccak.
-      -- QUESTION: I don't think it's worth revisiting post-haste; or is it?
-      have blocked_range := keccak ▸ get_evm_of_ok ▸ s_erc20.block_acc_range.1
-      exact not_mem_private_of_some blocked_range
+  sorry
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
index d6cdf7c..50a105b 100644
--- a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
@@ -2,8 +2,7 @@ import Clear.ReasoningPrinciple
 
 
 import Generated.erc20shim.ERC20Shim.fun_totalSupply_gen
-import Generated.erc20shim.ERC20Shim.Predicate
-import Generated.erc20shim.ERC20Shim.Variables
+
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -11,34 +10,13 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-def A_fun_totalSupply (var_ : Identifier) (s₀ s₉ : State) : Prop :=
-  ∀ {erc20}, IsERC20 erc20 s₀ →
-  IsERC20 erc20 s₉ ∧ s₉ = s₀⟦var_ ↦ erc20.supply⟧
+def A_fun_totalSupply (var_ : Identifier)  (s₀ s₉ : State) : Prop := sorry
 
 lemma fun_totalSupply_abs_of_concrete {s₀ s₉ : State} {var_ } :
   Spec (fun_totalSupply_concrete_of_code.1 var_ ) s₀ s₉ →
   Spec (A_fun_totalSupply var_ ) s₀ s₉ := by
   unfold fun_totalSupply_concrete_of_code A_fun_totalSupply
-  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
-  apply spec_eq  
-  clr_funargs
-  intro hasFuel code erc20 is_erc20
-
-  unfold reviveJump at code
-  simp at code
-  rw [ ← State.insert_of_ok,  ← State.insert_of_ok ] at code
-  rw [ ← State.insert_of_ok ]
-  clr_varstore
-
-  have := is_erc20.hasSupply
-  simp at this
-  rw [← Variables.totalSupply_def, this] at code
-
-  apply And.intro
-  · rw [← code]
-    exact IsERC20_of_insert is_erc20
-  · symm
-    assumption
+  sorry
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
index dc0b2cb..ff0e10f 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
@@ -2,22 +2,21 @@ import Clear.ReasoningPrinciple
 
 
 import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_user
+
 
 namespace Generated.erc20shim.ERC20Shim
 
 section
 
-open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-def A_mapping_index_access_mapping_address_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
-  A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key s₀ s₉
+def A_mapping_index_access_mapping_address_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop := sorry
 
 lemma mapping_index_access_mapping_address_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
   Spec (mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
   Spec (A_mapping_index_access_mapping_address_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
   unfold mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_mapping_address_uint256_of_address
-  apply mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete
+  sorry
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index 542d840..d5574bc 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -3,8 +3,6 @@ import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_gen
 
-import Generated.erc20shim.ERC20Shim.Predicate
-import Generated.erc20shim.ERC20Shim.Variables
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -12,159 +10,14 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-abbrev AddressMap := Finmap (λ _ : Address ↦ UInt256)
-
-set_option linter.setOption false
-set_option pp.coercions false
-
-def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
-  ((preservesEvm s₀ s₉ ∧ s₉.isOk ∧ (s₀.evm.isEVMState → s₉.evm.isEVMState) ∧ (∃ keccak,
-  s₉.evm.keccak_map.lookup [ ↑(Address.ofUInt256 key), slot ] = some keccak ∧
-  s₉.store = s₀⟦dataSlot ↦ keccak⟧.store) ∧
-  s₉.evm.hash_collision = false)
-  ∨ s₉.evm.hash_collision = true)
-  ∧ (s₀.evm.hash_collision = true → s₉.evm.hash_collision = true)
-
--- Helper reifications
-lemma shift_eq_size : Fin.shiftLeft (n := UInt256.size) 1 160 = Address.size := by
-  constructor
-
-lemma EVMAddrSize' {s : State} : (s, [Fin.shiftLeft 1 160]) = (s, [Address.size.toUInt256]) := by
-  simp
-  exact shift_eq_size
+def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop := sorry
 
 lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
   Spec (mapping_index_access_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
   Spec (A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
   unfold mapping_index_access_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_uint256_of_address
-  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
-  apply spec_eq
-  intro hasFuel
-  clr_funargs
-  
-  rw [ EVMSub', EVMShl', EVMAddrSize' ]; simp
-  rw [ Address.and_size_eq_ofUInt256 ]
-  rw [ multifill_cons, multifill_nil ]
-  simp
-
-  clr_varstore
-
-  generalize acconut_def : Address.ofUInt256 key = account
-  intro code
-  unfold reviveJump at code
-
-  generalize prep_def : (mstore evm 0 ↑↑account).mstore 32 slot = state_prep at code
-  have Preserved_prep : Preserved evm state_prep := by
-    rw [← prep_def];
-    exact Preserved.trans mstore_preserved mstore_preserved
-
-  split at code
-  case h_1 _ res keccak_eq_some_res =>
-    clr_match at code
-    rw [← code]
-
-    have res_collision := hash_collision_of_keccak256_eq_some keccak_eq_some_res
-    have prep_collision : state_prep.hash_collision = evm.hash_collision := by
-      rw [← prep_def]
-      exact Eq.trans hash_collision_of_mstore hash_collision_of_mstore
-      
-    have preserves_collision :
-      evm.hash_collision = true → Ok res.2 varstore⟦dataSlot↦res.1⟧.evm.hash_collision = true := by      
-      rw [State.insert_of_ok, get_evm_of_ok, res_collision, prep_collision]
-      intro h; exact h
-    
-    apply And.intro
-    swap; exact preserves_collision
-    
-    by_cases h : evm.hash_collision
-    right
-    -- hash_collision from the previous state
-    exact preserves_collision h
-    
-    -- no hash collision from the previous state
-    left; split_ands
-    -- preservesEvm
-    rw [preservesEvm_of_insert']
-    apply preservesEvm_of_preserved
-    rw [get_evm_of_ok, get_evm_of_ok]
-    exact Preserved.trans Preserved_prep (Preserved_of_keccek256 keccak_eq_some_res)
-
-    -- state is ok
-    exact State.isOk_Ok
-    -- s₉.evm.isEVMState
-    intro hIsEVMState
-    obtain ⟨res₁,res₂⟩ := res
-    simp
-    
-    have state_prep_isEVMState : isEVMState state_prep := by
-      rw [←prep_def]
-      
-      unfold isEVMState
-      split_ands
-      unfold isKeccakInjective
-      simp
-      intros a b h₁ h₂
-      rw [mstore_preserves_keccak_map, mstore_preserves_keccak_map] at h₂
-      unfold isEVMState at hIsEVMState
-      aesop
-      
-      unfold isKeccakUsedRange
-      simp  
-      rw [mstore_preserves_keccak_map, mstore_preserves_keccak_map,
-          mstore_preserves_used_range, mstore_preserves_used_range]
-      unfold isEVMState at hIsEVMState
-      aesop
-    
-    apply @isEVMState_of_keccak256 ⟨state_prep, state_prep_isEVMState⟩ _ _ _ _ keccak_eq_some_res
-    
-    -- keccak
-    use res.1
-    split_ands
-    -- keccak lookup for last
-    rotate_left
-    -- varstore preservation
-    rw [State.insert_of_ok]
-    simp only [State.store]
-    
-    -- no hash collision
-    rw [State.insert_of_ok, get_evm_of_ok, res_collision, prep_collision]
-    rw [Bool.eq_false_eq_not_eq_true] at h; exact h
-    
-    -- keccak lookup
-    rw [State.insert_of_ok, get_evm_of_ok]
-    unfold keccak256 at keccak_eq_some_res
-    rw [ interval'_eq_interval 2 two_ne_zero (by norm_cast)
-       , ← prep_def
-       , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
-       , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
-       , interval_of_0_eq_nil
-       ] at keccak_eq_some_res
-    unfold_let at keccak_eq_some_res
-
-    split at keccak_eq_some_res
-    case h_1 _ v h_lookup =>
-      rw [Option.some_inj] at keccak_eq_some_res
-      rw [← keccak_eq_some_res]
-      exact h_lookup
-    case h_2 _ h_lookup =>
-      split at keccak_eq_some_res
-      swap; contradiction
-      rw [Option.some_inj] at keccak_eq_some_res
-      rw [← keccak_eq_some_res]
-      simp only [];
-      rw [Finmap.lookup_insert]
-
-  case h_2 res keccak_eq_none =>
-    clr_match at code
-
-    have final_destination : s₉.evm.hash_collision := by
-      rw [← code, State.insert_of_ok, get_evm_of_ok]
-      exact hash_collision_of_addHashCollision state_prep
-
-    apply And.intro
-    right; exact final_destination
-    intro _; exact final_destination
+  sorry
 
-  end
+end
 
 end Generated.erc20shim.ERC20Shim

From 57c033d7ffc06fe9181cd31b7270e19049b1f850 Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Wed, 20 Nov 2024 02:07:05 +0000
Subject: [PATCH 67/89] Revert "[To revert] Regenerate ERC20, overwriting
 existing proofs"

Restore existing proofs overwritten by the generator.
---
 Generated/erc20shim/ERC20Shim/Predicate.lean  | 113 +++++
 Generated/erc20shim/ERC20Shim/Variables.lean  |  48 +++
 .../ERC20Shim/fun_allowance_user.lean         | 392 +++++++++++++++++-
 .../ERC20Shim/fun_balanceOf_user.lean         | 178 +++++++-
 .../ERC20Shim/fun_totalSupply_user.lean       |  28 +-
 ...pping_address_uint256_of_address_user.lean |   9 +-
 ...pping_address_uint256_of_address_user.lean | 153 ++++++-
 7 files changed, 902 insertions(+), 19 deletions(-)
 create mode 100644 Generated/erc20shim/ERC20Shim/Predicate.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Variables.lean

diff --git a/Generated/erc20shim/ERC20Shim/Predicate.lean b/Generated/erc20shim/ERC20Shim/Predicate.lean
new file mode 100644
index 0000000..f284fa5
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Predicate.lean
@@ -0,0 +1,113 @@
+import Mathlib.Data.Finmap
+
+import Clear.State
+import Clear.Utilities
+
+import Generated.erc20shim.ERC20Shim.Variables
+
+open Clear State Utilities
+
+namespace Generated.erc20shim.ERC20Shim
+
+abbrev BalanceMap := Finmap (λ _ : Address ↦ UInt256)
+abbrev AllowanceMap := Finmap (λ _ : Address × Address ↦ UInt256)
+
+structure ERC20 where
+  supply : UInt256
+  balances : BalanceMap
+  allowances : AllowanceMap
+
+set_option linter.setOption false
+set_option pp.coercions false
+
+def not_mem_private (a : Option UInt256) : Prop :=
+  match a with
+  | some el => el ∉ ERC20Private.toFinset
+  | none => true
+
+lemma not_mem_private_of_some {a : UInt256} (h : not_mem_private (some a)) :
+  a ∉ ERC20Private.toFinset := by
+  unfold not_mem_private at h
+  simp at h
+  exact h
+
+structure IsERC20 (erc20 : ERC20) (s : State) : Prop where
+  hasSupply : s.evm.sload ERC20Private.totalSupply = erc20.supply
+
+  hasBalance :
+    ∀ {account}, (account ∈ erc20.balances) →
+    ∃ (address : UInt256),
+    s.evm.keccak_map.lookup [ ↑account , ERC20Private.balances ] = some address ∧
+    erc20.balances.lookup account = some (s.evm.sload address)
+
+  hasAllowance :
+    ∀ {owner spender}, ((owner, spender) ∈ erc20.allowances) →
+    ∃ (address  : UInt256) (intermediate : UInt256),
+    s.evm.keccak_map.lookup [ ↑owner , ERC20Private.allowances ] = some intermediate ∧
+    s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address ∧
+    erc20.allowances.lookup ⟨owner, spender⟩ = some (s.evm.sload address)
+
+  storageDom :
+    s.evm.storage.keys =
+      { address | ∃ account,
+        account ∈ erc20.balances ∧
+        some address = s.evm.keccak_map.lookup [ ↑account, ERC20Private.balances ] }.toFinset ∪
+      { address | ∃ owner spender,
+        (owner, spender) ∈ erc20.allowances ∧
+        ∀ {intermediate}, s.evm.keccak_map.lookup [ ↑owner , ERC20Private.allowances ] = some intermediate →
+        s.evm.keccak_map.lookup [ ↑spender , intermediate ] = some address }.toFinset ∪
+      ERC20Private.toFinset
+
+  block_acc_range :
+    ∀ {var},
+    not_mem_private (s.evm.keccak_map.lookup [ var, ERC20Private.balances ]) ∧
+    not_mem_private (s.evm.keccak_map.lookup [ var, ERC20Private.allowances ]) ∧
+    (∀ var₂ intermediate, s.evm.keccak_map.lookup [ var, ERC20Private.allowances ] = some intermediate
+                    → not_mem_private (s.evm.keccak_map.lookup [ var₂, intermediate ]))
+
+  -- block_allowance_range :
+  --   ∀ {owner}, s.evm.keccak_map.lookup [ ↑owner, ERC20Private.allowances ] ∉ ERC20Private.toFinset
+
+    -- equivalent statements
+    -- s.evm.sload address ∈ erc20.balances.lookup account
+    -- ⟨account, s.evm.sload address⟩ ∈ erc20.balances.entries
+
+lemma w {erc20} {s} {account} (is_erc20 : IsERC20 erc20 s) (not_mem: account ∉ erc20.balances) :
+  (s.evm.keccak_range.partition (λ x ↦ x ∈ s.evm.used_range)).2 ∩ s.evm.storage.keys.toList = ∅
+  := by
+  sorry
+
+lemma IsERC20_of_insert {erc20} {s : State} :
+  ∀ {var val}, IsERC20 erc20 s → IsERC20 erc20 (s⟦var↦val⟧) := by
+  intro var val is_erc
+  constructor <;> rw [State.evm_insert]
+  · exact is_erc.hasSupply
+  · exact is_erc.hasBalance
+  · exact is_erc.hasAllowance
+  · exact is_erc.storageDom
+  sorry
+
+lemma IsERC20_of_ok_forall_store {erc20} {evm} {s₀ s₁} :
+  IsERC20 erc20 (Ok evm s₀) → IsERC20 erc20 (Ok evm s₁) := by
+  intro is_erc
+  constructor <;> (try simp [State.evm])
+  · exact is_erc.hasSupply
+  · exact is_erc.hasBalance
+  · exact is_erc.hasAllowance
+  · exact is_erc.storageDom
+  sorry
+
+lemma IsERC20_of_ok_of_Preserved {erc20} {store} {σ₀ σ₁} (h : Preserved σ₀ σ₁) : 
+  IsERC20 erc20 (Ok σ₀ store) → IsERC20 erc20 (Ok σ₁ store) := by
+  sorry
+  
+lemma IsERC20_of_preservesEvm {erc20} {s₀ s₁} :
+  preservesEvm s₀ s₁ → IsERC20 erc20 s₀ → IsERC20 erc20 s₁ := by
+  sorry
+
+lemma t {erc20} {s₀ s₁} (is_erc20 : IsERC20 erc20 s₀) (h : preservesEvm s₀ s₁) :
+  ∀ {addr}, addr ∉ s₀.evm.keccak_range ∧ addr ∈ s₁.evm.keccak_range →
+  addr ∉ s₀.evm.storage.keys := by
+  sorry
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/Variables.lean b/Generated/erc20shim/ERC20Shim/Variables.lean
new file mode 100644
index 0000000..cc02ef7
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Variables.lean
@@ -0,0 +1,48 @@
+import Mathlib.Data.Finmap
+import Clear.Ast
+import Clear.EVMState
+import Clear.UInt256
+import Clear.State
+
+open Clear
+
+namespace Generated.erc20shim.ERC20Shim
+
+structure PrivateAddresses where
+  balances    : UInt256
+  allowances  : UInt256
+  totalSupply : UInt256
+  name        : UInt256
+  symbol      : UInt256
+
+def PrivateAddresses.toFinset (p : PrivateAddresses) : Finset UInt256 :=
+  { p.balances, p.allowances, p.totalSupply, p.name, p.symbol }
+
+def ERC20Private : PrivateAddresses :=
+  { balances := 0, allowances := 1, totalSupply := 2, name := 3, symbol := 4 }
+
+namespace Variables
+
+lemma balances_def : ERC20Private.balances = 0 := by
+  unfold ERC20Private
+  simp only
+
+lemma allowances_def : ERC20Private.allowances = 1 := by
+  unfold ERC20Private
+  simp only
+
+lemma totalSupply_def : ERC20Private.totalSupply = 2 := by
+  unfold ERC20Private
+  simp only
+
+lemma name_def : ERC20Private.name = 3 := by
+  unfold ERC20Private
+  simp only
+
+lemma symbol_def : ERC20Private.symbol = 4 := by
+  unfold ERC20Private
+  simp only
+
+end Variables
+
+end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index 1a0d8f7..cadcc00 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -1,10 +1,8 @@
 import Clear.ReasoningPrinciple
 
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
-
 import Generated.erc20shim.ERC20Shim.fun_allowance_gen
 
+import Generated.erc20shim.ERC20Shim.Predicate
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -12,13 +10,397 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-def A_fun_allowance (var : Identifier) (var_owner var_spender : Literal) (s₀ s₉ : State) : Prop := sorry
+set_option maxHeartbeats 1000000
+
+def A_fun_allowance (var : Identifier) (var_owner var_spender : Literal) (s₀ s₉ : State) : Prop :=
+  (∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
+  let owner := Address.ofUInt256 var_owner
+  let spender := Address.ofUInt256 var_spender
+  IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
+  s₉[var]!! = (erc20.allowances.lookup ⟨owner, spender⟩).getD 0 ∧
+  s₉.evm.hash_collision = false)
+  ∨ s₉.evm.hash_collision = true
 
 lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spender} :
   Spec (fun_allowance_concrete_of_code.1 var var_owner var_spender) s₀ s₉ →
   Spec (A_fun_allowance var var_owner var_spender) s₀ s₉ := by
   unfold fun_allowance_concrete_of_code A_fun_allowance
-  sorry
+
+  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+  apply spec_eq
+  clr_funargs
+  rintro hasFuel ⟨s, mapping, ⟨s', mapping', code⟩⟩
+
+  clr_varstore
+
+  -- what we can get right now from mapping function
+  unfold A_mapping_index_access_mapping_address_mapping_address_uint256_of_address
+         A_mapping_index_access_mapping_address_uint256_of_address at mapping
+  clr_spec at mapping
+  
+  
+
+  obtain ⟨⟨preservesEvm, s_isOk, s_isEVMStatePreserved, ⟨⟨intermediate_keccak, keccak_using_intermediate, hStore⟩,hHashCollision⟩⟩, hHashCollision₁⟩ := mapping -- Adds a goal
+  · -- No hash collision from first keccak
+    
+    obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
+    have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_owner), 1] s.evm.keccak_map = some (s["_2"]!!) := by
+      unfold store State.insert at hStore
+      unfold lookup!
+      aesop
+    rw [ ← Variables.allowances_def
+     , s_eq_ok, get_evm_of_ok, ← s_eq_ok
+     ] at keccak
+
+    -- what we can get right now from mapping' function
+    unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
+    clr_spec at mapping'
+    
+    obtain ⟨⟨preservesEvm', s_isOk', s_isEVMStatePreserved', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
+    · -- No hash collision from second keccak
+      left
+      intro erc20 is_erc20 s₀_isEVMState
+      obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
+      have keccak' : Finmap.lookup [↑↑(Address.ofUInt256 (s["var_spender"]!!)), s["_2"]!!] s'.evm.keccak_map = some (s'["_3"]!!) := by
+        rw [s_eq_ok]
+        rw [s_eq_ok] at hStore'
+        rw [s_eq_ok']
+        rw [s_eq_ok'] at hStore'
+        unfold store at hStore'
+        simp at hStore'
+        unfold State.insert at hStore'
+        simp at hStore'
+        conv_lhs => rw[←s_eq_ok]; rw[←s_eq_ok']
+        rw [hStore']
+        unfold lookup!
+        simp
+        exact keccak_using_intermediate'
+      rw [ s_eq_ok', get_evm_of_ok, ← s_eq_ok'
+        ] at keccak'
+
+      -- simplify contract
+      unfold reviveJump at code
+      simp [s_eq_ok, s_eq_ok'] at code
+      rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
+      clr_varstore
+
+      -- get underlying Preserved from preservesEvm
+      rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
+      have hPreserved := Preserved_of_preservesEvm_of_Ok preservesEvm
+
+      -- get underlying Preserved from preservesEvm'
+      rw [ s_eq_ok, s_eq_ok'] at preservesEvm'
+      have hPreserved' := Preserved_of_preservesEvm_of_Ok preservesEvm'
+
+      -- make use of transitivity of Preserved
+      have hPreserved'' : Clear.Preserved evm evmₛ' := Preserved.trans hPreserved hPreserved'
+      
+      refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
+      rw [← code]
+      -- lookup allowance
+      clr_varstore
+      by_cases mem : ⟨Address.ofUInt256 var_owner, Address.ofUInt256 var_spender⟩ ∈ erc20.allowances
+      · -- there is such ⟨owner, spender⟩ in allowances
+        split_ands <;> [skip; aesop]
+
+        obtain ⟨address, intermediate, has_intermediate, has_address, allowance⟩ := is_erc20.hasAllowance mem
+
+        have intermediate_def : s["_2"]!! = intermediate := by
+          rw [s_eq_ok]
+          rw [← Option.some_inj]
+          trans
+          · have := Eq.symm (s_eq_ok ▸ keccak)
+            exact this
+          · exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved has_intermediate
+              ▸ has_intermediate)
+
+        have address_def : s'["_3"]!! = address := by
+          rw [s_eq_ok']
+          rw [← Option.some_inj]
+          trans
+          · have := Eq.symm (s_eq_ok' ▸ keccak')
+            exact this
+          · rw [intermediate_def]
+            have : s["var_spender"]!! = var_spender := by
+              rw [s_eq_ok]
+              rw [s_eq_ok] at hStore
+              unfold store at hStore
+              unfold State.insert at hStore
+              simp at hStore
+              rw [hStore]
+              unfold lookup!
+              simp
+              rw [Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)]
+              simp
+            rw [this]
+            exact (keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address ▸ has_address)
+
+        rw [address_def] at code ⊢
+        rw [ allowance
+          , Option.getD_some
+          , State.get_evm_of_ok
+          , ← sload_eq_of_preserved hPreserved''
+          ]
+      · -- there is *no* such account in allowances
+        -- so sload should return 0
+
+        split_ands <;> [skip; aesop]
+
+        rw [ Finmap.lookup_eq_none.mpr mem
+          , Option.getD_none
+          ]
+
+        -- in order to do that it should be given storage address outside of
+        -- its domain
+        apply sload_of_not_mem_dom
+        have := State.get_evm_of_ok ▸ is_erc20.storageDom
+        rw [ ← storage_eq_of_preserved hPreserved''
+          , this
+          ]
+        clear this
+        simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
+        have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
+          IsERC20_of_ok_of_Preserved hPreserved is_erc20
+        have s_erc20' : IsERC20 erc20 (Ok evmₛ' _) :=
+          IsERC20_of_ok_of_Preserved hPreserved' s_erc20
+
+        split_ands
+        -- address not in balances
+        · intro account account_mem_balances
+          obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
+          rw [ ← keccak'
+            , keccak_map_lookup_eq_of_Preserved_of_lookup
+                hPreserved'' has_address ]
+          by_contra h
+          have : [↑↑account, ERC20Private.balances] ∈ evmₛ'.keccak_map.keys := by
+            rw [Finmap.mem_keys]
+            apply Finmap.lookup_isSome.mp
+            have := get_evm_of_ok ▸ has_address
+            rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' has_address
+              , this ]
+            simp
+          have IsEVMₛ' : evmₛ'.isEVMState := by aesop
+          have keccak_inj := IsEVMₛ'.1 this (Eq.symm h)
+
+          rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+          unfold Fin.ofNat'' at keccak_inj
+          simp at keccak_inj
+          obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
+
+          have : ERC20Private.balances ≠ s["_2"]!! := by
+            obtain blocked_range := get_evm_of_ok ▸ s_erc20.block_acc_range.2.1
+            rw [ keccak ] at blocked_range
+            apply not_mem_private_of_some at blocked_range
+            rw [@ne_comm]
+            unfold PrivateAddresses.toFinset at blocked_range
+            rw [Finset.mem_def] at blocked_range
+            simp at blocked_range -- Fails with: set_option maxHeartbeats 200000
+            exact blocked_range.1
+          contradiction
+
+        -- address not in allowances
+        · intro owner spender owner_spender_mem_allowances
+
+          obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
+            is_erc20.hasAllowance owner_spender_mem_allowances
+
+          rw [ ← keccak'
+          , keccak_map_lookup_eq_of_Preserved_of_lookup
+              hPreserved'' owner_lookup ]
+          by_contra h
+          have : [↑↑owner, ERC20Private.allowances] ∈ evmₛ.keccak_map.keys := by
+            rw [Finmap.mem_keys]
+            apply Finmap.lookup_isSome.mp
+            have owner_lookup' := get_evm_of_ok ▸ owner_lookup
+            have spender_lookup' := get_evm_of_ok ▸ spender_lookup
+            rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved owner_lookup
+              , owner_lookup' ]
+            simp
+          have owner_lookup' := get_evm_of_ok ▸ owner_lookup
+          have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' owner_lookup
+          rw [this] at owner_lookup'
+          have hSpender := h owner_lookup'
+
+
+          have spender_lookup' := get_evm_of_ok ▸ spender_lookup
+          have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved'' spender_lookup'
+          rw [this] at hSpender
+
+          have : [↑↑(Address.ofUInt256 (s["var_spender"]!!)), s["_2"]!!] ∈ evmₛ'.keccak_map.keys := by
+            clear * -keccak_using_intermediate' s_eq_ok'
+            rw [s_eq_ok'] at keccak_using_intermediate'
+            simp at keccak_using_intermediate'
+            exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate'
+          have IsEVMₛ' : evmₛ'.isEVMState := by aesop
+          have keccak_inj := IsEVMₛ'.1 this (Eq.symm hSpender)
+          rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+          unfold Fin.ofNat'' at keccak_inj
+          simp at keccak_inj
+          rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj <;> [skip; exact Address.val_lt_UInt256_size; exact Address.val_lt_UInt256_size]
+
+          obtain ⟨keccak_inj₁, keccak_inj₂⟩ := keccak_inj
+
+
+          have hOwner : owner = Address.ofUInt256 var_owner := by
+            have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved owner_lookup
+            rw [←keccak_inj₂] at owner_lookup
+            rw [←keccak] at owner_lookup
+            have owner_lookup'' := get_evm_of_ok ▸ owner_lookup
+            rw [this] at owner_lookup''
+
+            have : [↑↑(Address.ofUInt256 var_owner), ERC20Private.allowances] ∈ evmₛ.keccak_map.keys := by
+              clear * -keccak_using_intermediate s_eq_ok
+              rw [s_eq_ok] at keccak_using_intermediate
+              simp at keccak_using_intermediate
+              exact Finmap.mem_of_lookup_eq_some keccak_using_intermediate
+            have IsEVMₛ : evmₛ.isEVMState := by aesop
+            have keccak_inj := IsEVMₛ.1 this (Eq.symm owner_lookup'')
+            rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+            unfold Fin.ofNat'' at keccak_inj
+            simp at keccak_inj
+            rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj <;> [skip; exact Address.val_lt_UInt256_size; exact Address.val_lt_UInt256_size]
+            symm
+            exact keccak_inj
+
+          have hSpender : spender = Address.ofUInt256 var_spender := by
+            have : s["var_spender"]!! = var_spender := by
+              rw [s_eq_ok]
+              rw [s_eq_ok] at hStore
+              unfold store at hStore
+              unfold State.insert at hStore
+              simp at hStore
+              rw [hStore]
+              unfold lookup!
+              simp
+              rw [Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)
+                , Finmap.lookup_insert_of_ne _ (by unfold Ne; apply String.ne_of_data_ne; simp)]
+              simp
+            rw [this] at keccak_inj₁
+            symm
+            exact keccak_inj₁
+            done
+          rw [←hOwner, ←hSpender] at mem
+          contradiction
+
+        -- address not in reserved space
+        · obtain blocked_range := get_evm_of_ok ▸ (s_erc20'.block_acc_range.2.2)
+          have := keccak_map_lookup_eq_of_Preserved_of_lookup hPreserved' keccak
+          rw [this] at keccak
+          rw [ keccak ] at blocked_range
+
+          have blocked_range' := blocked_range (↑↑(Address.ofUInt256 (s["var_spender"]!!))) (s["_2"]!!) (by rfl)
+          rw [←Finset.mem_map' Function.Embedding.some]
+
+          -- TODO make simpler:
+          have : Function.Embedding.some (s'["_3"]!!) = (some (s'["_3"]!!)) := by
+            simp
+          rw [this]
+          rw [←keccak']
+          
+          unfold not_mem_private at blocked_range'
+          rw [keccak'] at blocked_range'
+          simp at blocked_range'
+          rw [keccak']
+          simp
+          exact blocked_range'
+
+      done
+    · -- Hash collision from second keccak
+      rename_i hHashCollisionTrue
+      right
+      have :   hash_collision (Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm)
+         = evm.hash_collision := by
+        simp
+      rw [this] at hHashCollision₁
+      by_cases s_isOk' : s'.isOk
+      · obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
+        -- simplify contract
+        unfold reviveJump at code
+        simp [s_eq_ok, s_eq_ok'] at code
+        rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
+        clr_varstore
+
+        rw [←code]
+        aesop
+      · rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
+        · unfold reviveJump at code
+          simp at code
+          rw [←code]
+          aesop
+        · unfold reviveJump at code
+          simp at code
+
+          rename_i j
+          unfold evm at hHashCollisionTrue
+          simp at hHashCollisionTrue
+  · -- Hash collision from first keccak
+    rename_i hHashCollisionTrue
+    right
+
+    by_cases s_isOk : s.isOk
+    · unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
+      clr_spec at mapping'
+      
+      obtain ⟨⟨preservesEvm', s_isOk', s_isEVMStatePreserved', ⟨⟨intermediate_keccak', keccak_using_intermediate', hStore'⟩,hHashCollision'⟩⟩, hHashCollision₁'⟩ := mapping' -- Adds a goal
+
+      have :   hash_collision (Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm)
+          = evm.hash_collision := by
+          simp
+      rw [this] at hHashCollision₁
+      by_cases s_isOk' : s'.isOk
+      · obtain ⟨evmₛ', varstoreₛ', s_eq_ok'⟩ := State_of_isOk s_isOk'
+        -- simplify contract
+        unfold reviveJump at code
+        simp [s_eq_ok'] at code
+        rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
+        clr_varstore
+        
+        · rw [←code]
+          have : Ok evmₛ' varstore⟦var↦sload evmₛ' (s'["_3"]!!)⟧.evm.hash_collision
+                = evmₛ'.hash_collision := by simp
+          rw [this]
+          aesop
+        
+
+      · rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
+        · unfold reviveJump at code
+          simp at code
+          rw [←code]
+          aesop
+          
+        · unfold reviveJump at code
+          simp at code
+          rename_i j
+          rcases j
+      · rename_i hHashCollisionTrue'
+        have : Ok evm Inhabited.default⟦"var_spender"↦var_spender⟧⟦"var_owner"↦var_owner⟧⟦"_1"↦1⟧.evm.hash_collision
+              = evm.hash_collision := by simp
+        rw [this] at hHashCollision₁
+        rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip; aesop_spec; skip]
+        · unfold reviveJump at code
+          simp at code
+          rw [←code]
+          aesop
+          
+        · unfold reviveJump at code
+          simp at code
+          unfold evm at hHashCollisionTrue'
+          simp at hHashCollisionTrue'
+    · unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping'
+      unfold Spec at mapping'
+      rcases s with ⟨evm, varstore⟩ | _ | _ <;> [skip; skip; skip]
+      · aesop
+      · simp at mapping'
+        rcases s' with ⟨evm, varstore⟩ | _ | _ <;> aesop_spec
+      · simp at mapping'
+        rcases s' with ⟨evm, varstore⟩ | _ | _ <;> [skip;skip;skip]
+        · simp at mapping'
+        · simp at mapping'
+        · unfold evm at hHashCollisionTrue
+          simp at hHashCollisionTrue
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index daddd88..5c31c67 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -1,9 +1,9 @@
 import Clear.ReasoningPrinciple
 
-import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
-
+-- import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
 import Generated.erc20shim.ERC20Shim.fun_balanceOf_gen
 
+import Generated.erc20shim.ERC20Shim.Predicate
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -11,13 +11,183 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop := sorry
+section PleaseMoveTheseWhereAppropriatte
+
+variable {jmp : Jump}
+
+@[simp]
+lemma hash_collision_evm_Checkpoint_eq_false : (Checkpoint jmp).evm.hash_collision = false := rfl
+
+end PleaseMoveTheseWhereAppropriatte
+
+def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop :=
+  (∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
+  let account := Address.ofUInt256 var_account
+  IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
+  s₉[var]!! = (erc20.balances.lookup account).getD 0 ∧
+  s₉.evm.hash_collision = false)
+  ∨ s₉.evm.hash_collision = true
 
 lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   Spec (fun_balanceOf_concrete_of_code.1 var var_account) s₀ s₉ →
   Spec (A_fun_balanceOf var var_account) s₀ s₉ := by
   unfold fun_balanceOf_concrete_of_code A_fun_balanceOf
-  sorry
+  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+  apply spec_eq
+  clr_funargs
+  rintro hasFuel ⟨s, mapping, code⟩
+  clr_varstore
+
+  -- what we can get right now from mapping function
+  unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
+  clr_spec at mapping
+
+  -- Discharge the hash-colliding case immediately using `aesop_spec`.
+  rcases mapping with ⟨
+    ⟨preservesEvm, s_isOk, s_isEVMStatePreserved,
+    ⟨⟨keccak_value, keccak_using_keccak_value, hStore⟩,hHashCollision⟩⟩ | _, hHashCollision₁
+  ⟩ <;> [left; rcases s <;> aesop_spec]
+
+  intro erc20 is_erc20 s₀_isEVMState
+
+  obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
+
+  have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_account), 0] s.evm.keccak_map = some (s["_2"]!!) := by
+    unfold store State.insert at hStore
+    unfold lookup!
+    aesop
+
+  rw [ ← Variables.balances_def
+    , s_eq_ok, get_evm_of_ok, ← s_eq_ok
+    ] at keccak
+
+  -- simplify contract
+  unfold reviveJump at code
+  simp [s_eq_ok] at code
+  rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok ] at code
+  clr_varstore
+
+  -- get underlying Preserved from preservesEvm
+  rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
+  have Preserved := Preserved_of_preservesEvm_of_Ok preservesEvm
+
+  refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
+
+  rw [← code]
+  -- lookup balance
+  clr_varstore
+  by_cases mem : Address.ofUInt256 var_account ∈ erc20.balances
+  · -- there is such account in balances
+    split_ands <;> [skip; aesop]
+
+    obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance mem
+
+    have address_def : s["_2"]!! = address := by
+      rw [s_eq_ok]
+      rw [← Option.some_inj]
+      trans
+      · exact Eq.symm (s_eq_ok ▸ keccak)
+      · exact (keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
+          ▸ has_address)
+
+    rw [address_def] at code ⊢
+    rw [ balance
+      , Option.getD_some
+      , State.get_evm_of_ok
+      , ← sload_eq_of_preserved Preserved
+      ]
+
+  · -- there is *no* such account in balances
+    -- so sload should return 0
+  
+    split_ands <;> [skip; aesop]
+
+    rw [ Finmap.lookup_eq_none.mpr mem
+      , Option.getD_none
+      ]
+
+    -- in order to do that it should be given storage address outside of
+    -- it's domain
+    apply sload_of_not_mem_dom
+    have := State.get_evm_of_ok ▸ is_erc20.storageDom
+    rw [ ← storage_eq_of_preserved Preserved
+      , this
+      ]
+    clear this
+    simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
+    have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
+      IsERC20_of_ok_of_Preserved Preserved is_erc20
+
+    split_ands
+    -- address not in balances
+    · intro account account_mem_balances
+      obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
+      rw [ ← keccak
+        , keccak_map_lookup_eq_of_Preserved_of_lookup
+            Preserved has_address ]
+      by_contra h
+      have : [↑↑account, ERC20Private.balances] ∈ evmₛ.keccak_map.keys := by
+        rw [Finmap.mem_keys]
+        apply Finmap.lookup_isSome.mp
+        have := get_evm_of_ok ▸ has_address
+        rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
+          , this ]
+        simp
+      have IsEVMₛ : evmₛ.isEVMState := by aesop
+      have keccak_inj := IsEVMₛ.1 this (Eq.symm h)
+
+      rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
+      unfold Fin.ofNat'' at keccak_inj
+      simp at keccak_inj
+      rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj
+      rw [keccak_inj] at account_mem_balances
+      exact (mem account_mem_balances)
+      · exact Address.ofUInt256_lt_UInt256_size
+      · exact Address.val_lt_UInt256_size
+
+    -- address not in allowances
+    · intro owner spender mem_allowances
+      obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
+        is_erc20.hasAllowance mem_allowances
+      rw [get_evm_of_ok] at owner_lookup spender_lookup
+      have spender_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup Preserved spender_lookup
+      push_neg
+      use erc_intermediate
+      rw [ ← keccak ]
+      by_contra h
+      rw [not_and'] at h
+      apply h at owner_lookup
+      exact owner_lookup
+
+      rw [spender_lookup_s]
+      by_contra h
+      have : [↑↑spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
+        rw [Finmap.mem_keys]
+        apply Finmap.lookup_isSome.mp
+        have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
+        rw [this]
+        simp
+      have IsEVMₛ : evmₛ.isEVMState := by aesop
+      have keccak_inj := IsEVMₛ.1 this h
+      simp at keccak_inj
+      have intermediate_ne_balances : erc_intermediate ≠ ERC20Private.balances := by
+        obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2.1
+        rw [owner_lookup] at blocked_range
+        unfold not_mem_private at blocked_range
+        simp at blocked_range
+        rw [← Finset.forall_mem_not_eq] at blocked_range
+        have bal_mem_private: ERC20Private.balances ∈ ERC20Private.toFinset := by
+          unfold PrivateAddresses.toFinset
+          simp
+        specialize blocked_range ERC20Private.balances
+        exact blocked_range bal_mem_private
+
+      tauto
+    -- address not in reserved space
+    · -- NOTE: Technically can be a one liner with a bit more infrastructure for keccak.
+      -- QUESTION: I don't think it's worth revisiting post-haste; or is it?
+      have blocked_range := keccak ▸ get_evm_of_ok ▸ s_erc20.block_acc_range.1
+      exact not_mem_private_of_some blocked_range
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
index 50a105b..d6cdf7c 100644
--- a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
@@ -2,7 +2,8 @@ import Clear.ReasoningPrinciple
 
 
 import Generated.erc20shim.ERC20Shim.fun_totalSupply_gen
-
+import Generated.erc20shim.ERC20Shim.Predicate
+import Generated.erc20shim.ERC20Shim.Variables
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -10,13 +11,34 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-def A_fun_totalSupply (var_ : Identifier)  (s₀ s₉ : State) : Prop := sorry
+def A_fun_totalSupply (var_ : Identifier) (s₀ s₉ : State) : Prop :=
+  ∀ {erc20}, IsERC20 erc20 s₀ →
+  IsERC20 erc20 s₉ ∧ s₉ = s₀⟦var_ ↦ erc20.supply⟧
 
 lemma fun_totalSupply_abs_of_concrete {s₀ s₉ : State} {var_ } :
   Spec (fun_totalSupply_concrete_of_code.1 var_ ) s₀ s₉ →
   Spec (A_fun_totalSupply var_ ) s₀ s₉ := by
   unfold fun_totalSupply_concrete_of_code A_fun_totalSupply
-  sorry
+  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+  apply spec_eq  
+  clr_funargs
+  intro hasFuel code erc20 is_erc20
+
+  unfold reviveJump at code
+  simp at code
+  rw [ ← State.insert_of_ok,  ← State.insert_of_ok ] at code
+  rw [ ← State.insert_of_ok ]
+  clr_varstore
+
+  have := is_erc20.hasSupply
+  simp at this
+  rw [← Variables.totalSupply_def, this] at code
+
+  apply And.intro
+  · rw [← code]
+    exact IsERC20_of_insert is_erc20
+  · symm
+    assumption
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
index ff0e10f..dc0b2cb 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_mapping_address_uint256_of_address_user.lean
@@ -2,21 +2,22 @@ import Clear.ReasoningPrinciple
 
 
 import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen
-
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_user
 
 namespace Generated.erc20shim.ERC20Shim
 
 section
 
-open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities
 
-def A_mapping_index_access_mapping_address_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop := sorry
+def A_mapping_index_access_mapping_address_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
+  A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key s₀ s₉
 
 lemma mapping_index_access_mapping_address_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
   Spec (mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
   Spec (A_mapping_index_access_mapping_address_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
   unfold mapping_index_access_mapping_address_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_mapping_address_uint256_of_address
-  sorry
+  apply mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index d5574bc..542d840 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -3,6 +3,8 @@ import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_gen
 
+import Generated.erc20shim.ERC20Shim.Predicate
+import Generated.erc20shim.ERC20Shim.Variables
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -10,14 +12,159 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop := sorry
+abbrev AddressMap := Finmap (λ _ : Address ↦ UInt256)
+
+set_option linter.setOption false
+set_option pp.coercions false
+
+def A_mapping_index_access_mapping_address_uint256_of_address (dataSlot : Identifier) (slot key : Literal) (s₀ s₉ : State) : Prop :=
+  ((preservesEvm s₀ s₉ ∧ s₉.isOk ∧ (s₀.evm.isEVMState → s₉.evm.isEVMState) ∧ (∃ keccak,
+  s₉.evm.keccak_map.lookup [ ↑(Address.ofUInt256 key), slot ] = some keccak ∧
+  s₉.store = s₀⟦dataSlot ↦ keccak⟧.store) ∧
+  s₉.evm.hash_collision = false)
+  ∨ s₉.evm.hash_collision = true)
+  ∧ (s₀.evm.hash_collision = true → s₉.evm.hash_collision = true)
+
+-- Helper reifications
+lemma shift_eq_size : Fin.shiftLeft (n := UInt256.size) 1 160 = Address.size := by
+  constructor
+
+lemma EVMAddrSize' {s : State} : (s, [Fin.shiftLeft 1 160]) = (s, [Address.size.toUInt256]) := by
+  simp
+  exact shift_eq_size
 
 lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s₀ s₉ : State} {dataSlot slot key} :
   Spec (mapping_index_access_mapping_address_uint256_of_address_concrete_of_code.1 dataSlot slot key) s₀ s₉ →
   Spec (A_mapping_index_access_mapping_address_uint256_of_address dataSlot slot key) s₀ s₉ := by
   unfold mapping_index_access_mapping_address_uint256_of_address_concrete_of_code A_mapping_index_access_mapping_address_uint256_of_address
-  sorry
+  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+  apply spec_eq
+  intro hasFuel
+  clr_funargs
+  
+  rw [ EVMSub', EVMShl', EVMAddrSize' ]; simp
+  rw [ Address.and_size_eq_ofUInt256 ]
+  rw [ multifill_cons, multifill_nil ]
+  simp
+
+  clr_varstore
+
+  generalize acconut_def : Address.ofUInt256 key = account
+  intro code
+  unfold reviveJump at code
+
+  generalize prep_def : (mstore evm 0 ↑↑account).mstore 32 slot = state_prep at code
+  have Preserved_prep : Preserved evm state_prep := by
+    rw [← prep_def];
+    exact Preserved.trans mstore_preserved mstore_preserved
+
+  split at code
+  case h_1 _ res keccak_eq_some_res =>
+    clr_match at code
+    rw [← code]
+
+    have res_collision := hash_collision_of_keccak256_eq_some keccak_eq_some_res
+    have prep_collision : state_prep.hash_collision = evm.hash_collision := by
+      rw [← prep_def]
+      exact Eq.trans hash_collision_of_mstore hash_collision_of_mstore
+      
+    have preserves_collision :
+      evm.hash_collision = true → Ok res.2 varstore⟦dataSlot↦res.1⟧.evm.hash_collision = true := by      
+      rw [State.insert_of_ok, get_evm_of_ok, res_collision, prep_collision]
+      intro h; exact h
+    
+    apply And.intro
+    swap; exact preserves_collision
+    
+    by_cases h : evm.hash_collision
+    right
+    -- hash_collision from the previous state
+    exact preserves_collision h
+    
+    -- no hash collision from the previous state
+    left; split_ands
+    -- preservesEvm
+    rw [preservesEvm_of_insert']
+    apply preservesEvm_of_preserved
+    rw [get_evm_of_ok, get_evm_of_ok]
+    exact Preserved.trans Preserved_prep (Preserved_of_keccek256 keccak_eq_some_res)
+
+    -- state is ok
+    exact State.isOk_Ok
+    -- s₉.evm.isEVMState
+    intro hIsEVMState
+    obtain ⟨res₁,res₂⟩ := res
+    simp
+    
+    have state_prep_isEVMState : isEVMState state_prep := by
+      rw [←prep_def]
+      
+      unfold isEVMState
+      split_ands
+      unfold isKeccakInjective
+      simp
+      intros a b h₁ h₂
+      rw [mstore_preserves_keccak_map, mstore_preserves_keccak_map] at h₂
+      unfold isEVMState at hIsEVMState
+      aesop
+      
+      unfold isKeccakUsedRange
+      simp  
+      rw [mstore_preserves_keccak_map, mstore_preserves_keccak_map,
+          mstore_preserves_used_range, mstore_preserves_used_range]
+      unfold isEVMState at hIsEVMState
+      aesop
+    
+    apply @isEVMState_of_keccak256 ⟨state_prep, state_prep_isEVMState⟩ _ _ _ _ keccak_eq_some_res
+    
+    -- keccak
+    use res.1
+    split_ands
+    -- keccak lookup for last
+    rotate_left
+    -- varstore preservation
+    rw [State.insert_of_ok]
+    simp only [State.store]
+    
+    -- no hash collision
+    rw [State.insert_of_ok, get_evm_of_ok, res_collision, prep_collision]
+    rw [Bool.eq_false_eq_not_eq_true] at h; exact h
+    
+    -- keccak lookup
+    rw [State.insert_of_ok, get_evm_of_ok]
+    unfold keccak256 at keccak_eq_some_res
+    rw [ interval'_eq_interval 2 two_ne_zero (by norm_cast)
+       , ← prep_def
+       , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
+       , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
+       , interval_of_0_eq_nil
+       ] at keccak_eq_some_res
+    unfold_let at keccak_eq_some_res
+
+    split at keccak_eq_some_res
+    case h_1 _ v h_lookup =>
+      rw [Option.some_inj] at keccak_eq_some_res
+      rw [← keccak_eq_some_res]
+      exact h_lookup
+    case h_2 _ h_lookup =>
+      split at keccak_eq_some_res
+      swap; contradiction
+      rw [Option.some_inj] at keccak_eq_some_res
+      rw [← keccak_eq_some_res]
+      simp only [];
+      rw [Finmap.lookup_insert]
+
+  case h_2 res keccak_eq_none =>
+    clr_match at code
+
+    have final_destination : s₉.evm.hash_collision := by
+      rw [← code, State.insert_of_ok, get_evm_of_ok]
+      exact hash_collision_of_addHashCollision state_prep
+
+    apply And.intro
+    right; exact final_destination
+    intro _; exact final_destination
 
-end
+  end
 
 end Generated.erc20shim.ERC20Shim

From 087fa5cdb36a194b67dbea531b0b83be5d8f594a Mon Sep 17 00:00:00 2001
From: Daniel Britten <daniel.britten@nethermind.io>
Date: Wed, 20 Nov 2024 02:40:58 +0000
Subject: [PATCH 68/89] Add commas to reflect new `clr_varstore` syntax This
 makes the invocations of `clr_varstore,` behave the same as `clr_varstore`
 without the comma did prior to the changes to `Wheels.lean` in 61166b.

---
 Generated/erc20shim/ERC20Shim/fun_allowance_user.lean  | 10 +++++-----
 Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean  |  6 +++---
 .../erc20shim/ERC20Shim/fun_totalSupply_user.lean      |  2 +-
 ...access_mapping_address_uint256_of_address_user.lean |  2 +-
 .../Peano/Common/for_4806375509446804985_user.lean     |  2 +-
 .../Peano/Common/for_727972558926940900_user.lean      |  2 +-
 .../peano/Peano/Common/for_84821961910748561_user.lean |  2 +-
 7 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
index cadcc00..90ef6cf 100644
--- a/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_allowance_user.lean
@@ -31,7 +31,7 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
   clr_funargs
   rintro hasFuel ⟨s, mapping, ⟨s', mapping', code⟩⟩
 
-  clr_varstore
+  clr_varstore,
 
   -- what we can get right now from mapping function
   unfold A_mapping_index_access_mapping_address_mapping_address_uint256_of_address
@@ -82,7 +82,7 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
       unfold reviveJump at code
       simp [s_eq_ok, s_eq_ok'] at code
       rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
-      clr_varstore
+      clr_varstore,
 
       -- get underlying Preserved from preservesEvm
       rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
@@ -98,7 +98,7 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
       refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
       rw [← code]
       -- lookup allowance
-      clr_varstore
+      clr_varstore,
       by_cases mem : ⟨Address.ofUInt256 var_owner, Address.ofUInt256 var_spender⟩ ∈ erc20.allowances
       · -- there is such ⟨owner, spender⟩ in allowances
         split_ands <;> [skip; aesop]
@@ -321,7 +321,7 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
         unfold reviveJump at code
         simp [s_eq_ok, s_eq_ok'] at code
         rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
-        clr_varstore
+        clr_varstore,
 
         rw [←code]
         aesop
@@ -356,7 +356,7 @@ lemma fun_allowance_abs_of_concrete {s₀ s₉ : State} {var var_owner var_spend
         unfold reviveJump at code
         simp [s_eq_ok'] at code
         rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok' ] at code
-        clr_varstore
+        clr_varstore,
         
         · rw [←code]
           have : Ok evmₛ' varstore⟦var↦sload evmₛ' (s'["_3"]!!)⟧.evm.hash_collision
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index 5c31c67..3dcb994 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -36,7 +36,7 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   apply spec_eq
   clr_funargs
   rintro hasFuel ⟨s, mapping, code⟩
-  clr_varstore
+  clr_varstore,
 
   -- what we can get right now from mapping function
   unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
@@ -65,7 +65,7 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
   unfold reviveJump at code
   simp [s_eq_ok] at code
   rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok ] at code
-  clr_varstore
+  clr_varstore,
 
   -- get underlying Preserved from preservesEvm
   rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
@@ -75,7 +75,7 @@ lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
 
   rw [← code]
   -- lookup balance
-  clr_varstore
+  clr_varstore,
   by_cases mem : Address.ofUInt256 var_account ∈ erc20.balances
   · -- there is such account in balances
     split_ands <;> [skip; aesop]
diff --git a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
index d6cdf7c..611d39f 100644
--- a/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_totalSupply_user.lean
@@ -28,7 +28,7 @@ lemma fun_totalSupply_abs_of_concrete {s₀ s₉ : State} {var_ } :
   simp at code
   rw [ ← State.insert_of_ok,  ← State.insert_of_ok ] at code
   rw [ ← State.insert_of_ok ]
-  clr_varstore
+  clr_varstore,
 
   have := is_erc20.hasSupply
   simp at this
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index 542d840..699ba50 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -47,7 +47,7 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
   rw [ multifill_cons, multifill_nil ]
   simp
 
-  clr_varstore
+  clr_varstore,
 
   generalize acconut_def : Address.ofUInt256 key = account
   intro code
diff --git a/Generated/peano/Peano/Common/for_4806375509446804985_user.lean b/Generated/peano/Peano/Common/for_4806375509446804985_user.lean
index 4955a57..034b0c1 100644
--- a/Generated/peano/Peano/Common/for_4806375509446804985_user.lean
+++ b/Generated/peano/Peano/Common/for_4806375509446804985_user.lean
@@ -49,7 +49,7 @@ lemma AOk_for_4806375509446804985 : ∀ s₀ s₂ s₄ s₅, isOk s₀ → isOk
     · split_ifs at h₅
       · aesop_spec
       · simp only [h₇, h₅] at *
-        clr_varstore
+        clr_varstore,
         ring
   · have : isOk (s₂⟦"k"↦s₂["k"]!! - 1⟧) := by aesop
     simp [h₆.symm] at this
diff --git a/Generated/peano/Peano/Common/for_727972558926940900_user.lean b/Generated/peano/Peano/Common/for_727972558926940900_user.lean
index 714ec0c..42d1690 100644
--- a/Generated/peano/Peano/Common/for_727972558926940900_user.lean
+++ b/Generated/peano/Peano/Common/for_727972558926940900_user.lean
@@ -55,7 +55,7 @@ lemma AOk_for_727972558926940900 : ∀ s₀ s₂ s₄ s₅, isOk s₀ → isOk s
   · clr_spec at h₇
     split_ands <;> [skip; aesop_spec; tauto]
     by_cases eq : s₀["k"]!! = 0 <;> simp [eq] at h₅ <;> [simp [h₅] at h₂; skip]
-    rw [h₆] at h₇; rw [h₇.1, h₅]; clr_varstore
+    rw [h₆] at h₇; rw [h₇.1, h₅]; clr_varstore,
     have : ↑(s₀["k"]!! - 1) + 1 < UInt256.size := by simp_arith [fin_eq_lem eq]; zify; omega
     rw [mul_assoc, UInt256.UInt256_pow_succ this]; ring
   · have h : isOk (s₂⟦"k"↦(s₂["k"]!!) - 1⟧) := by aesop
diff --git a/Generated/peano/Peano/Common/for_84821961910748561_user.lean b/Generated/peano/Peano/Common/for_84821961910748561_user.lean
index 7e02a2c..2cba5a3 100644
--- a/Generated/peano/Peano/Common/for_84821961910748561_user.lean
+++ b/Generated/peano/Peano/Common/for_84821961910748561_user.lean
@@ -46,7 +46,7 @@ lemma AOk_for_84821961910748561 : ∀ s₀ s₂ s₄ s₅, isOk s₀ → isOk s
   · clr_spec at h₇
     split_ands <;> [skip; aesop_spec; tauto]
     by_cases eq : s₀["k"]!! = 0 <;> simp [eq] at h₅ <;> [simp [h₅] at h₂; skip]
-    rw [h₆] at h₇; rw [h₇.1.symm, h₅]; clr_varstore
+    rw [h₆] at h₇; rw [h₇.1.symm, h₅]; clr_varstore,
     ring
   · have h : isOk (s₂⟦"k"↦(s₂["k"]!!) - 1⟧) := by aesop
     simp [h₆.symm] at h

From 73ac12faef47e243b426ba65ce5b47bf47b25a98 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Thu, 28 Nov 2024 05:00:24 +0000
Subject: [PATCH 69/89] Add spec for `transferFrom`

See also: https://eips.ethereum.org/EIPS/eip-20
---
 .../ERC20Shim/fun_transferFrom_user.lean      | 41 ++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
index 07e1104..8a4e91c 100644
--- a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
@@ -13,7 +13,46 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-def A_fun_transferFrom (var : Identifier) (var_from var_to var_value : Literal) (s₀ s₉ : State) : Prop := sorry
+def A_fun_transferFrom (var : Identifier) (var_from var_to var_value : Literal) (s₀ s₉ : State) : Prop := 
+  let from_addr := Address.ofUInt256 var_from
+  let to_addr := Address.ofUInt256 var_to
+  let transfer_value : UInt256 := var_value -- in wei
+  (
+    ∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
+    -- Case: transferFrom succeeds
+    (
+      match s₀ with
+      | Ok evm _ => 
+        let balances := 
+          Finmap.insert
+            to_addr
+            (((erc20.balances.lookup to_addr).getD 0) + transfer_value)
+            (
+              Finmap.insert
+                from_addr
+                (((erc20.balances.lookup from_addr).getD 0) - transfer_value)
+                erc20.balances
+            )
+        let allowances :=
+          Finmap.insert
+            (from_addr, evm.execution_env.sender)
+              (((erc20.allowances.lookup (from_addr, evm.execution_env.sender)).getD 0) - transfer_value)
+            erc20.allowances
+        IsERC20 ({ erc20 with balances, allowances }) s₉ ∧ preservesEvm s₀ s₉ ∧
+        s₉[var]!! = 1 ∧
+        s₉.evm.hash_collision = false
+      | _ => IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ -- OutOfFuel or Checkpoint
+    )
+    ∨
+    -- Case: transferFrom fails
+    (
+      IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
+      s₉[var]!! = 0
+    ) 
+    -- Case: Hash collision
+    ∨ s₉.evm.hash_collision = true 
+  )
+  
 
 lemma fun_transferFrom_abs_of_concrete {s₀ s₉ : State} {var var_from var_to var_value} :
   Spec (fun_transferFrom_concrete_of_code.1 var var_from var_to var_value) s₀ s₉ →

From 22a998056c5a0870db7ea00a5291799c0ef34ea3 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Thu, 28 Nov 2024 07:16:30 +0000
Subject: [PATCH 70/89] Fix `transferFrom` spec for transfers from an address
 to itself

---
 .../ERC20Shim/fun_transferFrom_user.lean       | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
index 8a4e91c..0e560de 100644
--- a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
@@ -24,15 +24,17 @@ def A_fun_transferFrom (var : Identifier) (var_from var_to var_value : Literal)
       match s₀ with
       | Ok evm _ => 
         let balances := 
-          Finmap.insert
-            to_addr
-            (((erc20.balances.lookup to_addr).getD 0) + transfer_value)
-            (
+          if from_addr = to_addr then erc20.balances
+            else
               Finmap.insert
-                from_addr
-                (((erc20.balances.lookup from_addr).getD 0) - transfer_value)
-                erc20.balances
-            )
+                to_addr
+                (((erc20.balances.lookup to_addr).getD 0) + transfer_value)
+                (
+                  Finmap.insert
+                    from_addr
+                    (((erc20.balances.lookup from_addr).getD 0) - transfer_value)
+                    erc20.balances
+                )
         let allowances :=
           Finmap.insert
             (from_addr, evm.execution_env.sender)

From 575279f3ada69edbd4df607ea524a06b47e160f3 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Fri, 29 Nov 2024 07:52:49 +0000
Subject: [PATCH 71/89] Add spec and proof for `msgSender`

---
 .../ERC20Shim/fun_msgSender_user.lean         | 34 +++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_msgSender_user.lean b/Generated/erc20shim/ERC20Shim/fun_msgSender_user.lean
index 8103586..58b450d 100644
--- a/Generated/erc20shim/ERC20Shim/fun_msgSender_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_msgSender_user.lean
@@ -10,13 +10,43 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-def A_fun_msgSender (var : Identifier)  (s₀ s₉ : State) : Prop := sorry
+def A_fun_msgSender (var : Identifier)  (s₀ s₉ : State) : Prop := 
+  preservesEvm s₀ s₉ ∧
+  s₉.isOk ∧
+  (s₀.evm.isEVMState → s₉.evm.isEVMState) ∧
+  (s₀.evm.hash_collision = true → s₉.evm.hash_collision) ∧ 
+  (
+    (
+      match s₀ with
+      | Ok evm _ => s₉[var]!! = evm.execution_env.source ∧
+                    s₉.evm.hash_collision = false
+      | _ => s₉.evm.hash_collision = false -- OutOfFuel or Checkpoint
+    )
+    -- Case: Hash collision
+    ∨ s₉.evm.hash_collision = true 
+  )
 
 lemma fun_msgSender_abs_of_concrete {s₀ s₉ : State} {var } :
   Spec (fun_msgSender_concrete_of_code.1 var ) s₀ s₉ →
   Spec (A_fun_msgSender var ) s₀ s₉ := by
   unfold fun_msgSender_concrete_of_code A_fun_msgSender
-  sorry
+  rcases s₀ with ⟨evm₀, varstore₀⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+  apply spec_eq
+  clr_funargs
+  rintro hasFuel code
+  simp at code
+  rw [←code]
+  simp
+  
+  split_ands
+  · unfold preservesEvm
+    rw [← State.insert_of_ok, lookup_insert, State.insert_of_ok]
+    simp
+  · by_cases h : evm₀.hash_collision <;> [(right;assumption);skip]
+    left
+    split_ands <;> [skip;aesop]
+    unfold lookup!
+    simp
 
 end
 

From cc4c09d48344d61c92f03011bfe90211fafc4453 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Fri, 29 Nov 2024 07:54:26 +0000
Subject: [PATCH 72/89] Change `sender` to `source` in `transferFrom` spec

---
 Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
index 0e560de..189efb4 100644
--- a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
@@ -37,8 +37,8 @@ def A_fun_transferFrom (var : Identifier) (var_from var_to var_value : Literal)
                 )
         let allowances :=
           Finmap.insert
-            (from_addr, evm.execution_env.sender)
-              (((erc20.allowances.lookup (from_addr, evm.execution_env.sender)).getD 0) - transfer_value)
+            (from_addr, evm.execution_env.source)
+              (((erc20.allowances.lookup (from_addr, evm.execution_env.source)).getD 0) - transfer_value)
             erc20.allowances
         IsERC20 ({ erc20 with balances, allowances }) s₉ ∧ preservesEvm s₀ s₉ ∧
         s₉[var]!! = 1 ∧

From a4a27215743eb6279ba39b0605374d3732f83e0d Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Mon, 2 Dec 2024 05:00:40 +0000
Subject: [PATCH 73/89] Make `transferFrom` spec more succinct using `evm`
 function

---
 .../ERC20Shim/fun_transferFrom_user.lean      | 51 +++++++++----------
 1 file changed, 24 insertions(+), 27 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
index 189efb4..28483c8 100644
--- a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
@@ -13,7 +13,7 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-def A_fun_transferFrom (var : Identifier) (var_from var_to var_value : Literal) (s₀ s₉ : State) : Prop := 
+def A_fun_transferFrom (var : Identifier) (var_from var_to var_value : Literal) (s₀ s₉ : State) : Prop :=
   let from_addr := Address.ofUInt256 var_from
   let to_addr := Address.ofUInt256 var_to
   let transfer_value : UInt256 := var_value -- in wei
@@ -21,40 +21,37 @@ def A_fun_transferFrom (var : Identifier) (var_from var_to var_value : Literal)
     ∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
     -- Case: transferFrom succeeds
     (
-      match s₀ with
-      | Ok evm _ => 
-        let balances := 
-          if from_addr = to_addr then erc20.balances
-            else
-              Finmap.insert
-                to_addr
-                (((erc20.balances.lookup to_addr).getD 0) + transfer_value)
-                (
-                  Finmap.insert
-                    from_addr
-                    (((erc20.balances.lookup from_addr).getD 0) - transfer_value)
-                    erc20.balances
-                )
-        let allowances :=
-          Finmap.insert
-            (from_addr, evm.execution_env.source)
-              (((erc20.allowances.lookup (from_addr, evm.execution_env.source)).getD 0) - transfer_value)
-            erc20.allowances
-        IsERC20 ({ erc20 with balances, allowances }) s₉ ∧ preservesEvm s₀ s₉ ∧
-        s₉[var]!! = 1 ∧
-        s₉.evm.hash_collision = false
-      | _ => IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ -- OutOfFuel or Checkpoint
+      let balances :=
+        if from_addr = to_addr then erc20.balances
+          else
+            Finmap.insert
+              to_addr
+              (((erc20.balances.lookup to_addr).getD 0) + transfer_value)
+              (
+                Finmap.insert
+                  from_addr
+                  (((erc20.balances.lookup from_addr).getD 0) - transfer_value)
+                  erc20.balances
+              )
+      let allowances :=
+        Finmap.insert
+          (from_addr, s₀.evm.execution_env.source)
+          (((erc20.allowances.lookup (from_addr, s₀.evm.execution_env.source)).getD 0) - transfer_value)
+          erc20.allowances
+      IsERC20 ({ erc20 with balances, allowances }) s₉ ∧ preservesEvm s₀ s₉ ∧
+      s₉[var]!! = 1 ∧
+      s₉.evm.hash_collision = false
     )
     ∨
     -- Case: transferFrom fails
     (
       IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
       s₉[var]!! = 0
-    ) 
+    )
     -- Case: Hash collision
-    ∨ s₉.evm.hash_collision = true 
+    ∨ s₉.evm.hash_collision = true
   )
-  
+
 
 lemma fun_transferFrom_abs_of_concrete {s₀ s₉ : State} {var var_from var_to var_value} :
   Spec (fun_transferFrom_concrete_of_code.1 var var_from var_to var_value) s₀ s₉ →

From 39dfc9afcfababd4f42d3b0d2f9c9a22147047e1 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Mon, 2 Dec 2024 05:15:00 +0000
Subject: [PATCH 74/89] Fix `transferFrom` spec in the case of infinite
 approval

See the Solidity code this comes from: https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v5.0.2/contracts/token/ERC20/ERC20.sol#L307
---
 Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
index 28483c8..b684a73 100644
--- a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
@@ -34,9 +34,11 @@ def A_fun_transferFrom (var : Identifier) (var_from var_to var_value : Literal)
                   erc20.balances
               )
       let allowances :=
+        let currentAllowance := (erc20.allowances.lookup (from_addr, s₀.evm.execution_env.source)).getD 0
+        if currentAllowance = UInt256.top then erc20.allowances else
         Finmap.insert
           (from_addr, s₀.evm.execution_env.source)
-          (((erc20.allowances.lookup (from_addr, s₀.evm.execution_env.source)).getD 0) - transfer_value)
+          (currentAllowance - transfer_value)
           erc20.allowances
       IsERC20 ({ erc20 with balances, allowances }) s₉ ∧ preservesEvm s₀ s₉ ∧
       s₉[var]!! = 1 ∧

From 3c54a7d053264ee6c7b7275d16ab78a92c98bb7b Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Mon, 2 Dec 2024 05:27:20 +0000
Subject: [PATCH 75/89] Add spec for `spendAllowance`

---
 .../ERC20Shim/fun_spendAllowance_user.lean    | 28 ++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
index d5f09a2..5b059dc 100644
--- a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
@@ -14,7 +14,33 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
 
-def A_fun_spendAllowance  (var_owner var_spender var_value : Literal) (s₀ s₉ : State) : Prop := sorry
+def A_fun_spendAllowance  (var_owner var_spender var_value : Literal) (s₀ s₉ : State) : Prop :=
+  let owner_addr := Address.ofUInt256 var_owner
+  let spender_addr := Address.ofUInt256 var_spender
+  let transfer_value : UInt256 := var_value -- in wei
+  (
+    ∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
+    let currentAllowance := (erc20.allowances.lookup (owner_addr, spender_addr)).getD 0
+    -- Case: spendAllowance succeeds
+    (
+        let allowances :=
+          if currentAllowance = UInt256.top then erc20.allowances else
+            Finmap.insert
+              (owner_addr, spender_addr)
+              (currentAllowance - transfer_value)
+              erc20.allowances
+        IsERC20 ({ erc20 with allowances }) s₉ ∧ preservesEvm s₀ s₉ ∧
+        s₉.evm.hash_collision = false
+    )
+    ∨
+    -- Case: spendAllowance fails
+    (
+      IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
+      currentAllowance < transfer_value
+    )
+    -- Case: Hash collision
+    ∨ s₉.evm.hash_collision = true
+  )
 
 lemma fun_spendAllowance_abs_of_concrete {s₀ s₉ : State} { var_owner var_spender var_value} :
   Spec (fun_spendAllowance_concrete_of_code.1  var_owner var_spender var_value) s₀ s₉ →

From 015a2955782eba7c9e37517a5a719ccb297cd57d Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Mon, 2 Dec 2024 05:45:54 +0000
Subject: [PATCH 76/89] Add spec for `_transfer`

---
 .../ERC20Shim/fun__transfer_user.lean         | 33 ++++++++++++++++++-
 1 file changed, 32 insertions(+), 1 deletion(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean b/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
index 2e3a362..d0b2252 100644
--- a/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
@@ -14,7 +14,38 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
 
-def A_fun__transfer  (var_from var_to var_value : Literal) (s₀ s₉ : State) : Prop := sorry
+def A_fun__transfer  (var_from var_to var_value : Literal) (s₀ s₉ : State) : Prop :=
+  let from_addr := Address.ofUInt256 var_from
+  let to_addr := Address.ofUInt256 var_to
+  let transfer_value : UInt256 := var_value -- in wei
+  (
+    ∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
+    -- Case: _transfer succeeds
+    (
+      let balances :=
+        if from_addr = to_addr then erc20.balances
+          else
+            Finmap.insert
+              to_addr
+              (((erc20.balances.lookup to_addr).getD 0) + transfer_value)
+              (
+                Finmap.insert
+                  from_addr
+                  (((erc20.balances.lookup from_addr).getD 0) - transfer_value)
+                  erc20.balances
+              )
+      IsERC20 ({ erc20 with balances }) s₉ ∧ preservesEvm s₀ s₉ ∧
+      s₉.evm.hash_collision = false
+    )
+    ∨
+    -- Case: _transfer fails
+    (
+      IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
+      (from_addr = 0 ∨ to_addr = 0)
+    )
+    -- Case: Hash collision
+    ∨ s₉.evm.hash_collision = true
+  )
 
 lemma fun__transfer_abs_of_concrete {s₀ s₉ : State} { var_from var_to var_value} :
   Spec (fun__transfer_concrete_of_code.1  var_from var_to var_value) s₀ s₉ →

From a8140a146b00f6ad0fd9487dd2814aabd3f13240 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Mon, 2 Dec 2024 05:47:52 +0000
Subject: [PATCH 77/89] Add `hash_collision` condition to specs

---
 Generated/erc20shim/ERC20Shim/fun__transfer_user.lean      | 2 +-
 Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean | 2 +-
 Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean b/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
index d0b2252..83a942e 100644
--- a/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
@@ -40,7 +40,7 @@ def A_fun__transfer  (var_from var_to var_value : Literal) (s₀ s₉ : State) :
     ∨
     -- Case: _transfer fails
     (
-      IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
+      IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧ s₉.evm.hash_collision = false ∧
       (from_addr = 0 ∨ to_addr = 0)
     )
     -- Case: Hash collision
diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
index 5b059dc..55a44ee 100644
--- a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
@@ -35,7 +35,7 @@ def A_fun_spendAllowance  (var_owner var_spender var_value : Literal) (s₀ s₉
     ∨
     -- Case: spendAllowance fails
     (
-      IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
+      IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧ s₉.evm.hash_collision = false ∧
       currentAllowance < transfer_value
     )
     -- Case: Hash collision
diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
index b684a73..bdee7b9 100644
--- a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
@@ -47,7 +47,7 @@ def A_fun_transferFrom (var : Identifier) (var_from var_to var_value : Literal)
     ∨
     -- Case: transferFrom fails
     (
-      IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
+      IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧ s₉.evm.hash_collision = false ∧
       s₉[var]!! = 0
     )
     -- Case: Hash collision

From f74298e5818968278f2e7cade3c4e9b8aba243d8 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Tue, 3 Dec 2024 02:11:58 +0000
Subject: [PATCH 78/89] Refactor update of `allowances` and `balances` Moved
 into `Predicate.lean`

---
 Generated/erc20shim/ERC20Shim/Predicate.lean  | 25 +++++++++++++++++--
 .../ERC20Shim/fun__transfer_user.lean         | 15 +++--------
 .../ERC20Shim/fun_spendAllowance_user.lean    |  8 ++----
 .../ERC20Shim/fun_transferFrom_user.lean      | 22 +++-------------
 4 files changed, 31 insertions(+), 39 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/Predicate.lean b/Generated/erc20shim/ERC20Shim/Predicate.lean
index f284fa5..19b9b63 100644
--- a/Generated/erc20shim/ERC20Shim/Predicate.lean
+++ b/Generated/erc20shim/ERC20Shim/Predicate.lean
@@ -97,10 +97,10 @@ lemma IsERC20_of_ok_forall_store {erc20} {evm} {s₀ s₁} :
   · exact is_erc.storageDom
   sorry
 
-lemma IsERC20_of_ok_of_Preserved {erc20} {store} {σ₀ σ₁} (h : Preserved σ₀ σ₁) : 
+lemma IsERC20_of_ok_of_Preserved {erc20} {store} {σ₀ σ₁} (h : Preserved σ₀ σ₁) :
   IsERC20 erc20 (Ok σ₀ store) → IsERC20 erc20 (Ok σ₁ store) := by
   sorry
-  
+
 lemma IsERC20_of_preservesEvm {erc20} {s₀ s₁} :
   preservesEvm s₀ s₁ → IsERC20 erc20 s₀ → IsERC20 erc20 s₁ := by
   sorry
@@ -110,4 +110,25 @@ lemma t {erc20} {s₀ s₁} (is_erc20 : IsERC20 erc20 s₀) (h : preservesEvm s
   addr ∉ s₀.evm.storage.keys := by
   sorry
 
+def update_balances (erc20 : ERC20) from_addr to_addr transfer_value :=
+  if from_addr = to_addr then erc20.balances
+  else
+    Finmap.insert
+      to_addr
+      (((erc20.balances.lookup to_addr).getD 0) + transfer_value)
+      (
+        Finmap.insert
+          from_addr
+          (((erc20.balances.lookup from_addr).getD 0) - transfer_value)
+          erc20.balances
+      )
+
+def update_allowances (erc20 : ERC20) owner_addr spender_addr transfer_value :=
+  let currentAllowance := (erc20.allowances.lookup (owner_addr, spender_addr)).getD 0
+  if currentAllowance = UInt256.top then erc20.allowances else
+  Finmap.insert
+    (owner_addr, spender_addr)
+    (currentAllowance - transfer_value)
+    erc20.allowances
+
 end Generated.erc20shim.ERC20Shim
diff --git a/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean b/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
index 83a942e..b744cb3 100644
--- a/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
@@ -7,6 +7,8 @@ import Generated.erc20shim.ERC20Shim.fun_update
 
 import Generated.erc20shim.ERC20Shim.fun__transfer_gen
 
+import Generated.erc20shim.ERC20Shim.Predicate
+
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -22,18 +24,7 @@ def A_fun__transfer  (var_from var_to var_value : Literal) (s₀ s₉ : State) :
     ∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
     -- Case: _transfer succeeds
     (
-      let balances :=
-        if from_addr = to_addr then erc20.balances
-          else
-            Finmap.insert
-              to_addr
-              (((erc20.balances.lookup to_addr).getD 0) + transfer_value)
-              (
-                Finmap.insert
-                  from_addr
-                  (((erc20.balances.lookup from_addr).getD 0) - transfer_value)
-                  erc20.balances
-              )
+      let balances := update_balances erc20 from_addr to_addr transfer_value
       IsERC20 ({ erc20 with balances }) s₉ ∧ preservesEvm s₀ s₉ ∧
       s₉.evm.hash_collision = false
     )
diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
index 55a44ee..9ff541c 100644
--- a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
@@ -7,6 +7,7 @@ import Generated.erc20shim.ERC20Shim.fun__approve
 
 import Generated.erc20shim.ERC20Shim.fun_spendAllowance_gen
 
+import Generated.erc20shim.ERC20Shim.Predicate
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -23,12 +24,7 @@ def A_fun_spendAllowance  (var_owner var_spender var_value : Literal) (s₀ s₉
     let currentAllowance := (erc20.allowances.lookup (owner_addr, spender_addr)).getD 0
     -- Case: spendAllowance succeeds
     (
-        let allowances :=
-          if currentAllowance = UInt256.top then erc20.allowances else
-            Finmap.insert
-              (owner_addr, spender_addr)
-              (currentAllowance - transfer_value)
-              erc20.allowances
+        let allowances := update_allowances erc20 owner_addr spender_addr transfer_value
         IsERC20 ({ erc20 with allowances }) s₉ ∧ preservesEvm s₀ s₉ ∧
         s₉.evm.hash_collision = false
     )
diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
index bdee7b9..04684a7 100644
--- a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
@@ -6,6 +6,7 @@ import Generated.erc20shim.ERC20Shim.fun__transfer
 
 import Generated.erc20shim.ERC20Shim.fun_transferFrom_gen
 
+import Generated.erc20shim.ERC20Shim.Predicate
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -21,25 +22,8 @@ def A_fun_transferFrom (var : Identifier) (var_from var_to var_value : Literal)
     ∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
     -- Case: transferFrom succeeds
     (
-      let balances :=
-        if from_addr = to_addr then erc20.balances
-          else
-            Finmap.insert
-              to_addr
-              (((erc20.balances.lookup to_addr).getD 0) + transfer_value)
-              (
-                Finmap.insert
-                  from_addr
-                  (((erc20.balances.lookup from_addr).getD 0) - transfer_value)
-                  erc20.balances
-              )
-      let allowances :=
-        let currentAllowance := (erc20.allowances.lookup (from_addr, s₀.evm.execution_env.source)).getD 0
-        if currentAllowance = UInt256.top then erc20.allowances else
-        Finmap.insert
-          (from_addr, s₀.evm.execution_env.source)
-          (currentAllowance - transfer_value)
-          erc20.allowances
+      let balances := update_balances erc20 from_addr to_addr transfer_value
+      let allowances := update_allowances erc20 from_addr s₀.evm.execution_env.source transfer_value
       IsERC20 ({ erc20 with balances, allowances }) s₉ ∧ preservesEvm s₀ s₉ ∧
       s₉[var]!! = 1 ∧
       s₉.evm.hash_collision = false

From 3e3594784ef9d336bca2da8d25dc20ce2949e1ce Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Tue, 3 Dec 2024 02:31:53 +0000
Subject: [PATCH 79/89] Add missing `ne` assumption to `mstore_mstore_of_ne`
 Also add `sorry`s where this lemma was used.

---
 Clear/EVMState.lean                                          | 5 +++--
 ...index_access_mapping_address_uint256_of_address_user.lean | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/Clear/EVMState.lean b/Clear/EVMState.lean
index cbcd6c5..0511ac5 100644
--- a/Clear/EVMState.lean
+++ b/Clear/EVMState.lean
@@ -2249,12 +2249,13 @@ lemma mstore_mstore :
   exact update_update
 
 lemma mstore_mstore_of_ne :
+  (h : ∀ {a}, a ∈ offsets_at addr' → a ∉ offsets_at addr) →
   mstore (mstore evm addr val) addr' val' =
     mstore (mstore evm addr' val') addr val := by
+  intros h
   unfold mstore updateMemory
   simp
-  refine update_update_of_ne ?_
-  sorry
+  exact update_update_of_ne h
 
 lemma lookup_mstore :
   (mstore evm p val).machine_state.memory.lookupWord p = val := by
diff --git a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
index 699ba50..8757a48 100644
--- a/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
+++ b/Generated/erc20shim/ERC20Shim/mapping_index_access_mapping_address_uint256_of_address_user.lean
@@ -135,8 +135,8 @@ lemma mapping_index_access_mapping_address_uint256_of_address_abs_of_concrete {s
     unfold keccak256 at keccak_eq_some_res
     rw [ interval'_eq_interval 2 two_ne_zero (by norm_cast)
        , ← prep_def
-       , mstore_mstore_of_ne, interval_of_mstore_eq_val_cons
-       , mstore_mstore_of_ne, zero_add, interval_of_mstore_eq_val_cons
+       , mstore_mstore_of_ne (by sorry), interval_of_mstore_eq_val_cons
+       , mstore_mstore_of_ne (by sorry), zero_add, interval_of_mstore_eq_val_cons
        , interval_of_0_eq_nil
        ] at keccak_eq_some_res
     unfold_let at keccak_eq_some_res

From 9b20b3f5c5bfd842ee07d20a40d5212435f492aa Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Tue, 3 Dec 2024 03:00:02 +0000
Subject: [PATCH 80/89] Improve `msgSender` spec and proof

---
 .../ERC20Shim/fun_msgSender_user.lean         | 30 +++++--------------
 1 file changed, 8 insertions(+), 22 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_msgSender_user.lean b/Generated/erc20shim/ERC20Shim/fun_msgSender_user.lean
index 58b450d..4e62b4d 100644
--- a/Generated/erc20shim/ERC20Shim/fun_msgSender_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_msgSender_user.lean
@@ -11,20 +11,13 @@ section
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
 def A_fun_msgSender (var : Identifier)  (s₀ s₉ : State) : Prop := 
-  preservesEvm s₀ s₉ ∧
+  ((preservesEvm s₀ s₉ ∧
   s₉.isOk ∧
   (s₀.evm.isEVMState → s₉.evm.isEVMState) ∧
-  (s₀.evm.hash_collision = true → s₉.evm.hash_collision) ∧ 
-  (
-    (
-      match s₀ with
-      | Ok evm _ => s₉[var]!! = evm.execution_env.source ∧
-                    s₉.evm.hash_collision = false
-      | _ => s₉.evm.hash_collision = false -- OutOfFuel or Checkpoint
-    )
-    -- Case: Hash collision
-    ∨ s₉.evm.hash_collision = true 
-  )
+  s₉[var]!! = s₀.evm.execution_env.source ∧
+  s₉.evm.hash_collision = false)
+  ∨ s₉.evm.hash_collision = true)
+  ∧ (s₀.evm.hash_collision = true → s₉.evm.hash_collision) 
 
 lemma fun_msgSender_abs_of_concrete {s₀ s₉ : State} {var } :
   Spec (fun_msgSender_concrete_of_code.1 var ) s₀ s₉ →
@@ -36,17 +29,10 @@ lemma fun_msgSender_abs_of_concrete {s₀ s₉ : State} {var } :
   rintro hasFuel code
   simp at code
   rw [←code]
+  unfold preservesEvm
+  rw [← State.insert_of_ok, lookup_insert, State.insert_of_ok]
+  unfold lookup!
   simp
-  
-  split_ands
-  · unfold preservesEvm
-    rw [← State.insert_of_ok, lookup_insert, State.insert_of_ok]
-    simp
-  · by_cases h : evm₀.hash_collision <;> [(right;assumption);skip]
-    left
-    split_ands <;> [skip;aesop]
-    unfold lookup!
-    simp
 
 end
 

From 3b6c0edb862ebe27fb47b643005b1b6164a797f6 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Tue, 3 Dec 2024 04:33:27 +0000
Subject: [PATCH 81/89] Add preservation of hash collision to specs of
 `spendAllowance` and `_transfer`

---
 Generated/erc20shim/ERC20Shim/fun__transfer_user.lean      | 5 +++--
 Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean b/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
index b744cb3..29532f3 100644
--- a/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
@@ -23,7 +23,7 @@ def A_fun__transfer  (var_from var_to var_value : Literal) (s₀ s₉ : State) :
   (
     ∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
     -- Case: _transfer succeeds
-    (
+    ((
       let balances := update_balances erc20 from_addr to_addr transfer_value
       IsERC20 ({ erc20 with balances }) s₉ ∧ preservesEvm s₀ s₉ ∧
       s₉.evm.hash_collision = false
@@ -35,7 +35,8 @@ def A_fun__transfer  (var_from var_to var_value : Literal) (s₀ s₉ : State) :
       (from_addr = 0 ∨ to_addr = 0)
     )
     -- Case: Hash collision
-    ∨ s₉.evm.hash_collision = true
+    ∨ s₉.evm.hash_collision = true)
+    ∧ (s₀.evm.hash_collision = true → s₉.evm.hash_collision) 
   )
 
 lemma fun__transfer_abs_of_concrete {s₀ s₉ : State} { var_from var_to var_value} :
diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
index 9ff541c..55b1cc6 100644
--- a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
@@ -23,7 +23,7 @@ def A_fun_spendAllowance  (var_owner var_spender var_value : Literal) (s₀ s₉
     ∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
     let currentAllowance := (erc20.allowances.lookup (owner_addr, spender_addr)).getD 0
     -- Case: spendAllowance succeeds
-    (
+    ((
         let allowances := update_allowances erc20 owner_addr spender_addr transfer_value
         IsERC20 ({ erc20 with allowances }) s₉ ∧ preservesEvm s₀ s₉ ∧
         s₉.evm.hash_collision = false
@@ -35,7 +35,8 @@ def A_fun_spendAllowance  (var_owner var_spender var_value : Literal) (s₀ s₉
       currentAllowance < transfer_value
     )
     -- Case: Hash collision
-    ∨ s₉.evm.hash_collision = true
+    ∨ s₉.evm.hash_collision = true)
+    ∧ (s₀.evm.hash_collision = true → s₉.evm.hash_collision) 
   )
 
 lemma fun_spendAllowance_abs_of_concrete {s₀ s₉ : State} { var_owner var_spender var_value} :

From b26307886a77313feb5039f70087aca92a5b8443 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Tue, 3 Dec 2024 04:35:04 +0000
Subject: [PATCH 82/89] Add outline of `transferFrom` proof Includes multiple
 `sorry`s.

---
 .../ERC20Shim/fun_transferFrom_user.lean      | 38 ++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
index 04684a7..5bbd778 100644
--- a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
@@ -42,8 +42,44 @@ def A_fun_transferFrom (var : Identifier) (var_from var_to var_value : Literal)
 lemma fun_transferFrom_abs_of_concrete {s₀ s₉ : State} {var var_from var_to var_value} :
   Spec (fun_transferFrom_concrete_of_code.1 var var_from var_to var_value) s₀ s₉ →
   Spec (A_fun_transferFrom var var_from var_to var_value) s₀ s₉ := by
+
   unfold fun_transferFrom_concrete_of_code A_fun_transferFrom
-  sorry
+
+  rcases s₀ with ⟨evm₀, varstore₀⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
+  apply spec_eq
+  clr_funargs
+  
+  rintro hasFuel ⟨s₁, hMsgSender, ⟨s₂, hSpendAllowance, ⟨s₃, h_transfer, code⟩⟩⟩
+  -- clr_varstore, -- does nothing
+
+  unfold A_fun_msgSender at hMsgSender
+  unfold A_fun_spendAllowance at hSpendAllowance
+  unfold A_fun__transfer at h_transfer
+  
+  -- clr_spec times out
+  apply Spec_ok_unfold (by sorry) (by sorry) at hMsgSender
+  apply Spec_ok_unfold (by sorry) (by sorry) at hSpendAllowance
+  apply Spec_ok_unfold (by sorry) (by sorry) at h_transfer
+  
+  simp only [State.insert, isOk_insert, isOk_Ok, evm_insert, get_evm_of_ok] at hMsgSender
+  simp only [Fin.isValue, Fin.natCast_eq_last, UInt256.size, Nat.reducePow, and_imp] at hSpendAllowance
+  simp only [Fin.isValue, and_imp] at h_transfer
+  
+  intro erc20 is_erc20 s₀_isEVMState
+  
+  rcases hMsgSender with ⟨⟨preservesEvm₁,s₁_isOk, s₁_isEVMStatePreserved, hMsgSenderVar, hNoHashCollision₁⟩| hHasHashCollision₁, hPreservesCollision₁⟩ <;> [skip;sorry]
+  
+  rcases (@hSpendAllowance erc20 (by sorry) (by sorry)) with ⟨ ⟨s₂_isERC20, preservesEvm₂, hNoHashCollision₂⟩ | ⟨s₂_isERC20, preservesEvm₂, hNoHashCollision₂, hCurrentAllowance_lt_transfer_value⟩ | hHasHashCollision₂, hPreservesCollision₂⟩  <;> [skip;sorry;sorry]
+  
+  rcases (@h_transfer erc20 (by sorry) (by sorry)) with ⟨ ⟨s₃_isERC20, preservesEvm₃, hNoHashCollision₃⟩ | ⟨s₃_isERC20, preservesEvm₃, hNoHashCollision₃, hInvolvesBurnAddress⟩ | hHasHashCollision₃ , hPreservesCollision₃⟩ <;> [skip;sorry;sorry]
+  
+  left
+  split_ands
+  
+  · sorry
+  · sorry
+  · sorry
+  · sorry
 
 end
 

From c3e435945a02ab2de7ff5f9103b6e8f30ea1fced Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Tue, 3 Dec 2024 06:04:31 +0000
Subject: [PATCH 83/89] Add `isOk` to specs For `_transfer` and
 `spendAllowance`

---
 Generated/erc20shim/ERC20Shim/fun__transfer_user.lean      | 2 +-
 Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean | 2 +-
 Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean   | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean b/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
index 29532f3..b3688d6 100644
--- a/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
@@ -25,7 +25,7 @@ def A_fun__transfer  (var_from var_to var_value : Literal) (s₀ s₉ : State) :
     -- Case: _transfer succeeds
     ((
       let balances := update_balances erc20 from_addr to_addr transfer_value
-      IsERC20 ({ erc20 with balances }) s₉ ∧ preservesEvm s₀ s₉ ∧
+      IsERC20 ({ erc20 with balances }) s₉ ∧ preservesEvm s₀ s₉ ∧ s₉.isOk ∧
       s₉.evm.hash_collision = false
     )
     ∨
diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
index 55b1cc6..867b6c6 100644
--- a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
@@ -25,7 +25,7 @@ def A_fun_spendAllowance  (var_owner var_spender var_value : Literal) (s₀ s₉
     -- Case: spendAllowance succeeds
     ((
         let allowances := update_allowances erc20 owner_addr spender_addr transfer_value
-        IsERC20 ({ erc20 with allowances }) s₉ ∧ preservesEvm s₀ s₉ ∧
+        IsERC20 ({ erc20 with allowances }) s₉ ∧ preservesEvm s₀ s₉ ∧ s₉.isOk ∧
         s₉.evm.hash_collision = false
     )
     ∨
diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
index 5bbd778..278867b 100644
--- a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
@@ -69,9 +69,9 @@ lemma fun_transferFrom_abs_of_concrete {s₀ s₉ : State} {var var_from var_to
   
   rcases hMsgSender with ⟨⟨preservesEvm₁,s₁_isOk, s₁_isEVMStatePreserved, hMsgSenderVar, hNoHashCollision₁⟩| hHasHashCollision₁, hPreservesCollision₁⟩ <;> [skip;sorry]
   
-  rcases (@hSpendAllowance erc20 (by sorry) (by sorry)) with ⟨ ⟨s₂_isERC20, preservesEvm₂, hNoHashCollision₂⟩ | ⟨s₂_isERC20, preservesEvm₂, hNoHashCollision₂, hCurrentAllowance_lt_transfer_value⟩ | hHasHashCollision₂, hPreservesCollision₂⟩  <;> [skip;sorry;sorry]
+  rcases (@hSpendAllowance erc20 (by sorry) (by sorry)) with ⟨ ⟨s₂_isERC20, preservesEvm₂, s₂_isOk, hNoHashCollision₂⟩ | ⟨s₂_isERC20, preservesEvm₂, hNoHashCollision₂, hCurrentAllowance_lt_transfer_value⟩ | hHasHashCollision₂, hPreservesCollision₂⟩  <;> [skip;sorry;sorry]
   
-  rcases (@h_transfer erc20 (by sorry) (by sorry)) with ⟨ ⟨s₃_isERC20, preservesEvm₃, hNoHashCollision₃⟩ | ⟨s₃_isERC20, preservesEvm₃, hNoHashCollision₃, hInvolvesBurnAddress⟩ | hHasHashCollision₃ , hPreservesCollision₃⟩ <;> [skip;sorry;sorry]
+  rcases (@h_transfer erc20 (by sorry) (by sorry)) with ⟨ ⟨s₃_isERC20, preservesEvm₃, s₃_isOk, hNoHashCollision₃⟩ | ⟨s₃_isERC20, preservesEvm₃, hNoHashCollision₃, hInvolvesBurnAddress⟩ | hHasHashCollision₃ , hPreservesCollision₃⟩ <;> [skip;sorry;sorry]
   
   left
   split_ands

From 826814cd971c10d8c9936584ff398c8308c65cd6 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Tue, 3 Dec 2024 06:14:04 +0000
Subject: [PATCH 84/89] Remove `preservesEvm` from `transferFrom`, `_transfer`
 and `spendAllowance` specs, in the success cases These functions are not
 pure.

---
 Generated/erc20shim/ERC20Shim/fun__transfer_user.lean      | 2 +-
 Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean | 2 +-
 Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean   | 7 +++----
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean b/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
index b3688d6..962a162 100644
--- a/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun__transfer_user.lean
@@ -25,7 +25,7 @@ def A_fun__transfer  (var_from var_to var_value : Literal) (s₀ s₉ : State) :
     -- Case: _transfer succeeds
     ((
       let balances := update_balances erc20 from_addr to_addr transfer_value
-      IsERC20 ({ erc20 with balances }) s₉ ∧ preservesEvm s₀ s₉ ∧ s₉.isOk ∧
+      IsERC20 ({ erc20 with balances }) s₉ ∧ s₉.isOk ∧
       s₉.evm.hash_collision = false
     )
     ∨
diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
index 867b6c6..91263a9 100644
--- a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
@@ -25,7 +25,7 @@ def A_fun_spendAllowance  (var_owner var_spender var_value : Literal) (s₀ s₉
     -- Case: spendAllowance succeeds
     ((
         let allowances := update_allowances erc20 owner_addr spender_addr transfer_value
-        IsERC20 ({ erc20 with allowances }) s₉ ∧ preservesEvm s₀ s₉ ∧ s₉.isOk ∧
+        IsERC20 ({ erc20 with allowances }) s₉ ∧ s₉.isOk ∧
         s₉.evm.hash_collision = false
     )
     ∨
diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
index 278867b..51c1d55 100644
--- a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
@@ -24,7 +24,7 @@ def A_fun_transferFrom (var : Identifier) (var_from var_to var_value : Literal)
     (
       let balances := update_balances erc20 from_addr to_addr transfer_value
       let allowances := update_allowances erc20 from_addr s₀.evm.execution_env.source transfer_value
-      IsERC20 ({ erc20 with balances, allowances }) s₉ ∧ preservesEvm s₀ s₉ ∧
+      IsERC20 ({ erc20 with balances, allowances }) s₉ ∧
       s₉[var]!! = 1 ∧
       s₉.evm.hash_collision = false
     )
@@ -69,9 +69,9 @@ lemma fun_transferFrom_abs_of_concrete {s₀ s₉ : State} {var var_from var_to
   
   rcases hMsgSender with ⟨⟨preservesEvm₁,s₁_isOk, s₁_isEVMStatePreserved, hMsgSenderVar, hNoHashCollision₁⟩| hHasHashCollision₁, hPreservesCollision₁⟩ <;> [skip;sorry]
   
-  rcases (@hSpendAllowance erc20 (by sorry) (by sorry)) with ⟨ ⟨s₂_isERC20, preservesEvm₂, s₂_isOk, hNoHashCollision₂⟩ | ⟨s₂_isERC20, preservesEvm₂, hNoHashCollision₂, hCurrentAllowance_lt_transfer_value⟩ | hHasHashCollision₂, hPreservesCollision₂⟩  <;> [skip;sorry;sorry]
+  rcases (@hSpendAllowance erc20 (by sorry) (by sorry)) with ⟨ ⟨s₂_isERC20, s₂_isOk, hNoHashCollision₂⟩ | ⟨s₂_isERC20, preservesEvm₂, hNoHashCollision₂, hCurrentAllowance_lt_transfer_value⟩ | hHasHashCollision₂, hPreservesCollision₂⟩  <;> [skip;sorry;sorry]
   
-  rcases (@h_transfer erc20 (by sorry) (by sorry)) with ⟨ ⟨s₃_isERC20, preservesEvm₃, s₃_isOk, hNoHashCollision₃⟩ | ⟨s₃_isERC20, preservesEvm₃, hNoHashCollision₃, hInvolvesBurnAddress⟩ | hHasHashCollision₃ , hPreservesCollision₃⟩ <;> [skip;sorry;sorry]
+  rcases (@h_transfer erc20 (by sorry) (by sorry)) with ⟨ ⟨s₃_isERC20, s₃_isOk, hNoHashCollision₃⟩ | ⟨s₃_isERC20, preservesEvm₃, hNoHashCollision₃, hInvolvesBurnAddress⟩ | hHasHashCollision₃ , hPreservesCollision₃⟩ <;> [skip;sorry;sorry]
   
   left
   split_ands
@@ -79,7 +79,6 @@ lemma fun_transferFrom_abs_of_concrete {s₀ s₉ : State} {var var_from var_to
   · sorry
   · sorry
   · sorry
-  · sorry
 
 end
 

From 8351077b4aefdee193ee5c4acb71d98fa6b05760 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Tue, 3 Dec 2024 06:18:09 +0000
Subject: [PATCH 85/89] Add to outline of `transferFrom` proof

---
 .../ERC20Shim/fun_transferFrom_user.lean      | 35 ++++++++++++++++---
 1 file changed, 31 insertions(+), 4 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
index 51c1d55..77a656d 100644
--- a/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_transferFrom_user.lean
@@ -24,7 +24,7 @@ def A_fun_transferFrom (var : Identifier) (var_from var_to var_value : Literal)
     (
       let balances := update_balances erc20 from_addr to_addr transfer_value
       let allowances := update_allowances erc20 from_addr s₀.evm.execution_env.source transfer_value
-      IsERC20 ({ erc20 with balances, allowances }) s₉ ∧
+      IsERC20 ({ erc20 with balances, allowances }) s₉ ∧ 
       s₉[var]!! = 1 ∧
       s₉.evm.hash_collision = false
     )
@@ -76,9 +76,36 @@ lemma fun_transferFrom_abs_of_concrete {s₀ s₉ : State} {var var_from var_to
   left
   split_ands
   
-  · sorry
-  · sorry
-  · sorry
+  · -- IsERC20
+    rcases s₃ with ⟨evm₃, varstore₃⟩ | _ | _ <;> [skip; aesop; aesop]
+    simp only [Fin.isValue, isOk_Ok, revive_of_ok] at code
+    rw [←code]
+    simp
+    apply IsERC20.mk
+    · simp
+      have := s₃_isERC20.hasSupply
+      rw [←this]
+      simp
+    · simp
+      intros acc acc_in_bal
+      have := @IsERC20.hasBalance _ _ s₃_isERC20 acc (by sorry)
+      obtain ⟨addr, ⟨hAddr₁, hAddr₂⟩⟩ := this
+      exists addr
+      split_ands
+      · sorry
+      · simp only [get_evm_of_ok] at hAddr₂
+        rw [←hAddr₂]
+        have hFrom : var_from = s₂["var_from"]!! := by sorry
+        have hTo : var_to = s₂["var_to"]!! := by sorry
+        have hValue : var_value = s₂["var_value"]!! := by sorry
+        rw [←hFrom, ←hTo, ←hValue]      
+    · sorry
+    · sorry
+    · sorry
+  · -- transferFrom returns true (success)
+    sorry
+  · -- No hash collision
+    sorry
 
 end
 

From 43f1c455a789c5db98d7729e9e5cca286ccd5eb4 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Wed, 4 Dec 2024 04:26:36 +0000
Subject: [PATCH 86/89] Add notation for `Finmap.insert` in `Predicate.lean`

---
 Generated/erc20shim/ERC20Shim/Predicate.lean | 23 ++++++++------------
 1 file changed, 9 insertions(+), 14 deletions(-)

diff --git a/Generated/erc20shim/ERC20Shim/Predicate.lean b/Generated/erc20shim/ERC20Shim/Predicate.lean
index 19b9b63..696820a 100644
--- a/Generated/erc20shim/ERC20Shim/Predicate.lean
+++ b/Generated/erc20shim/ERC20Shim/Predicate.lean
@@ -110,25 +110,20 @@ lemma t {erc20} {s₀ s₁} (is_erc20 : IsERC20 erc20 s₀) (h : preservesEvm s
   addr ∉ s₀.evm.storage.keys := by
   sorry
 
+notation m "⟦" k "↦ₘ" v "⟧" => Finmap.insert k v m
+      
 def update_balances (erc20 : ERC20) from_addr to_addr transfer_value :=
-  if from_addr = to_addr then erc20.balances
-  else
-    Finmap.insert
-      to_addr
-      (((erc20.balances.lookup to_addr).getD 0) + transfer_value)
-      (
-        Finmap.insert
-          from_addr
-          (((erc20.balances.lookup from_addr).getD 0) - transfer_value)
-          erc20.balances
-      )
+  let from_balance := ((erc20.balances.lookup from_addr).getD 0)
+  let to_balance := ((erc20.balances.lookup to_addr).getD 0)
+  if from_addr = to_addr then erc20.balances else
+    erc20.balances
+      ⟦ from_addr ↦ₘ (from_balance - transfer_value) ⟧
+      ⟦ to_addr ↦ₘ (to_balance + transfer_value) ⟧
 
 def update_allowances (erc20 : ERC20) owner_addr spender_addr transfer_value :=
   let currentAllowance := (erc20.allowances.lookup (owner_addr, spender_addr)).getD 0
   if currentAllowance = UInt256.top then erc20.allowances else
-  Finmap.insert
-    (owner_addr, spender_addr)
-    (currentAllowance - transfer_value)
     erc20.allowances
+      ⟦(owner_addr, spender_addr) ↦ₘ (currentAllowance - transfer_value)⟧
 
 end Generated.erc20shim.ERC20Shim

From 4c879c2fe6648541697b642c43ba102ea4825992 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Thu, 5 Dec 2024 04:09:34 +0000
Subject: [PATCH 87/89] Fix instructions for building `erc20shim.yul`

---
 out/erc20shim-generation.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/out/erc20shim-generation.md b/out/erc20shim-generation.md
index 259a698..6fa738a 100644
--- a/out/erc20shim-generation.md
+++ b/out/erc20shim-generation.md
@@ -14,7 +14,7 @@ contract ERC20Shim is ERC20 {
 ```
 4. Install `solc-select` to be able to select specific `solc` versions. See: https://github.com/crytic/solc-select or https://search.nixos.org/packages?channel=unstable&show=solc-select
 5. Run `solc-select install 0.8.21`
-6. From the `contracts` directory, run:
+6. From the root directory of the openzeppelin-contracts repo, run:
 ```
 SOLC_VERSION=0.8.21 solc --optimize --ir-optimized --yul-optimizations 'ho[esj]x[esVur]' contracts/mocks/token/erc20shim.sol > contracts/erc20shim.yul
 ```

From 284115f47b6af10f7aa664ba6fb2a2e978991467 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Thu, 5 Dec 2024 04:11:47 +0000
Subject: [PATCH 88/89] Add minting of some tokens to ERC20 constructor And
 regenerate `erc20shim.yul`

---
 out/erc20shim-generation.md |   4 +-
 out/erc20shim.yul           | 805 +++++++++++++++++++++++-------------
 2 files changed, 527 insertions(+), 282 deletions(-)

diff --git a/out/erc20shim-generation.md b/out/erc20shim-generation.md
index 6fa738a..d2ce2dd 100644
--- a/out/erc20shim-generation.md
+++ b/out/erc20shim-generation.md
@@ -9,7 +9,9 @@ pragma solidity ^0.8.20;
 import {ERC20} from "contracts/token/ERC20/ERC20.sol";
 
 contract ERC20Shim is ERC20 {
-    constructor() ERC20("ERC20Shim", "E20S") {}
+    constructor() ERC20("ERC20Shim", "E20S") {
+      _mint(msg.sender, 1000);
+    }
 }
 ```
 4. Install `solc-select` to be able to select specific `solc` versions. See: https://github.com/crytic/solc-select or https://search.nixos.org/packages?channel=unstable&show=solc-select
diff --git a/out/erc20shim.yul b/out/erc20shim.yul
index c6b24ab..c9afe99 100644
--- a/out/erc20shim.yul
+++ b/out/erc20shim.yul
@@ -5,11 +5,11 @@ Optimized IR:
 Optimized IR:
 
 Optimized IR:
-/// @use-src 0:"contracts/interfaces/draft-IERC6093.sol", 1:"contracts/mocks/token/ERC20Shim.sol", 2:"contracts/token/ERC20/ERC20.sol", 3:"contracts/token/ERC20/IERC20.sol", 4:"contracts/token/ERC20/extensions/IERC20Metadata.sol", 5:"contracts/utils/Context.sol"
-object "ERC20Shim_14" {
+/// @use-src 0:"contracts/interfaces/draft-IERC6093.sol", 1:"contracts/mocks/token/erc20shim.sol", 2:"contracts/token/ERC20/ERC20.sol", 3:"contracts/token/ERC20/IERC20.sol", 4:"contracts/token/ERC20/extensions/IERC20Metadata.sol", 5:"contracts/utils/Context.sol"
+object "ERC20Shim_20" {
     code {
         {
-            /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+            /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
             let _1 := memoryguard(0x80)
             let _2 := 64
             mstore(_2, _1)
@@ -21,8 +21,8 @@ object "ERC20Shim_14" {
             constructor_ERC20Shim()
             let _4 := _2
             let _5 := mload(_2)
-            let _6 := datasize("ERC20Shim_14_deployed")
-            let _7 := dataoffset("ERC20Shim_14_deployed")
+            let _6 := datasize("ERC20Shim_20_deployed")
+            let _7 := dataoffset("ERC20Shim_20_deployed")
             codecopy(_5, _7, _6)
             let _8 := _6
             return(_5, _6)
@@ -110,15 +110,22 @@ object "ERC20Shim_14" {
             let _3 := add(memPtr, _2)
             store_literal_in_memory_654a20c509642b4486f3c0baf150dce7367ca9e5f6186c81edaf3f66a3f7c7a3(_3)
         }
-        /// @ast-id 13 @src 1:116:159  "constructor() ERC20(\"ERC20Shim\", \"E20S\") {}"
+        /// @ast-id 19 @src 1:116:195  "constructor() ERC20(\"ERC20Shim\", \"E20S\") {..."
         function constructor_ERC20Shim()
         {
             /// @src 1:136:147  "\"ERC20Shim\""
-            let _mpos := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ copy_literal_to_memory_73d84741e39ae21500f019e1bd49b1509c4dad0285f14920732b98003dc4a297()
+            let _mpos := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ copy_literal_to_memory_73d84741e39ae21500f019e1bd49b1509c4dad0285f14920732b98003dc4a297()
             let _1 := copy_literal_to_memory_654a20c509642b4486f3c0baf150dce7367ca9e5f6186c81edaf3f66a3f7c7a3()
-            /// @src 1:116:159  "constructor() ERC20(\"ERC20Shim\", \"E20S\") {}"
-            constructor_ERC20(_mpos, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _1)
+            /// @src 1:116:195  "constructor() ERC20(\"ERC20Shim\", \"E20S\") {..."
+            constructor_ERC20(_mpos, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _1)
+            /// @src 1:183:187  "1000"
+            let _2 := 0x03e8
+            /// @src 1:171:181  "msg.sender"
+            let _3 := caller()
+            /// @src 1:165:188  "_mint(msg.sender, 1000)"
+            fun_mint(/** @src 1:171:181  "msg.sender" */ _3, /** @src 1:183:187  "1000" */ _2)
         }
+        /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
         function panic_error_0x22()
         {
             let _1 := shl(224, 0x4e487b71)
@@ -292,22 +299,256 @@ object "ERC20Shim_14" {
         {
             copy_byte_array_to_storage_from_string_to_string(slot, value)
         }
-        /// @ast-id 66 @src 2:1601:1714  "constructor(string memory name_, string memory symbol_) {..."
+        /// @ast-id 72 @src 2:1896:2009  "constructor(string memory name_, string memory symbol_) {..."
         function constructor_ERC20(var_name_mpos, var_symbol_mpos)
         {
-            /// @src 2:1667:1680  "_name = name_"
+            /// @src 2:1962:1975  "_name = name_"
             let _1 := 0x03
-            update_storage_value_offsett_string_to_string(_1, /** @src 2:1675:1680  "name_" */ var_name_mpos)
-            /// @src 2:1690:1707  "_symbol = symbol_"
+            update_storage_value_offsett_string_to_string(_1, /** @src 2:1970:1975  "name_" */ var_name_mpos)
+            /// @src 2:1985:2002  "_symbol = symbol_"
             let _2 := 0x04
-            update_storage_value_offsett_string_to_string(_2, /** @src 2:1700:1707  "symbol_" */ var_symbol_mpos)
+            update_storage_value_offsett_string_to_string(_2, /** @src 2:1995:2002  "symbol_" */ var_symbol_mpos)
+        }
+        /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+        function abi_encode_address(value, pos)
+        {
+            let _1 := sub(shl(160, 1), 1)
+            let _2 := and(value, _1)
+            mstore(pos, _2)
+        }
+        function abi_encode_tuple_address(headStart, value0) -> tail
+        {
+            let _1 := 32
+            tail := add(headStart, _1)
+            abi_encode_address(value0, headStart)
+        }
+        /// @ast-id 375 @src 2:7721:7929  "function _mint(address account, uint256 value) internal {..."
+        function fun_mint(var_account, var_value)
+        {
+            /// @src 2:7791:7798  "account"
+            let expr := var_account
+            /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+            let _1 := sub(shl(160, 1), 1)
+            let _2 := and(/** @src 2:7791:7812  "account == address(0)" */ var_account, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _1)
+            /// @src 2:7791:7812  "account == address(0)"
+            let _3 := iszero(/** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _2)
+            /// @src 2:7787:7878  "if (account == address(0)) {..."
+            if /** @src 2:7791:7812  "account == address(0)" */ _3
+            /// @src 2:7787:7878  "if (account == address(0)) {..."
+            {
+                /// @src 2:7856:7866  "address(0)"
+                let expr_1 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ 0
+                let _4 := 64
+                /// @src 2:7835:7867  "ERC20InvalidReceiver(address(0))"
+                let _5 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ mload(_4)
+                /// @src 2:7835:7867  "ERC20InvalidReceiver(address(0))"
+                let _6 := shl(224, 0xec442f05)
+                mstore(_5, _6)
+                let _7 := 4
+                let _8 := add(_5, _7)
+                let _9 := abi_encode_tuple_address(_8, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ expr_1)
+                /// @src 2:7835:7867  "ERC20InvalidReceiver(address(0))"
+                let _10 := sub(_9, _5)
+                revert(_5, _10)
+            }
+            /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+            let _11 := 0
+            /// @src 2:7916:7921  "value"
+            fun_update(/** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _11, /** @src 2:7907:7914  "account" */ var_account, /** @src 2:7916:7921  "value" */ var_value)
+        }
+        /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+        function mapping_index_access_mapping_address_uint256_of_address(slot, key) -> dataSlot
+        {
+            let _1 := and(key, sub(shl(160, 1), 1))
+            let _2 := 0
+            mstore(_2, _1)
+            let _3 := 0x20
+            mstore(_3, slot)
+            let _4 := 0x40
+            let _5 := _2
+            dataSlot := keccak256(_2, _4)
+        }
+        function abi_encode_uint256_to_uint256(value, pos)
+        { mstore(pos, value) }
+        function abi_encode_address_uint256_uint256(headStart, value0, value1, value2) -> tail
+        {
+            let _1 := 96
+            tail := add(headStart, _1)
+            abi_encode_address(value0, headStart)
+            let _2 := 32
+            let _3 := add(headStart, _2)
+            abi_encode_uint256_to_uint256(value1, _3)
+            let _4 := 64
+            let _5 := add(headStart, _4)
+            abi_encode_uint256_to_uint256(value2, _5)
+        }
+        function update_byte_slice_shift(value, toInsert) -> result
+        {
+            toInsert := toInsert
+            result := toInsert
+        }
+        function update_storage_value_offsett_uint256_to_uint256(slot, value)
+        {
+            let _1 := sload(slot)
+            let _2 := update_byte_slice_shift(_1, value)
+            sstore(slot, _2)
+        }
+        function panic_error_0x11()
+        {
+            let _1 := shl(224, 0x4e487b71)
+            let _2 := 0
+            mstore(_2, _1)
+            let _3 := 0x11
+            let _4 := 4
+            mstore(_4, _3)
+            let _5 := 0x24
+            let _6 := _2
+            revert(_2, _5)
+        }
+        function checked_add_uint256(x, y) -> sum
+        {
+            x := x
+            y := y
+            sum := add(x, y)
+            let _1 := gt(x, sum)
+            if _1 { panic_error_0x11() }
+        }
+        function abi_encode_uint256(headStart, value0) -> tail
+        {
+            let _1 := 32
+            tail := add(headStart, _1)
+            abi_encode_uint256_to_uint256(value0, headStart)
+        }
+        /// @ast-id 342 @src 2:6271:7378  "function _update(address from, address to, uint256 value) internal virtual {..."
+        function fun_update(var_from, var_to, var_value)
+        {
+            /// @src 2:6360:6364  "from"
+            let expr := var_from
+            /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+            let _1 := sub(shl(160, 1), 1)
+            let _2 := and(/** @src 2:6360:6378  "from == address(0)" */ var_from, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _1)
+            /// @src 2:6360:6378  "from == address(0)"
+            let _3 := iszero(/** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _2)
+            /// @src 2:6356:6896  "if (from == address(0)) {..."
+            switch /** @src 2:6360:6378  "from == address(0)" */ _3
+            case /** @src 2:6356:6896  "if (from == address(0)) {..." */ 0 {
+                /// @src 2:6570:6579  "_balances"
+                let _4 := 0x00
+                /// @src 2:6570:6585  "_balances[from]"
+                let _5 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:6570:6579  "_balances" */ _4, /** @src 2:6580:6584  "from" */ var_from)
+                /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+                let _6 := sload(/** @src 2:6570:6585  "_balances[from]" */ _5)
+                /// @src 2:6548:6585  "uint256 fromBalance = _balances[from]"
+                let var_fromBalance := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _6
+                /// @src 2:6603:6622  "fromBalance < value"
+                let _7 := lt(/** @src 2:6603:6614  "fromBalance" */ _6, /** @src 2:6617:6622  "value" */ var_value)
+                /// @src 2:6599:6714  "if (fromBalance < value) {..."
+                if /** @src 2:6603:6622  "fromBalance < value" */ _7
+                /// @src 2:6599:6714  "if (fromBalance < value) {..."
+                {
+                    /// @src 2:6674:6678  "from"
+                    let expr_1 := var_from
+                    /// @src 2:6680:6691  "fromBalance"
+                    let expr_2 := _6
+                    /// @src 2:6693:6698  "value"
+                    let expr_3 := var_value
+                    /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+                    let _8 := 64
+                    /// @src 2:6649:6699  "ERC20InsufficientBalance(from, fromBalance, value)"
+                    let _9 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ mload(_8)
+                    /// @src 2:6649:6699  "ERC20InsufficientBalance(from, fromBalance, value)"
+                    let _10 := shl(226, 0x391434e3)
+                    mstore(_9, _10)
+                    let _11 := 4
+                    let _12 := add(_9, _11)
+                    let _13 := abi_encode_address_uint256_uint256(_12, var_from, _6, var_value)
+                    let _14 := sub(_13, _9)
+                    revert(_9, _14)
+                }
+                /// @src 2:6852:6871  "fromBalance - value"
+                let expr_4 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ sub(/** @src 2:6852:6863  "fromBalance" */ _6, /** @src 2:6866:6871  "value" */ var_value)
+                /// @src 2:6834:6843  "_balances"
+                let _15 := _4
+                /// @src 2:6834:6849  "_balances[from]"
+                let _16 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:6834:6843  "_balances" */ _4, /** @src 2:6844:6848  "from" */ var_from)
+                /// @src 2:6834:6871  "_balances[from] = fromBalance - value"
+                update_storage_value_offsett_uint256_to_uint256(/** @src 2:6834:6849  "_balances[from]" */ _16, /** @src 2:6834:6871  "_balances[from] = fromBalance - value" */ expr_4)
+            }
+            default /// @src 2:6356:6896  "if (from == address(0)) {..."
+            {
+                /// @src 2:6496:6517  "_totalSupply += value"
+                let _17 := 0x02
+                /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+                let _18 := sload(/** @src 2:6496:6517  "_totalSupply += value" */ _17)
+                /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+                let _19 := _18
+                /// @src 2:6496:6517  "_totalSupply += value"
+                let _20 := checked_add_uint256(/** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _18, /** @src 2:6512:6517  "value" */ var_value)
+                /// @src 2:6496:6517  "_totalSupply += value"
+                let _21 := _17
+                update_storage_value_offsett_uint256_to_uint256(_17, _20)
+            }
+            /// @src 2:6910:6912  "to"
+            let expr_5 := var_to
+            /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+            let _22 := _1
+            let _23 := and(/** @src 2:6910:6926  "to == address(0)" */ var_to, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _1)
+            /// @src 2:6910:6926  "to == address(0)"
+            let _24 := iszero(/** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _23)
+            /// @src 2:6906:7331  "if (to == address(0)) {..."
+            switch /** @src 2:6910:6926  "to == address(0)" */ _24
+            case /** @src 2:6906:7331  "if (to == address(0)) {..." */ 0 {
+                /// @src 2:7301:7306  "value"
+                let expr_6 := var_value
+                /// @src 2:7284:7293  "_balances"
+                let _25 := 0x00
+                /// @src 2:7284:7297  "_balances[to]"
+                let _26 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:7284:7293  "_balances" */ _25, /** @src 2:7294:7296  "to" */ var_to)
+                /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+                let _27 := sload(/** @src 2:7284:7306  "_balances[to] += value" */ _26)
+                /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+                let _28 := _27
+                let _29 := add(_27, /** @src 2:7284:7306  "_balances[to] += value" */ var_value)
+                update_storage_value_offsett_uint256_to_uint256(_26, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _29)
+            }
+            default /// @src 2:6906:7331  "if (to == address(0)) {..."
+            {
+                /// @src 2:7073:7094  "_totalSupply -= value"
+                let _30 := 0x02
+                /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+                let _31 := sload(/** @src 2:7073:7094  "_totalSupply -= value" */ _30)
+                /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+                let _32 := _31
+                let _33 := sub(_31, /** @src 2:7089:7094  "value" */ var_value)
+                /// @src 2:7073:7094  "_totalSupply -= value"
+                let _34 := _30
+                update_storage_value_offsett_uint256_to_uint256(_30, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _33)
+            }
+            /// @src 2:7355:7359  "from"
+            let expr_7 := var_from
+            /// @src 2:7361:7363  "to"
+            let expr_8 := var_to
+            /// @src 2:7365:7370  "value"
+            let expr_9 := var_value
+            /// @src 2:7346:7371  "Transfer(from, to, value)"
+            let _35 := 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
+            let _36 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _2
+            /// @src 2:7346:7371  "Transfer(from, to, value)"
+            let _37 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _23
+            let _38 := 64
+            /// @src 2:7346:7371  "Transfer(from, to, value)"
+            let _39 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ mload(_38)
+            /// @src 2:7346:7371  "Transfer(from, to, value)"
+            let _40 := abi_encode_uint256(_39, var_value)
+            let _41 := sub(_40, _39)
+            log3(_39, _41, _35, _2, _23)
         }
     }
-    /// @use-src 1:"contracts/mocks/token/ERC20Shim.sol", 2:"contracts/token/ERC20/ERC20.sol", 5:"contracts/utils/Context.sol"
-    object "ERC20Shim_14_deployed" {
+    /// @use-src 1:"contracts/mocks/token/erc20shim.sol", 2:"contracts/token/ERC20/ERC20.sol", 5:"contracts/utils/Context.sol"
+    object "ERC20Shim_20_deployed" {
         code {
             {
-                /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
                 let _1 := memoryguard(0x80)
                 let _2 := 64
                 mstore(_2, _1)
@@ -796,37 +1037,37 @@ object "ERC20Shim_14" {
                 let _3 := sub(_2, memPtr)
                 finalize_allocation(memPtr, _3)
             }
-            /// @ast-id 75 @src 2:1779:1868  "function name() public view virtual returns (string memory) {..."
+            /// @ast-id 81 @src 2:2074:2163  "function name() public view virtual returns (string memory) {..."
             function fun_name() -> var__mpos
             {
-                /// @src 2:1856:1861  "_name"
+                /// @src 2:2151:2156  "_name"
                 let _1 := 0x03
-                /// @src 2:1849:1861  "return _name"
-                var__mpos := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ copy_array_from_storage_to_memory_string(/** @src 2:1856:1861  "_name" */ _1)
+                /// @src 2:2144:2156  "return _name"
+                var__mpos := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ copy_array_from_storage_to_memory_string(/** @src 2:2151:2156  "_name" */ _1)
             }
-            /// @ast-id 84 @src 2:1981:2074  "function symbol() public view virtual returns (string memory) {..."
+            /// @ast-id 90 @src 2:2276:2369  "function symbol() public view virtual returns (string memory) {..."
             function fun_symbol() -> var_mpos
             {
-                /// @src 2:2060:2067  "_symbol"
+                /// @src 2:2355:2362  "_symbol"
                 let _1 := 0x04
-                /// @src 2:2053:2067  "return _symbol"
-                var_mpos := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ copy_array_from_storage_to_memory_string(/** @src 2:2060:2067  "_symbol" */ _1)
+                /// @src 2:2348:2362  "return _symbol"
+                var_mpos := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ copy_array_from_storage_to_memory_string(/** @src 2:2355:2362  "_symbol" */ _1)
             }
-            /// @ast-id 93 @src 2:2707:2789  "function decimals() public view virtual returns (uint8) {..."
+            /// @ast-id 99 @src 2:3002:3084  "function decimals() public view virtual returns (uint8) {..."
             function fun_decimals() -> var
             {
-                /// @src 2:2773:2782  "return 18"
-                var := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ 18
+                /// @src 2:3068:3077  "return 18"
+                var := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ 18
             }
-            /// @ast-id 102 @src 2:2849:2946  "function totalSupply() public view virtual returns (uint256) {..."
-            function fun_totalSupply() -> var_
+            /// @ast-id 108 @src 2:3144:3241  "function totalSupply() public view virtual returns (uint256) {..."
+            function fun_totalSupply() -> var
             {
-                /// @src 2:2927:2939  "_totalSupply"
+                /// @src 2:3222:3234  "_totalSupply"
                 let _1 := 0x02
-                /// @src 2:2920:2939  "return _totalSupply"
-                var_ := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ sload(/** @src 2:2927:2939  "_totalSupply" */ _1)
+                /// @src 2:3215:3234  "return _totalSupply"
+                var := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ sload(/** @src 2:3222:3234  "_totalSupply" */ _1)
             }
-            /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+            /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
             function mapping_index_access_mapping_address_uint256_of_address(slot, key) -> dataSlot
             {
                 let _1 := and(key, sub(shl(160, 1), 1))
@@ -838,27 +1079,27 @@ object "ERC20Shim_14" {
                 let _5 := _2
                 dataSlot := keccak256(_2, _4)
             }
-            /// @ast-id 115 @src 2:3004:3120  "function balanceOf(address account) public view virtual returns (uint256) {..."
-            function fun_balanceOf(var_account) -> var
+            /// @ast-id 121 @src 2:3299:3415  "function balanceOf(address account) public view virtual returns (uint256) {..."
+            function fun_balanceOf(var_account) -> var_
             {
-                /// @src 2:3095:3104  "_balances"
+                /// @src 2:3390:3399  "_balances"
                 let _1 := 0x00
-                /// @src 2:3095:3113  "_balances[account]"
-                let _2 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:3095:3104  "_balances" */ _1, /** @src 2:3105:3112  "account" */ var_account)
-                /// @src 2:3088:3113  "return _balances[account]"
-                var := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ sload(/** @src 2:3095:3113  "_balances[account]" */ _2)
+                /// @src 2:3390:3408  "_balances[account]"
+                let _2 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:3390:3399  "_balances" */ _1, /** @src 2:3400:3407  "account" */ var_account)
+                /// @src 2:3383:3408  "return _balances[account]"
+                var_ := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ sload(/** @src 2:3390:3408  "_balances[account]" */ _2)
             }
-            /// @ast-id 139 @src 2:3315:3493  "function transfer(address to, uint256 value) public virtual returns (bool) {..."
+            /// @ast-id 145 @src 2:3610:3788  "function transfer(address to, uint256 value) public virtual returns (bool) {..."
             function fun_transfer(var_to, var_value) -> var
             {
-                /// @src 2:3416:3428  "_msgSender()"
+                /// @src 2:3711:3723  "_msgSender()"
                 let _1 := fun_msgSender()
-                /// @src 2:3459:3464  "value"
-                fun__transfer(/** @src 2:3416:3428  "_msgSender()" */ _1, /** @src 2:3455:3457  "to" */ var_to, /** @src 2:3459:3464  "value" */ var_value)
-                /// @src 2:3475:3486  "return true"
-                var := /** @src 2:3482:3486  "true" */ 0x01
+                /// @src 2:3754:3759  "value"
+                fun__transfer(/** @src 2:3711:3723  "_msgSender()" */ _1, /** @src 2:3750:3752  "to" */ var_to, /** @src 2:3754:3759  "value" */ var_value)
+                /// @src 2:3770:3781  "return true"
+                var := /** @src 2:3777:3781  "true" */ 0x01
             }
-            /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+            /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
             function mapping_index_access_mapping_address_mapping_address_uint256_of_address(slot, key) -> dataSlot
             {
                 let _1 := and(key, sub(shl(160, 1), 1))
@@ -870,41 +1111,41 @@ object "ERC20Shim_14" {
                 let _5 := _2
                 dataSlot := keccak256(_2, _4)
             }
-            /// @ast-id 156 @src 2:3551:3691  "function allowance(address owner, address spender) public view virtual returns (uint256) {..."
+            /// @ast-id 162 @src 2:3846:3986  "function allowance(address owner, address spender) public view virtual returns (uint256) {..."
             function fun_allowance(var_owner, var_spender) -> var
             {
-                /// @src 2:3657:3668  "_allowances"
+                /// @src 2:3952:3963  "_allowances"
                 let _1 := 0x01
-                /// @src 2:3657:3675  "_allowances[owner]"
-                let _2 := mapping_index_access_mapping_address_mapping_address_uint256_of_address(/** @src 2:3657:3668  "_allowances" */ _1, /** @src 2:3669:3674  "owner" */ var_owner)
-                /// @src 2:3657:3684  "_allowances[owner][spender]"
-                let _3 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:3657:3675  "_allowances[owner]" */ _2, /** @src 2:3676:3683  "spender" */ var_spender)
-                /// @src 2:3650:3684  "return _allowances[owner][spender]"
-                var := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ sload(/** @src 2:3657:3684  "_allowances[owner][spender]" */ _3)
-            }
-            /// @ast-id 180 @src 2:3998:4184  "function approve(address spender, uint256 value) public virtual returns (bool) {..."
+                /// @src 2:3952:3970  "_allowances[owner]"
+                let _2 := mapping_index_access_mapping_address_mapping_address_uint256_of_address(/** @src 2:3952:3963  "_allowances" */ _1, /** @src 2:3964:3969  "owner" */ var_owner)
+                /// @src 2:3952:3979  "_allowances[owner][spender]"
+                let _3 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:3952:3970  "_allowances[owner]" */ _2, /** @src 2:3971:3978  "spender" */ var_spender)
+                /// @src 2:3945:3979  "return _allowances[owner][spender]"
+                var := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ sload(/** @src 2:3952:3979  "_allowances[owner][spender]" */ _3)
+            }
+            /// @ast-id 186 @src 2:4293:4479  "function approve(address spender, uint256 value) public virtual returns (bool) {..."
             function fun_approve(var_spender, var_value) -> var
             {
-                /// @src 2:4103:4115  "_msgSender()"
+                /// @src 2:4398:4410  "_msgSender()"
                 let _1 := fun_msgSender()
-                /// @src 2:4150:4155  "value"
-                fun_approve_420(/** @src 2:4103:4115  "_msgSender()" */ _1, /** @src 2:4141:4148  "spender" */ var_spender, /** @src 2:4150:4155  "value" */ var_value)
-                /// @src 2:4166:4177  "return true"
-                var := /** @src 2:4173:4177  "true" */ 0x01
+                /// @src 2:4445:4450  "value"
+                fun_approve_426(/** @src 2:4398:4410  "_msgSender()" */ _1, /** @src 2:4436:4443  "spender" */ var_spender, /** @src 2:4445:4450  "value" */ var_value)
+                /// @src 2:4461:4472  "return true"
+                var := /** @src 2:4468:4472  "true" */ 0x01
             }
-            /// @ast-id 212 @src 2:4776:5020  "function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {..."
+            /// @ast-id 218 @src 2:5039:5283  "function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {..."
             function fun_transferFrom(var_from, var_to, var_value) -> var
             {
-                /// @src 2:4897:4909  "_msgSender()"
+                /// @src 2:5160:5172  "_msgSender()"
                 let _1 := fun_msgSender()
-                /// @src 2:4950:4955  "value"
-                fun_spendAllowance(/** @src 2:4935:4939  "from" */ var_from, /** @src 2:4897:4909  "_msgSender()" */ _1, /** @src 2:4950:4955  "value" */ var_value)
-                /// @src 2:4986:4991  "value"
-                fun__transfer(/** @src 2:4976:4980  "from" */ var_from, /** @src 2:4982:4984  "to" */ var_to, /** @src 2:4986:4991  "value" */ var_value)
-                /// @src 2:5002:5013  "return true"
-                var := /** @src 2:5009:5013  "true" */ 0x01
-            }
-            /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                /// @src 2:5213:5218  "value"
+                fun_spendAllowance(/** @src 2:5198:5202  "from" */ var_from, /** @src 2:5160:5172  "_msgSender()" */ _1, /** @src 2:5213:5218  "value" */ var_value)
+                /// @src 2:5249:5254  "value"
+                fun__transfer(/** @src 2:5239:5243  "from" */ var_from, /** @src 2:5245:5247  "to" */ var_to, /** @src 2:5249:5254  "value" */ var_value)
+                /// @src 2:5265:5276  "return true"
+                var := /** @src 2:5272:5276  "true" */ 0x01
+            }
+            /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
             function abi_encode_address(value, pos)
             {
                 let _1 := sub(shl(160, 1), 1)
@@ -917,65 +1158,65 @@ object "ERC20Shim_14" {
                 tail := add(headStart, _1)
                 abi_encode_address(value0, headStart)
             }
-            /// @ast-id 259 @src 2:5393:5693  "function _transfer(address from, address to, uint256 value) internal {..."
+            /// @ast-id 265 @src 2:5656:5956  "function _transfer(address from, address to, uint256 value) internal {..."
             function fun__transfer(var_from, var_to, var_value)
             {
-                /// @src 2:5476:5480  "from"
+                /// @src 2:5739:5743  "from"
                 let expr := var_from
-                /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
                 let _1 := sub(shl(160, 1), 1)
-                let _2 := and(/** @src 2:5476:5494  "from == address(0)" */ var_from, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _1)
-                /// @src 2:5476:5494  "from == address(0)"
-                let _3 := iszero(/** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _2)
-                /// @src 2:5472:5558  "if (from == address(0)) {..."
-                if /** @src 2:5476:5494  "from == address(0)" */ _3
-                /// @src 2:5472:5558  "if (from == address(0)) {..."
+                let _2 := and(/** @src 2:5739:5757  "from == address(0)" */ var_from, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _1)
+                /// @src 2:5739:5757  "from == address(0)"
+                let _3 := iszero(/** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _2)
+                /// @src 2:5735:5821  "if (from == address(0)) {..."
+                if /** @src 2:5739:5757  "from == address(0)" */ _3
+                /// @src 2:5735:5821  "if (from == address(0)) {..."
                 {
-                    /// @src 2:5536:5546  "address(0)"
-                    let expr_1 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ 0
+                    /// @src 2:5799:5809  "address(0)"
+                    let expr_1 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ 0
                     let _4 := 64
-                    /// @src 2:5517:5547  "ERC20InvalidSender(address(0))"
-                    let _5 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_4)
-                    /// @src 2:5517:5547  "ERC20InvalidSender(address(0))"
+                    /// @src 2:5780:5810  "ERC20InvalidSender(address(0))"
+                    let _5 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ mload(_4)
+                    /// @src 2:5780:5810  "ERC20InvalidSender(address(0))"
                     let _6 := shl(225, 0x4b637e8f)
                     mstore(_5, _6)
                     let _7 := 4
                     let _8 := add(_5, _7)
-                    let _9 := abi_encode_tuple_address(_8, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ expr_1)
-                    /// @src 2:5517:5547  "ERC20InvalidSender(address(0))"
+                    let _9 := abi_encode_tuple_address(_8, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ expr_1)
+                    /// @src 2:5780:5810  "ERC20InvalidSender(address(0))"
                     let _10 := sub(_9, _5)
                     revert(_5, _10)
                 }
-                /// @src 2:5571:5573  "to"
+                /// @src 2:5834:5836  "to"
                 let expr_2 := var_to
-                /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
                 let _11 := _1
-                let _12 := and(/** @src 2:5571:5587  "to == address(0)" */ var_to, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _1)
-                /// @src 2:5571:5587  "to == address(0)"
-                let _13 := iszero(/** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _12)
-                /// @src 2:5567:5653  "if (to == address(0)) {..."
-                if /** @src 2:5571:5587  "to == address(0)" */ _13
-                /// @src 2:5567:5653  "if (to == address(0)) {..."
+                let _12 := and(/** @src 2:5834:5850  "to == address(0)" */ var_to, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _1)
+                /// @src 2:5834:5850  "to == address(0)"
+                let _13 := iszero(/** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _12)
+                /// @src 2:5830:5916  "if (to == address(0)) {..."
+                if /** @src 2:5834:5850  "to == address(0)" */ _13
+                /// @src 2:5830:5916  "if (to == address(0)) {..."
                 {
-                    /// @src 2:5631:5641  "address(0)"
-                    let expr_3 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ 0
+                    /// @src 2:5894:5904  "address(0)"
+                    let expr_3 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ 0
                     let _14 := 64
-                    /// @src 2:5610:5642  "ERC20InvalidReceiver(address(0))"
-                    let _15 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_14)
-                    /// @src 2:5610:5642  "ERC20InvalidReceiver(address(0))"
+                    /// @src 2:5873:5905  "ERC20InvalidReceiver(address(0))"
+                    let _15 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ mload(_14)
+                    /// @src 2:5873:5905  "ERC20InvalidReceiver(address(0))"
                     let _16 := shl(224, 0xec442f05)
                     mstore(_15, _16)
                     let _17 := 4
                     let _18 := add(_15, _17)
-                    let _19 := abi_encode_tuple_address(_18, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ expr_3)
-                    /// @src 2:5610:5642  "ERC20InvalidReceiver(address(0))"
+                    let _19 := abi_encode_tuple_address(_18, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ expr_3)
+                    /// @src 2:5873:5905  "ERC20InvalidReceiver(address(0))"
                     let _20 := sub(_19, _15)
                     revert(_15, _20)
                 }
-                /// @src 2:5680:5685  "value"
-                fun_update(/** @src 2:5670:5674  "from" */ var_from, /** @src 2:5676:5678  "to" */ var_to, /** @src 2:5680:5685  "value" */ var_value)
+                /// @src 2:5943:5948  "value"
+                fun_update(/** @src 2:5933:5937  "from" */ var_from, /** @src 2:5939:5941  "to" */ var_to, /** @src 2:5943:5948  "value" */ var_value)
             }
-            /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+            /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
             function abi_encode_address_uint256_uint256(headStart, value0, value1, value2) -> tail
             {
                 let _1 := 96
@@ -1019,44 +1260,44 @@ object "ERC20Shim_14" {
                 let _1 := gt(x, sum)
                 if _1 { panic_error_0x11() }
             }
-            /// @ast-id 336 @src 2:6008:7115  "function _update(address from, address to, uint256 value) internal virtual {..."
+            /// @ast-id 342 @src 2:6271:7378  "function _update(address from, address to, uint256 value) internal virtual {..."
             function fun_update(var_from, var_to, var_value)
             {
-                /// @src 2:6097:6101  "from"
+                /// @src 2:6360:6364  "from"
                 let expr := var_from
-                /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
                 let _1 := sub(shl(160, 1), 1)
-                let _2 := and(/** @src 2:6097:6115  "from == address(0)" */ var_from, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _1)
-                /// @src 2:6097:6115  "from == address(0)"
-                let _3 := iszero(/** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _2)
-                /// @src 2:6093:6633  "if (from == address(0)) {..."
-                switch /** @src 2:6097:6115  "from == address(0)" */ _3
-                case /** @src 2:6093:6633  "if (from == address(0)) {..." */ 0 {
-                    /// @src 2:6307:6316  "_balances"
+                let _2 := and(/** @src 2:6360:6378  "from == address(0)" */ var_from, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _1)
+                /// @src 2:6360:6378  "from == address(0)"
+                let _3 := iszero(/** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _2)
+                /// @src 2:6356:6896  "if (from == address(0)) {..."
+                switch /** @src 2:6360:6378  "from == address(0)" */ _3
+                case /** @src 2:6356:6896  "if (from == address(0)) {..." */ 0 {
+                    /// @src 2:6570:6579  "_balances"
                     let _4 := 0x00
-                    /// @src 2:6307:6322  "_balances[from]"
-                    let _5 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:6307:6316  "_balances" */ _4, /** @src 2:6317:6321  "from" */ var_from)
-                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
-                    let _6 := sload(/** @src 2:6307:6322  "_balances[from]" */ _5)
-                    /// @src 2:6285:6322  "uint256 fromBalance = _balances[from]"
-                    let var_fromBalance := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _6
-                    /// @src 2:6340:6359  "fromBalance < value"
-                    let _7 := lt(/** @src 2:6340:6351  "fromBalance" */ _6, /** @src 2:6354:6359  "value" */ var_value)
-                    /// @src 2:6336:6451  "if (fromBalance < value) {..."
-                    if /** @src 2:6340:6359  "fromBalance < value" */ _7
-                    /// @src 2:6336:6451  "if (fromBalance < value) {..."
+                    /// @src 2:6570:6585  "_balances[from]"
+                    let _5 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:6570:6579  "_balances" */ _4, /** @src 2:6580:6584  "from" */ var_from)
+                    /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+                    let _6 := sload(/** @src 2:6570:6585  "_balances[from]" */ _5)
+                    /// @src 2:6548:6585  "uint256 fromBalance = _balances[from]"
+                    let var_fromBalance := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _6
+                    /// @src 2:6603:6622  "fromBalance < value"
+                    let _7 := lt(/** @src 2:6603:6614  "fromBalance" */ _6, /** @src 2:6617:6622  "value" */ var_value)
+                    /// @src 2:6599:6714  "if (fromBalance < value) {..."
+                    if /** @src 2:6603:6622  "fromBalance < value" */ _7
+                    /// @src 2:6599:6714  "if (fromBalance < value) {..."
                     {
-                        /// @src 2:6411:6415  "from"
+                        /// @src 2:6674:6678  "from"
                         let expr_1 := var_from
-                        /// @src 2:6417:6428  "fromBalance"
+                        /// @src 2:6680:6691  "fromBalance"
                         let expr_2 := _6
-                        /// @src 2:6430:6435  "value"
+                        /// @src 2:6693:6698  "value"
                         let expr_3 := var_value
-                        /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                        /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
                         let _8 := 64
-                        /// @src 2:6386:6436  "ERC20InsufficientBalance(from, fromBalance, value)"
-                        let _9 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_8)
-                        /// @src 2:6386:6436  "ERC20InsufficientBalance(from, fromBalance, value)"
+                        /// @src 2:6649:6699  "ERC20InsufficientBalance(from, fromBalance, value)"
+                        let _9 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ mload(_8)
+                        /// @src 2:6649:6699  "ERC20InsufficientBalance(from, fromBalance, value)"
                         let _10 := shl(226, 0x391434e3)
                         mstore(_9, _10)
                         let _11 := 4
@@ -1065,240 +1306,242 @@ object "ERC20Shim_14" {
                         let _14 := sub(_13, _9)
                         revert(_9, _14)
                     }
-                    /// @src 2:6589:6608  "fromBalance - value"
-                    let expr_4 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ sub(/** @src 2:6589:6600  "fromBalance" */ _6, /** @src 2:6603:6608  "value" */ var_value)
-                    /// @src 2:6571:6580  "_balances"
+                    /// @src 2:6852:6871  "fromBalance - value"
+                    let expr_4 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ sub(/** @src 2:6852:6863  "fromBalance" */ _6, /** @src 2:6866:6871  "value" */ var_value)
+                    /// @src 2:6834:6843  "_balances"
                     let _15 := _4
-                    /// @src 2:6571:6586  "_balances[from]"
-                    let _16 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:6571:6580  "_balances" */ _4, /** @src 2:6581:6585  "from" */ var_from)
-                    /// @src 2:6571:6608  "_balances[from] = fromBalance - value"
-                    update_storage_value_offsett_uint256_to_uint256(/** @src 2:6571:6586  "_balances[from]" */ _16, /** @src 2:6571:6608  "_balances[from] = fromBalance - value" */ expr_4)
+                    /// @src 2:6834:6849  "_balances[from]"
+                    let _16 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:6834:6843  "_balances" */ _4, /** @src 2:6844:6848  "from" */ var_from)
+                    /// @src 2:6834:6871  "_balances[from] = fromBalance - value"
+                    update_storage_value_offsett_uint256_to_uint256(/** @src 2:6834:6849  "_balances[from]" */ _16, /** @src 2:6834:6871  "_balances[from] = fromBalance - value" */ expr_4)
                 }
-                default /// @src 2:6093:6633  "if (from == address(0)) {..."
+                default /// @src 2:6356:6896  "if (from == address(0)) {..."
                 {
-                    /// @src 2:6233:6254  "_totalSupply += value"
+                    /// @src 2:6496:6517  "_totalSupply += value"
                     let _17 := 0x02
-                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
-                    let _18 := sload(/** @src 2:6233:6254  "_totalSupply += value" */ _17)
-                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                    /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+                    let _18 := sload(/** @src 2:6496:6517  "_totalSupply += value" */ _17)
+                    /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
                     let _19 := _18
-                    /// @src 2:6233:6254  "_totalSupply += value"
-                    let _20 := checked_add_uint256(/** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _18, /** @src 2:6249:6254  "value" */ var_value)
-                    /// @src 2:6233:6254  "_totalSupply += value"
+                    /// @src 2:6496:6517  "_totalSupply += value"
+                    let _20 := checked_add_uint256(/** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _18, /** @src 2:6512:6517  "value" */ var_value)
+                    /// @src 2:6496:6517  "_totalSupply += value"
                     let _21 := _17
                     update_storage_value_offsett_uint256_to_uint256(_17, _20)
                 }
-                /// @src 2:6647:6649  "to"
+                /// @src 2:6910:6912  "to"
                 let expr_5 := var_to
-                /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
                 let _22 := _1
-                let _23 := and(/** @src 2:6647:6663  "to == address(0)" */ var_to, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _1)
-                /// @src 2:6647:6663  "to == address(0)"
-                let _24 := iszero(/** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _23)
-                /// @src 2:6643:7068  "if (to == address(0)) {..."
-                switch /** @src 2:6647:6663  "to == address(0)" */ _24
-                case /** @src 2:6643:7068  "if (to == address(0)) {..." */ 0 {
-                    /// @src 2:7038:7043  "value"
+                let _23 := and(/** @src 2:6910:6926  "to == address(0)" */ var_to, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _1)
+                /// @src 2:6910:6926  "to == address(0)"
+                let _24 := iszero(/** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _23)
+                /// @src 2:6906:7331  "if (to == address(0)) {..."
+                switch /** @src 2:6910:6926  "to == address(0)" */ _24
+                case /** @src 2:6906:7331  "if (to == address(0)) {..." */ 0 {
+                    /// @src 2:7301:7306  "value"
                     let expr_6 := var_value
-                    /// @src 2:7021:7030  "_balances"
+                    /// @src 2:7284:7293  "_balances"
                     let _25 := 0x00
-                    /// @src 2:7021:7034  "_balances[to]"
-                    let _26 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:7021:7030  "_balances" */ _25, /** @src 2:7031:7033  "to" */ var_to)
-                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
-                    let _27 := sload(/** @src 2:7021:7043  "_balances[to] += value" */ _26)
-                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                    /// @src 2:7284:7297  "_balances[to]"
+                    let _26 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:7284:7293  "_balances" */ _25, /** @src 2:7294:7296  "to" */ var_to)
+                    /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+                    let _27 := sload(/** @src 2:7284:7306  "_balances[to] += value" */ _26)
+                    /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
                     let _28 := _27
-                    let _29 := add(_27, /** @src 2:7021:7043  "_balances[to] += value" */ var_value)
-                    update_storage_value_offsett_uint256_to_uint256(_26, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _29)
+                    let _29 := add(_27, /** @src 2:7284:7306  "_balances[to] += value" */ var_value)
+                    update_storage_value_offsett_uint256_to_uint256(_26, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _29)
                 }
-                default /// @src 2:6643:7068  "if (to == address(0)) {..."
+                default /// @src 2:6906:7331  "if (to == address(0)) {..."
                 {
-                    /// @src 2:6810:6831  "_totalSupply -= value"
+                    /// @src 2:7073:7094  "_totalSupply -= value"
                     let _30 := 0x02
-                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
-                    let _31 := sload(/** @src 2:6810:6831  "_totalSupply -= value" */ _30)
-                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                    /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+                    let _31 := sload(/** @src 2:7073:7094  "_totalSupply -= value" */ _30)
+                    /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
                     let _32 := _31
-                    let _33 := sub(_31, /** @src 2:6826:6831  "value" */ var_value)
-                    /// @src 2:6810:6831  "_totalSupply -= value"
+                    let _33 := sub(_31, /** @src 2:7089:7094  "value" */ var_value)
+                    /// @src 2:7073:7094  "_totalSupply -= value"
                     let _34 := _30
-                    update_storage_value_offsett_uint256_to_uint256(_30, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _33)
+                    update_storage_value_offsett_uint256_to_uint256(_30, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _33)
                 }
-                /// @src 2:7092:7096  "from"
+                /// @src 2:7355:7359  "from"
                 let expr_7 := var_from
-                /// @src 2:7098:7100  "to"
+                /// @src 2:7361:7363  "to"
                 let expr_8 := var_to
-                /// @src 2:7102:7107  "value"
+                /// @src 2:7365:7370  "value"
                 let expr_9 := var_value
-                /// @src 2:7083:7108  "Transfer(from, to, value)"
+                /// @src 2:7346:7371  "Transfer(from, to, value)"
                 let _35 := 0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
-                let _36 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _2
-                /// @src 2:7083:7108  "Transfer(from, to, value)"
-                let _37 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _23
+                let _36 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _2
+                /// @src 2:7346:7371  "Transfer(from, to, value)"
+                let _37 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _23
                 let _38 := 64
-                /// @src 2:7083:7108  "Transfer(from, to, value)"
-                let _39 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_38)
-                /// @src 2:7083:7108  "Transfer(from, to, value)"
+                /// @src 2:7346:7371  "Transfer(from, to, value)"
+                let _39 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ mload(_38)
+                /// @src 2:7346:7371  "Transfer(from, to, value)"
                 let _40 := abi_encode_uint256(_39, var_value)
                 let _41 := sub(_40, _39)
                 log3(_39, _41, _35, _2, _23)
             }
-            /// @ast-id 420 @src 2:8726:8854  "function _approve(address owner, address spender, uint256 value) internal {..."
-            function fun_approve_420(var_owner, var_spender, var_value)
+            /// @ast-id 426 @src 2:8989:9117  "function _approve(address owner, address spender, uint256 value) internal {..."
+            function fun_approve_426(var_owner, var_spender, var_value)
             {
-                /// @src 2:8819:8824  "owner"
+                /// @src 2:9082:9087  "owner"
                 let expr := var_owner
-                /// @src 2:8842:8846  "true"
+                /// @src 2:9105:9109  "true"
                 let _1 := 0x01
-                fun__approve(var_owner, /** @src 2:8826:8833  "spender" */ var_spender, /** @src 2:8835:8840  "value" */ var_value, /** @src 2:8842:8846  "true" */ _1)
+                fun__approve(var_owner, /** @src 2:9089:9096  "spender" */ var_spender, /** @src 2:9098:9103  "value" */ var_value, /** @src 2:9105:9109  "true" */ _1)
             }
-            /// @ast-id 480 @src 2:9701:10133  "function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {..."
+            /// @ast-id 486 @src 2:9949:10381  "function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {..."
             function fun__approve(var_owner, var_spender, var_value, var_emitEvent)
             {
-                /// @src 2:9813:9818  "owner"
+                /// @src 2:10061:10066  "owner"
                 let expr := var_owner
-                /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
                 let _1 := sub(shl(160, 1), 1)
-                let _2 := and(/** @src 2:9813:9832  "owner == address(0)" */ var_owner, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _1)
-                /// @src 2:9813:9832  "owner == address(0)"
-                let _3 := iszero(/** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _2)
-                /// @src 2:9809:9898  "if (owner == address(0)) {..."
-                if /** @src 2:9813:9832  "owner == address(0)" */ _3
-                /// @src 2:9809:9898  "if (owner == address(0)) {..."
+                let _2 := and(/** @src 2:10061:10080  "owner == address(0)" */ var_owner, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _1)
+                /// @src 2:10061:10080  "owner == address(0)"
+                let _3 := iszero(/** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _2)
+                /// @src 2:10057:10146  "if (owner == address(0)) {..."
+                if /** @src 2:10061:10080  "owner == address(0)" */ _3
+                /// @src 2:10057:10146  "if (owner == address(0)) {..."
                 {
-                    /// @src 2:9876:9886  "address(0)"
-                    let expr_1 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ 0
+                    /// @src 2:10124:10134  "address(0)"
+                    let expr_1 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ 0
                     let _4 := 64
-                    /// @src 2:9855:9887  "ERC20InvalidApprover(address(0))"
-                    let _5 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_4)
-                    /// @src 2:9855:9887  "ERC20InvalidApprover(address(0))"
+                    /// @src 2:10103:10135  "ERC20InvalidApprover(address(0))"
+                    let _5 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ mload(_4)
+                    /// @src 2:10103:10135  "ERC20InvalidApprover(address(0))"
                     let _6 := shl(224, 0xe602df05)
                     mstore(_5, _6)
                     let _7 := 4
                     let _8 := add(_5, _7)
-                    let _9 := abi_encode_tuple_address(_8, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ expr_1)
-                    /// @src 2:9855:9887  "ERC20InvalidApprover(address(0))"
+                    let _9 := abi_encode_tuple_address(_8, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ expr_1)
+                    /// @src 2:10103:10135  "ERC20InvalidApprover(address(0))"
                     let _10 := sub(_9, _5)
                     revert(_5, _10)
                 }
-                /// @src 2:9911:9918  "spender"
+                /// @src 2:10159:10166  "spender"
                 let expr_2 := var_spender
-                /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
+                /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
                 let _11 := _1
-                let _12 := and(/** @src 2:9911:9932  "spender == address(0)" */ var_spender, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _1)
-                /// @src 2:9911:9932  "spender == address(0)"
-                let _13 := iszero(/** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _12)
-                /// @src 2:9907:9997  "if (spender == address(0)) {..."
-                if /** @src 2:9911:9932  "spender == address(0)" */ _13
-                /// @src 2:9907:9997  "if (spender == address(0)) {..."
+                let _12 := and(/** @src 2:10159:10180  "spender == address(0)" */ var_spender, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _1)
+                /// @src 2:10159:10180  "spender == address(0)"
+                let _13 := iszero(/** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _12)
+                /// @src 2:10155:10245  "if (spender == address(0)) {..."
+                if /** @src 2:10159:10180  "spender == address(0)" */ _13
+                /// @src 2:10155:10245  "if (spender == address(0)) {..."
                 {
-                    /// @src 2:9975:9985  "address(0)"
-                    let expr_3 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ 0
+                    /// @src 2:10223:10233  "address(0)"
+                    let expr_3 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ 0
                     let _14 := 64
-                    /// @src 2:9955:9986  "ERC20InvalidSpender(address(0))"
-                    let _15 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_14)
-                    /// @src 2:9955:9986  "ERC20InvalidSpender(address(0))"
+                    /// @src 2:10203:10234  "ERC20InvalidSpender(address(0))"
+                    let _15 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ mload(_14)
+                    /// @src 2:10203:10234  "ERC20InvalidSpender(address(0))"
                     let _16 := shl(225, 0x4a1406b1)
                     mstore(_15, _16)
                     let _17 := 4
                     let _18 := add(_15, _17)
-                    let _19 := abi_encode_tuple_address(_18, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ expr_3)
-                    /// @src 2:9955:9986  "ERC20InvalidSpender(address(0))"
+                    let _19 := abi_encode_tuple_address(_18, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ expr_3)
+                    /// @src 2:10203:10234  "ERC20InvalidSpender(address(0))"
                     let _20 := sub(_19, _15)
                     revert(_15, _20)
                 }
-                /// @src 2:10036:10041  "value"
+                /// @src 2:10284:10289  "value"
                 let expr_4 := var_value
-                /// @src 2:10006:10017  "_allowances"
+                /// @src 2:10254:10265  "_allowances"
                 let _21 := 0x01
-                /// @src 2:10006:10024  "_allowances[owner]"
-                let _22 := mapping_index_access_mapping_address_mapping_address_uint256_of_address(/** @src 2:10006:10017  "_allowances" */ _21, /** @src 2:10018:10023  "owner" */ var_owner)
-                /// @src 2:10006:10033  "_allowances[owner][spender]"
-                let _23 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:10006:10024  "_allowances[owner]" */ _22, /** @src 2:10025:10032  "spender" */ var_spender)
-                /// @src 2:10006:10041  "_allowances[owner][spender] = value"
-                update_storage_value_offsett_uint256_to_uint256(/** @src 2:10006:10033  "_allowances[owner][spender]" */ _23, /** @src 2:10006:10041  "_allowances[owner][spender] = value" */ var_value)
-                /// @src 2:10051:10127  "if (emitEvent) {..."
-                if /** @src 2:10055:10064  "emitEvent" */ var_emitEvent
-                /// @src 2:10051:10127  "if (emitEvent) {..."
+                /// @src 2:10254:10272  "_allowances[owner]"
+                let _22 := mapping_index_access_mapping_address_mapping_address_uint256_of_address(/** @src 2:10254:10265  "_allowances" */ _21, /** @src 2:10266:10271  "owner" */ var_owner)
+                /// @src 2:10254:10281  "_allowances[owner][spender]"
+                let _23 := mapping_index_access_mapping_address_uint256_of_address(/** @src 2:10254:10272  "_allowances[owner]" */ _22, /** @src 2:10273:10280  "spender" */ var_spender)
+                /// @src 2:10254:10289  "_allowances[owner][spender] = value"
+                update_storage_value_offsett_uint256_to_uint256(/** @src 2:10254:10281  "_allowances[owner][spender]" */ _23, /** @src 2:10254:10289  "_allowances[owner][spender] = value" */ var_value)
+                /// @src 2:10299:10375  "if (emitEvent) {..."
+                if /** @src 2:10303:10312  "emitEvent" */ var_emitEvent
+                /// @src 2:10299:10375  "if (emitEvent) {..."
                 {
-                    /// @src 2:10094:10099  "owner"
+                    /// @src 2:10342:10347  "owner"
                     let expr_5 := var_owner
-                    /// @src 2:10101:10108  "spender"
+                    /// @src 2:10349:10356  "spender"
                     let expr_6 := var_spender
-                    /// @src 2:10110:10115  "value"
+                    /// @src 2:10358:10363  "value"
                     let expr_7 := var_value
-                    /// @src 2:10085:10116  "Approval(owner, spender, value)"
+                    /// @src 2:10333:10364  "Approval(owner, spender, value)"
                     let _24 := 0x8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925
-                    let _25 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _2
-                    /// @src 2:10085:10116  "Approval(owner, spender, value)"
-                    let _26 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _12
+                    let _25 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _2
+                    /// @src 2:10333:10364  "Approval(owner, spender, value)"
+                    let _26 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _12
                     let _27 := 64
-                    /// @src 2:10085:10116  "Approval(owner, spender, value)"
-                    let _28 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_27)
-                    /// @src 2:10085:10116  "Approval(owner, spender, value)"
+                    /// @src 2:10333:10364  "Approval(owner, spender, value)"
+                    let _28 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ mload(_27)
+                    /// @src 2:10333:10364  "Approval(owner, spender, value)"
                     let _29 := abi_encode_uint256(_28, var_value)
                     let _30 := sub(_29, _28)
                     log3(_28, _30, _24, _2, _12)
                 }
             }
-            /// @ast-id 528 @src 2:10415:10891  "function _spendAllowance(address owner, address spender, uint256 value) internal virtual {..."
+            /// @ast-id 534 @src 2:10663:11140  "function _spendAllowance(address owner, address spender, uint256 value) internal virtual {..."
             function fun_spendAllowance(var_owner, var_spender, var_value)
             {
-                /// @src 2:10514:10566  "uint256 currentAllowance = allowance(owner, spender)"
-                let var_currentAllowance := /** @src 2:10541:10566  "allowance(owner, spender)" */ fun_allowance(/** @src 2:10551:10556  "owner" */ var_owner, /** @src 2:10558:10565  "spender" */ var_spender)
-                /// @src 2:10599:10616  "type(uint256).max"
+                /// @src 2:10762:10814  "uint256 currentAllowance = allowance(owner, spender)"
+                let var_currentAllowance := /** @src 2:10789:10814  "allowance(owner, spender)" */ fun_allowance(/** @src 2:10799:10804  "owner" */ var_owner, /** @src 2:10806:10813  "spender" */ var_spender)
+                /// @src 2:10848:10865  "type(uint256).max"
                 let _1 := not(0)
-                /// @src 2:10580:10616  "currentAllowance < type(uint256).max"
-                let _2 := lt(/** @src 2:10580:10596  "currentAllowance" */ var_currentAllowance, /** @src 2:10599:10616  "type(uint256).max" */ _1)
-                /// @src 2:10576:10885  "if (currentAllowance < type(uint256).max) {..."
-                if /** @src 2:10580:10616  "currentAllowance < type(uint256).max" */ _2
-                /// @src 2:10576:10885  "if (currentAllowance < type(uint256).max) {..."
+                /// @src 2:10828:10865  "currentAllowance != type(uint256).max"
+                let _2 := eq(/** @src 2:10828:10844  "currentAllowance" */ var_currentAllowance, /** @src 2:10848:10865  "type(uint256).max" */ _1)
+                /// @src 2:10828:10865  "currentAllowance != type(uint256).max"
+                let _3 := iszero(_2)
+                /// @src 2:10824:11134  "if (currentAllowance != type(uint256).max) {..."
+                if /** @src 2:10828:10865  "currentAllowance != type(uint256).max" */ _3
+                /// @src 2:10824:11134  "if (currentAllowance != type(uint256).max) {..."
                 {
-                    /// @src 2:10636:10660  "currentAllowance < value"
-                    let _3 := lt(/** @src 2:10636:10652  "currentAllowance" */ var_currentAllowance, /** @src 2:10655:10660  "value" */ var_value)
-                    /// @src 2:10632:10762  "if (currentAllowance < value) {..."
-                    if /** @src 2:10636:10660  "currentAllowance < value" */ _3
-                    /// @src 2:10632:10762  "if (currentAllowance < value) {..."
+                    /// @src 2:10885:10909  "currentAllowance < value"
+                    let _4 := lt(/** @src 2:10885:10901  "currentAllowance" */ var_currentAllowance, /** @src 2:10904:10909  "value" */ var_value)
+                    /// @src 2:10881:11011  "if (currentAllowance < value) {..."
+                    if /** @src 2:10885:10909  "currentAllowance < value" */ _4
+                    /// @src 2:10881:11011  "if (currentAllowance < value) {..."
                     {
-                        /// @src 2:10714:10721  "spender"
+                        /// @src 2:10963:10970  "spender"
                         let expr := var_spender
-                        /// @src 2:10723:10739  "currentAllowance"
+                        /// @src 2:10972:10988  "currentAllowance"
                         let expr_1 := var_currentAllowance
-                        /// @src 2:10741:10746  "value"
+                        /// @src 2:10990:10995  "value"
                         let expr_2 := var_value
-                        /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
-                        let _4 := 64
-                        /// @src 2:10687:10747  "ERC20InsufficientAllowance(spender, currentAllowance, value)"
-                        let _5 := /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ mload(_4)
-                        /// @src 2:10687:10747  "ERC20InsufficientAllowance(spender, currentAllowance, value)"
-                        let _6 := shl(225, 0x7dc7a0d9)
-                        mstore(_5, _6)
-                        let _7 := 4
-                        let _8 := add(_5, _7)
-                        let _9 := abi_encode_address_uint256_uint256(_8, var_spender, var_currentAllowance, var_value)
-                        let _10 := sub(_9, _5)
-                        revert(_5, _10)
+                        /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+                        let _5 := 64
+                        /// @src 2:10936:10996  "ERC20InsufficientAllowance(spender, currentAllowance, value)"
+                        let _6 := /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ mload(_5)
+                        /// @src 2:10936:10996  "ERC20InsufficientAllowance(spender, currentAllowance, value)"
+                        let _7 := shl(225, 0x7dc7a0d9)
+                        mstore(_6, _7)
+                        let _8 := 4
+                        let _9 := add(_6, _8)
+                        let _10 := abi_encode_address_uint256_uint256(_9, var_spender, var_currentAllowance, var_value)
+                        let _11 := sub(_10, _6)
+                        revert(_6, _11)
                     }
-                    /// @src 2:10812:10817  "owner"
+                    /// @src 2:11061:11066  "owner"
                     let expr_3 := var_owner
-                    /// @src 2:10819:10826  "spender"
+                    /// @src 2:11068:11075  "spender"
                     let expr_4 := var_spender
-                    /// @src 2:10854:10859  "false"
-                    let _11 := 0x00
-                    /// @src 1:82:161  "contract ERC20Shim is ERC20 {..."
-                    let _12 := sub(/** @src 2:10828:10844  "currentAllowance" */ var_currentAllowance, /** @src 2:10847:10852  "value" */ var_value)
-                    /// @src 2:10854:10859  "false"
-                    fun__approve(var_owner, var_spender, /** @src 1:82:161  "contract ERC20Shim is ERC20 {..." */ _12, /** @src 2:10854:10859  "false" */ _11)
+                    /// @src 2:11103:11108  "false"
+                    let _12 := 0x00
+                    /// @src 1:82:197  "contract ERC20Shim is ERC20 {..."
+                    let _13 := sub(/** @src 2:11077:11093  "currentAllowance" */ var_currentAllowance, /** @src 2:11096:11101  "value" */ var_value)
+                    /// @src 2:11103:11108  "false"
+                    fun__approve(var_owner, var_spender, /** @src 1:82:197  "contract ERC20Shim is ERC20 {..." */ _13, /** @src 2:11103:11108  "false" */ _12)
                 }
             }
-            /// @ast-id 782 @src 5:656:752  "function _msgSender() internal view virtual returns (address) {..."
+            /// @ast-id 788 @src 5:656:752  "function _msgSender() internal view virtual returns (address) {..."
             function fun_msgSender() -> var
             {
                 /// @src 5:728:745  "return msg.sender"
                 var := /** @src 5:735:745  "msg.sender" */ caller()
             }
         }
-        data ".metadata" hex"a2646970667358221220e124d3304315e49a13a11d4379533b7d9c2fb14642277dba92735950eb596d5e64736f6c63430008150033"
+        data ".metadata" hex"a26469706673582212203d932434e4bd4197eab8db2a518b0e9104ba58a8d5544c262968763c71506a0b64736f6c63430008150033"
     }
 }
 

From 6848b5db050a10fcceca0ebdaa0652d403226722 Mon Sep 17 00:00:00 2001
From: Daniel Britten <Coda-Coda@users.noreply.github.com>
Date: Thu, 5 Dec 2024 04:14:47 +0000
Subject: [PATCH 89/89] Rerun `vc` tool with updated `erc20shim.yul` Deleted
 `ERC20Shim` folder (and `All.lean`), regenerated using `vc`, then manually
 reverted some files in order to keep existing specs and proofs.

---
 All.lean                                      |  18 +-
 .../Common/if_2130076443351184838.lean        |  23 +++
 ...n.lean => if_2130076443351184838_gen.lean} |  28 +--
 ....lean => if_2130076443351184838_user.lean} |  10 +-
 .../Common/if_3856757177752523473.lean        |  23 ---
 .../Common/if_5327145078839977110.lean        |  25 +++
 ...n.lean => if_5327145078839977110_gen.lean} |  42 ++--
 ....lean => if_5327145078839977110_user.lean} |  12 +-
 .../Common/if_8475192588736690919.lean        |  25 ---
 .../erc20shim/ERC20Shim/fun_approve.lean      |   2 +-
 ..._approve_420.lean => fun_approve_426.lean} |  12 +-
 ..._420_gen.lean => fun_approve_426_gen.lean} |  10 +-
 ...20_user.lean => fun_approve_426_user.lean} |  12 +-
 .../erc20shim/ERC20Shim/fun_approve_gen.lean  |   6 +-
 .../erc20shim/ERC20Shim/fun_approve_user.lean |   2 +-
 .../erc20shim/ERC20Shim/fun_balanceOf.lean    |   6 +-
 .../ERC20Shim/fun_balanceOf_gen.lean          |  12 +-
 .../ERC20Shim/fun_balanceOf_user.lean         | 184 +-----------------
 .../ERC20Shim/fun_spendAllowance.lean         |   2 +-
 .../ERC20Shim/fun_spendAllowance_gen.lean     |  44 +++--
 .../ERC20Shim/fun_spendAllowance_user.lean    |   2 +-
 .../erc20shim/ERC20Shim/fun_totalSupply.lean  |   6 +-
 .../ERC20Shim/fun_totalSupply_gen.lean        |  12 +-
 23 files changed, 177 insertions(+), 341 deletions(-)
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838.lean
 rename Generated/erc20shim/ERC20Shim/Common/{if_3856757177752523473_gen.lean => if_2130076443351184838_gen.lean} (89%)
 rename Generated/erc20shim/ERC20Shim/Common/{if_3856757177752523473_user.lean => if_2130076443351184838_user.lean} (54%)
 delete mode 100644 Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473.lean
 create mode 100644 Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110.lean
 rename Generated/erc20shim/ERC20Shim/Common/{if_8475192588736690919_gen.lean => if_5327145078839977110_gen.lean} (78%)
 rename Generated/erc20shim/ERC20Shim/Common/{if_8475192588736690919_user.lean => if_5327145078839977110_user.lean} (54%)
 delete mode 100644 Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919.lean
 rename Generated/erc20shim/ERC20Shim/{fun_approve_420.lean => fun_approve_426.lean} (55%)
 rename Generated/erc20shim/ERC20Shim/{fun_approve_420_gen.lean => fun_approve_426_gen.lean} (91%)
 rename Generated/erc20shim/ERC20Shim/{fun_approve_420_user.lean => fun_approve_426_user.lean} (56%)

diff --git a/All.lean b/All.lean
index 43ce68a..89ddd71 100644
--- a/All.lean
+++ b/All.lean
@@ -1,7 +1,7 @@
 import Generated.erc20shim.ERC20Shim.fun_transfer_gen
 import Generated.erc20shim.ERC20Shim.abi_decode_addresst_addresst_uint256_gen
-import Generated.erc20shim.ERC20Shim.fun_approve_420_user
 import Generated.erc20shim.ERC20Shim.fun_msgSender_gen
+import Generated.erc20shim.ERC20Shim.fun_approve_426_gen
 import Generated.erc20shim.ERC20Shim.fun__approve_gen
 import Generated.erc20shim.ERC20Shim.revert_error_42b3090547df1d2001c96683413b8cf91c1b902ef5e3cb8d9f6f304cf7446f74
 import Generated.erc20shim.ERC20Shim.fun__approve
@@ -111,6 +111,7 @@ import Generated.erc20shim.ERC20Shim.abi_encode_string_storage
 import Generated.erc20shim.ERC20Shim.validator_revert_address_gen
 import Generated.erc20shim.ERC20Shim.validator_revert_address_user
 import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_mapping_address_uint256_of_address_gen
+import Generated.erc20shim.ERC20Shim.fun_approve_426
 import Generated.erc20shim.ERC20Shim.fun_approve_gen
 import Generated.erc20shim.ERC20Shim.fun_msgSender_user
 import Generated.erc20shim.ERC20Shim.abi_encode_uint256_to_uint256
@@ -135,13 +136,12 @@ import Generated.erc20shim.ERC20Shim.validator_revert_uint256_user
 import Generated.erc20shim.ERC20Shim.abi_encode_address
 import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256_user
 import Generated.erc20shim.ERC20Shim.fun_totalSupply_gen
-import Generated.erc20shim.ERC20Shim.fun_approve_420
+import Generated.erc20shim.ERC20Shim.fun_approve_426_user
 import Generated.erc20shim.ERC20Shim.panic_error_0x22
 import Generated.erc20shim.ERC20Shim.abi_decode_gen
 import Generated.erc20shim.ERC20Shim.array_storeLengthForEncoding_string
 import Generated.erc20shim.ERC20Shim.fun_transfer
 import Generated.erc20shim.ERC20Shim.fun_spendAllowance_user
-import Generated.erc20shim.ERC20Shim.fun_approve_420_gen
 import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address_user
 import Generated.erc20shim.ERC20Shim.fun_balanceOf
 import Generated.erc20shim.ERC20Shim.abi_decode_addresst_uint256_gen
@@ -164,20 +164,19 @@ import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229
 import Generated.erc20shim.ERC20Shim.Common.if_2792370840247009933
 import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657_gen
 import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657_user
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838_user
 import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831_gen
 import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506_user
-import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919_user
 import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941_gen
 import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189_gen
 import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899
 import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326
 import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734
-import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473_user
 import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942_gen
-import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473
 import Generated.erc20shim.ERC20Shim.Common.if_5042234445269809685_user
 import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734_gen
 import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838_gen
 import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040_user
 import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506
 import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172
@@ -190,31 +189,32 @@ import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348_gen
 import Generated.erc20shim.ERC20Shim.Common.if_3812165059632449189_user
 import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172_gen
 import Generated.erc20shim.ERC20Shim.Common.if_5042234445269809685
-import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473_gen
 import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040_gen
-import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919
 import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831_user
 import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225
 import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335
 import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225_gen
 import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941
 import Generated.erc20shim.ERC20Shim.Common.if_9141570808380448040
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838
 import Generated.erc20shim.ERC20Shim.Common.for_1821242857744567453_gen
 import Generated.erc20shim.ERC20Shim.Common.if_9222169807163418225_user
 import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229_user
 import Generated.erc20shim.ERC20Shim.Common.switch_2364266820542243941_user
 import Generated.erc20shim.ERC20Shim.Common.switch_1041419350816529734_user
 import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348_user
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110
 import Generated.erc20shim.ERC20Shim.Common.if_4692225504622348326_gen
 import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942
 import Generated.erc20shim.ERC20Shim.Common.if_4024499920364541172_user
-import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919_gen
 import Generated.erc20shim.ERC20Shim.Common.if_384845947645085899_gen
 import Generated.erc20shim.ERC20Shim.Common.for_6088573059593786335_user
 import Generated.erc20shim.ERC20Shim.Common.switch_8164987986085659348
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110_user
 import Generated.erc20shim.ERC20Shim.Common.if_3989404597755436942_user
 import Generated.erc20shim.ERC20Shim.Common.if_2395397427938978657
 import Generated.erc20shim.ERC20Shim.Common.if_1438067688173587229_gen
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110_gen
 import Generated.erc20shim.ERC20Shim.Common.if_2792370840247009933_gen
 import Generated.erc20shim.ERC20Shim.Common.if_7164014626810332831
 import Generated.erc20shim.ERC20Shim.Common.if_8073281237182003506_gen
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838.lean b/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838.lean
new file mode 100644
index 0000000..7dae188
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838.lean
@@ -0,0 +1,23 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
+
+lemma if_2130076443351184838_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_2130076443351184838 s₀ = s₉ →
+        Spec A_if_2130076443351184838 s₀ s₉ :=
+  λ _ h ↦ if_2130076443351184838_abs_of_concrete (if_2130076443351184838_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_gen.lean
similarity index 89%
rename from Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473_gen.lean
rename to Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_gen.lean
index bd26a86..d27bf16 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_gen.lean
@@ -9,37 +9,37 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-def if_3856757177752523473 := <s
-  if _3 
+def if_2130076443351184838 := <s
+  if _4 
 {
     let expr := var_spender
     let expr_1 := var_currentAllowance
     let expr_2 := var_value
-    let _4 := 64
-    let _5 := mload(_4)
-    let _6 := shl(225, 2110234841)
-    mstore(_5, _6)
-    let _7 := 4
-    let _8 := add(_5, _7)
-    let _9 := abi_encode_address_uint256_uint256(_8, var_spender, var_currentAllowance, var_value)
-    let _10 := sub(_9, _5)
-    revert(_5, _10)
+    let _5 := 64
+    let _6 := mload(_5)
+    let _7 := shl(225, 2110234841)
+    mstore(_6, _7)
+    let _8 := 4
+    let _9 := add(_6, _8)
+    let _10 := abi_encode_address_uint256_uint256(_9, var_spender, var_currentAllowance, var_value)
+    let _11 := sub(_10, _6)
+    revert(_6, _11)
 }
 >
 
 set_option maxRecDepth 5000
 set_option maxHeartbeats 400000
 
-def if_3856757177752523473_concrete_of_code : {
+def if_2130076443351184838_concrete_of_code : {
     C : State → State → Prop
     // ∀ {s₀ s₉ fuel}
-    , exec fuel if_3856757177752523473 s₀ = s₉
+    , exec fuel if_2130076443351184838 s₀ = s₉
     → Spec C s₀ s₉
   } := by
   constructor
   intros s₀ s₉ fuel
 
-  unfold Spec if_3856757177752523473
+  unfold Spec if_2130076443351184838
   rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
   rotate_left 1
   · generalize If _ _ = f; aesop
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_user.lean
similarity index 54%
rename from Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473_user.lean
rename to Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_user.lean
index cff7d37..a1df7c6 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473_user.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_2130076443351184838_user.lean
@@ -2,7 +2,7 @@ import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
 
-import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473_gen
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838_gen
 
 
 namespace ERC20Shim.Common
@@ -11,11 +11,11 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-def A_if_3856757177752523473 (s₀ s₉ : State) : Prop := sorry
+def A_if_2130076443351184838 (s₀ s₉ : State) : Prop := sorry
 
-lemma if_3856757177752523473_abs_of_concrete {s₀ s₉ : State} :
-  Spec if_3856757177752523473_concrete_of_code s₀ s₉ →
-  Spec A_if_3856757177752523473 s₀ s₉ := by
+lemma if_2130076443351184838_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_2130076443351184838_concrete_of_code s₀ s₉ →
+  Spec A_if_2130076443351184838 s₀ s₉ := by
   sorry
 
 end
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473.lean b/Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473.lean
deleted file mode 100644
index 5179389..0000000
--- a/Generated/erc20shim/ERC20Shim/Common/if_3856757177752523473.lean
+++ /dev/null
@@ -1,23 +0,0 @@
-import Clear.ReasoningPrinciple
-
-import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
-
-import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473_gen
-
-import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473_user
-
-
-namespace ERC20Shim.Common
-
-section
-
-open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
-
-lemma if_3856757177752523473_abs_of_code {s₀ : State} {fuel : Nat} :
-  ∀ s₉, exec fuel if_3856757177752523473 s₀ = s₉ →
-        Spec A_if_3856757177752523473 s₀ s₉ :=
-  λ _ h ↦ if_3856757177752523473_abs_of_concrete (if_3856757177752523473_concrete_of_code.2 h)
-
-end
-
-end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110.lean b/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110.lean
new file mode 100644
index 0000000..f1e1110
--- /dev/null
+++ b/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110.lean
@@ -0,0 +1,25 @@
+import Clear.ReasoningPrinciple
+
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838
+import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
+import Generated.erc20shim.ERC20Shim.fun__approve
+
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110_gen
+
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110_user
+
+
+namespace ERC20Shim.Common
+
+section
+
+open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
+
+lemma if_5327145078839977110_abs_of_code {s₀ : State} {fuel : Nat} :
+  ∀ s₉, exec fuel if_5327145078839977110 s₀ = s₉ →
+        Spec A_if_5327145078839977110 s₀ s₉ :=
+  λ _ h ↦ if_5327145078839977110_abs_of_concrete (if_5327145078839977110_concrete_of_code.2 h)
+
+end
+
+end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919_gen.lean b/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_gen.lean
similarity index 78%
rename from Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919_gen.lean
rename to Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_gen.lean
index 8499ab5..b79f492 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_gen.lean
@@ -1,6 +1,6 @@
 import Clear.ReasoningPrinciple
 
-import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838
 import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
 import Generated.erc20shim.ERC20Shim.fun__approve
 
@@ -11,46 +11,46 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
 
-def if_8475192588736690919 := <s
-  if _2 
+def if_5327145078839977110 := <s
+  if _3 
 {
-    let _3 := lt(var_currentAllowance, var_value)
-    if _3 
+    let _4 := lt(var_currentAllowance, var_value)
+    if _4 
     {
         let expr := var_spender
         let expr_1 := var_currentAllowance
         let expr_2 := var_value
-        let _4 := 64
-        let _5 := mload(_4)
-        let _6 := shl(225, 2110234841)
-        mstore(_5, _6)
-        let _7 := 4
-        let _8 := add(_5, _7)
-        let _9 := abi_encode_address_uint256_uint256(_8, var_spender, var_currentAllowance, var_value)
-        let _10 := sub(_9, _5)
-        revert(_5, _10)
+        let _5 := 64
+        let _6 := mload(_5)
+        let _7 := shl(225, 2110234841)
+        mstore(_6, _7)
+        let _8 := 4
+        let _9 := add(_6, _8)
+        let _10 := abi_encode_address_uint256_uint256(_9, var_spender, var_currentAllowance, var_value)
+        let _11 := sub(_10, _6)
+        revert(_6, _11)
     }
     let expr_3 := var_owner
     let expr_4 := var_spender
-    let _11 := 0
-    let _12 := sub(var_currentAllowance, var_value)
-    fun__approve(var_owner, var_spender, _12, _11)
+    let _12 := 0
+    let _13 := sub(var_currentAllowance, var_value)
+    fun__approve(var_owner, var_spender, _13, _12)
 }
 >
 
 set_option maxRecDepth 5000
 set_option maxHeartbeats 400000
 
-def if_8475192588736690919_concrete_of_code : {
+def if_5327145078839977110_concrete_of_code : {
     C : State → State → Prop
     // ∀ {s₀ s₉ fuel}
-    , exec fuel if_8475192588736690919 s₀ = s₉
+    , exec fuel if_5327145078839977110 s₀ = s₉
     → Spec C s₀ s₉
   } := by
   constructor
   intros s₀ s₉ fuel
 
-  unfold Spec if_8475192588736690919
+  unfold Spec if_5327145078839977110
   rcases s₀ with ⟨evm₀, store₀⟩ | _ | c <;> dsimp only
   rotate_left 1
   · generalize If _ _ = f; aesop
@@ -74,7 +74,7 @@ def if_8475192588736690919_concrete_of_code : {
   -- abstraction offsetting
   rw [cons]
   generalize hxs : Block _ = xs
-  abstract if_3856757177752523473_abs_of_code if_3856757177752523473 with ss hs
+  abstract if_2130076443351184838_abs_of_code if_2130076443351184838 with ss hs
   try rw [← hs₁, hok] at hs
   intros h
   try intros h'
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919_user.lean b/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_user.lean
similarity index 54%
rename from Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919_user.lean
rename to Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_user.lean
index 0de7810..781b147 100644
--- a/Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919_user.lean
+++ b/Generated/erc20shim/ERC20Shim/Common/if_5327145078839977110_user.lean
@@ -1,10 +1,10 @@
 import Clear.ReasoningPrinciple
 
-import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473
+import Generated.erc20shim.ERC20Shim.Common.if_2130076443351184838
 import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
 import Generated.erc20shim.ERC20Shim.fun__approve
 
-import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919_gen
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110_gen
 
 
 namespace ERC20Shim.Common
@@ -13,11 +13,11 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
 
-def A_if_8475192588736690919 (s₀ s₉ : State) : Prop := sorry
+def A_if_5327145078839977110 (s₀ s₉ : State) : Prop := sorry
 
-lemma if_8475192588736690919_abs_of_concrete {s₀ s₉ : State} :
-  Spec if_8475192588736690919_concrete_of_code s₀ s₉ →
-  Spec A_if_8475192588736690919 s₀ s₉ := by
+lemma if_5327145078839977110_abs_of_concrete {s₀ s₉ : State} :
+  Spec if_5327145078839977110_concrete_of_code s₀ s₉ →
+  Spec A_if_5327145078839977110 s₀ s₉ := by
   sorry
 
 end
diff --git a/Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919.lean b/Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919.lean
deleted file mode 100644
index cbd184c..0000000
--- a/Generated/erc20shim/ERC20Shim/Common/if_8475192588736690919.lean
+++ /dev/null
@@ -1,25 +0,0 @@
-import Clear.ReasoningPrinciple
-
-import Generated.erc20shim.ERC20Shim.Common.if_3856757177752523473
-import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
-import Generated.erc20shim.ERC20Shim.fun__approve
-
-import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919_gen
-
-import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919_user
-
-
-namespace ERC20Shim.Common
-
-section
-
-open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities ERC20Shim.Common Generated.erc20shim ERC20Shim
-
-lemma if_8475192588736690919_abs_of_code {s₀ : State} {fuel : Nat} :
-  ∀ s₉, exec fuel if_8475192588736690919 s₀ = s₉ →
-        Spec A_if_8475192588736690919 s₀ s₉ :=
-  λ _ h ↦ if_8475192588736690919_abs_of_concrete (if_8475192588736690919_concrete_of_code.2 h)
-
-end
-
-end ERC20Shim.Common
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve.lean b/Generated/erc20shim/ERC20Shim/fun_approve.lean
index 820f5e4..bf6c67e 100644
--- a/Generated/erc20shim/ERC20Shim/fun_approve.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_approve.lean
@@ -1,7 +1,7 @@
 import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.fun_msgSender
-import Generated.erc20shim.ERC20Shim.fun_approve_420
+import Generated.erc20shim.ERC20Shim.fun_approve_426
 
 import Generated.erc20shim.ERC20Shim.fun_approve_gen
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve_420.lean b/Generated/erc20shim/ERC20Shim/fun_approve_426.lean
similarity index 55%
rename from Generated/erc20shim/ERC20Shim/fun_approve_420.lean
rename to Generated/erc20shim/ERC20Shim/fun_approve_426.lean
index 5d961c8..cd1d8c1 100644
--- a/Generated/erc20shim/ERC20Shim/fun_approve_420.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_approve_426.lean
@@ -2,9 +2,9 @@ import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.fun__approve
 
-import Generated.erc20shim.ERC20Shim.fun_approve_420_gen
+import Generated.erc20shim.ERC20Shim.fun_approve_426_gen
 
-import Generated.erc20shim.ERC20Shim.fun_approve_420_user
+import Generated.erc20shim.ERC20Shim.fun_approve_426_user
 
 
 namespace Generated.erc20shim.ERC20Shim
@@ -13,10 +13,10 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-lemma fun_approve_420_abs_of_code {s₀ s₉ : State} { var_owner var_spender var_value} {fuel : Nat} :
-  execCall fuel fun_approve_420 [] (s₀, [var_owner, var_spender, var_value]) = s₉ →
-  Spec (A_fun_approve_420  var_owner var_spender var_value) s₀ s₉
-:= λ h ↦ fun_approve_420_abs_of_concrete (fun_approve_420_concrete_of_code.2 h)
+lemma fun_approve_426_abs_of_code {s₀ s₉ : State} { var_owner var_spender var_value} {fuel : Nat} :
+  execCall fuel fun_approve_426 [] (s₀, [var_owner, var_spender, var_value]) = s₉ →
+  Spec (A_fun_approve_426  var_owner var_spender var_value) s₀ s₉
+:= λ h ↦ fun_approve_426_abs_of_concrete (fun_approve_426_concrete_of_code.2 h)
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve_420_gen.lean b/Generated/erc20shim/ERC20Shim/fun_approve_426_gen.lean
similarity index 91%
rename from Generated/erc20shim/ERC20Shim/fun_approve_420_gen.lean
rename to Generated/erc20shim/ERC20Shim/fun_approve_426_gen.lean
index 2b70feb..104b732 100644
--- a/Generated/erc20shim/ERC20Shim/fun_approve_420_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_approve_426_gen.lean
@@ -9,8 +9,8 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-def fun_approve_420 : FunctionDefinition := <f
-    function fun_approve_420(var_owner, var_spender, var_value) -> 
+def fun_approve_426 : FunctionDefinition := <f
+    function fun_approve_426(var_owner, var_spender, var_value) -> 
     
 {
     let expr := var_owner
@@ -23,18 +23,18 @@ def fun_approve_420 : FunctionDefinition := <f
 set_option maxRecDepth 4000
 set_option maxHeartbeats 300000
 
-def fun_approve_420_concrete_of_code
+def fun_approve_426_concrete_of_code
 : {
     C :
       _ → _ → _ → 
       State → State → Prop
     // ∀ {s₀ s₉ : State} { var_owner var_spender var_value fuel},
-         execCall fuel fun_approve_420 [] (s₀, [var_owner, var_spender, var_value]) = s₉ →
+         execCall fuel fun_approve_426 [] (s₀, [var_owner, var_spender, var_value]) = s₉ →
          Spec (C  var_owner var_spender var_value) s₀ s₉
   } := by
   constructor
   intros s₀ s₉  var_owner var_spender var_value fuel
-  unfold fun_approve_420
+  unfold fun_approve_426
 
   unfold Spec
   rcases s₀ with ⟨evm, store⟩ | _ | c <;> dsimp only
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve_420_user.lean b/Generated/erc20shim/ERC20Shim/fun_approve_426_user.lean
similarity index 56%
rename from Generated/erc20shim/ERC20Shim/fun_approve_420_user.lean
rename to Generated/erc20shim/ERC20Shim/fun_approve_426_user.lean
index 630e5c8..87964c8 100644
--- a/Generated/erc20shim/ERC20Shim/fun_approve_420_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_approve_426_user.lean
@@ -2,7 +2,7 @@ import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.fun__approve
 
-import Generated.erc20shim.ERC20Shim.fun_approve_420_gen
+import Generated.erc20shim.ERC20Shim.fun_approve_426_gen
 
 
 namespace Generated.erc20shim.ERC20Shim
@@ -11,12 +11,12 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-def A_fun_approve_420  (var_owner var_spender var_value : Literal) (s₀ s₉ : State) : Prop := sorry
+def A_fun_approve_426  (var_owner var_spender var_value : Literal) (s₀ s₉ : State) : Prop := sorry
 
-lemma fun_approve_420_abs_of_concrete {s₀ s₉ : State} { var_owner var_spender var_value} :
-  Spec (fun_approve_420_concrete_of_code.1  var_owner var_spender var_value) s₀ s₉ →
-  Spec (A_fun_approve_420  var_owner var_spender var_value) s₀ s₉ := by
-  unfold fun_approve_420_concrete_of_code A_fun_approve_420
+lemma fun_approve_426_abs_of_concrete {s₀ s₉ : State} { var_owner var_spender var_value} :
+  Spec (fun_approve_426_concrete_of_code.1  var_owner var_spender var_value) s₀ s₉ →
+  Spec (A_fun_approve_426  var_owner var_spender var_value) s₀ s₉ := by
+  unfold fun_approve_426_concrete_of_code A_fun_approve_426
   sorry
 
 end
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve_gen.lean b/Generated/erc20shim/ERC20Shim/fun_approve_gen.lean
index a04706a..e069150 100644
--- a/Generated/erc20shim/ERC20Shim/fun_approve_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_approve_gen.lean
@@ -1,7 +1,7 @@
 import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.fun_msgSender
-import Generated.erc20shim.ERC20Shim.fun_approve_420
+import Generated.erc20shim.ERC20Shim.fun_approve_426
 
 
 namespace Generated.erc20shim.ERC20Shim
@@ -15,7 +15,7 @@ def fun_approve : FunctionDefinition := <f
     
 {
     let _1 := fun_msgSender()
-    fun_approve_420(_1, var_spender, var_value)
+    fun_approve_426(_1, var_spender, var_value)
     var := 1
 }
     
@@ -83,7 +83,7 @@ def fun_approve_concrete_of_code
   generalize hs : execCall _ _ _ _ = s; try rw [← hs₁, hok] at hs
   intros h
   try intros h'
-  refine' Exists.intro s (And.intro (fun_approve_420_abs_of_code hs) ?_)
+  refine' Exists.intro s (And.intro (fun_approve_426_abs_of_code hs) ?_)
   swap; clear hs
   try revert h'
   revert h
diff --git a/Generated/erc20shim/ERC20Shim/fun_approve_user.lean b/Generated/erc20shim/ERC20Shim/fun_approve_user.lean
index ffa7f5e..37f8a7b 100644
--- a/Generated/erc20shim/ERC20Shim/fun_approve_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_approve_user.lean
@@ -1,7 +1,7 @@
 import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.fun_msgSender
-import Generated.erc20shim.ERC20Shim.fun_approve_420
+import Generated.erc20shim.ERC20Shim.fun_approve_426
 
 import Generated.erc20shim.ERC20Shim.fun_approve_gen
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf.lean
index c2b9b22..4543348 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf.lean
@@ -13,9 +13,9 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-lemma fun_balanceOf_abs_of_code {s₀ s₉ : State} {var var_account} {fuel : Nat} :
-  execCall fuel fun_balanceOf [var] (s₀, [var_account]) = s₉ →
-  Spec (A_fun_balanceOf var var_account) s₀ s₉
+lemma fun_balanceOf_abs_of_code {s₀ s₉ : State} {var_ var_account} {fuel : Nat} :
+  execCall fuel fun_balanceOf [var_] (s₀, [var_account]) = s₉ →
+  Spec (A_fun_balanceOf var_ var_account) s₀ s₉
 := λ h ↦ fun_balanceOf_abs_of_concrete (fun_balanceOf_concrete_of_code.2 h)
 
 end
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean
index 3f76422..2ef81b3 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_gen.lean
@@ -10,12 +10,12 @@ section
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
 def fun_balanceOf : FunctionDefinition := <f
-    function fun_balanceOf(var_account) -> var
+    function fun_balanceOf(var_account) -> var_
     
 {
     let _1 := 0
     let _2 := mapping_index_access_mapping_address_uint256_of_address(_1, var_account)
-    var := sload(_2)
+    var_ := sload(_2)
 }
     
 >
@@ -28,12 +28,12 @@ def fun_balanceOf_concrete_of_code
     C :
       _ → _ → 
       State → State → Prop
-    // ∀ {s₀ s₉ : State} {var var_account fuel},
-         execCall fuel fun_balanceOf [var] (s₀, [var_account]) = s₉ →
-         Spec (C var var_account) s₀ s₉
+    // ∀ {s₀ s₉ : State} {var_ var_account fuel},
+         execCall fuel fun_balanceOf [var_] (s₀, [var_account]) = s₉ →
+         Spec (C var_ var_account) s₀ s₉
   } := by
   constructor
-  intros s₀ s₉ var var_account fuel
+  intros s₀ s₉ var_ var_account fuel
   unfold fun_balanceOf
 
   unfold Spec
diff --git a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
index 3dcb994..51b7c04 100644
--- a/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_balanceOf_user.lean
@@ -1,9 +1,9 @@
 import Clear.ReasoningPrinciple
 
--- import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+import Generated.erc20shim.ERC20Shim.mapping_index_access_mapping_address_uint256_of_address
+
 import Generated.erc20shim.ERC20Shim.fun_balanceOf_gen
 
-import Generated.erc20shim.ERC20Shim.Predicate
 
 namespace Generated.erc20shim.ERC20Shim
 
@@ -11,183 +11,13 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities Generated.erc20shim ERC20Shim
 
-section PleaseMoveTheseWhereAppropriatte
-
-variable {jmp : Jump}
-
-@[simp]
-lemma hash_collision_evm_Checkpoint_eq_false : (Checkpoint jmp).evm.hash_collision = false := rfl
-
-end PleaseMoveTheseWhereAppropriatte
+def A_fun_balanceOf (var_ : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop := sorry
 
-def A_fun_balanceOf (var : Identifier) (var_account : Literal) (s₀ s₉ : State) : Prop :=
-  (∀ {erc20}, (IsERC20 erc20 s₀ ∧ s₀.evm.isEVMState) →
-  let account := Address.ofUInt256 var_account
-  IsERC20 erc20 s₉ ∧ preservesEvm s₀ s₉ ∧
-  s₉[var]!! = (erc20.balances.lookup account).getD 0 ∧
-  s₉.evm.hash_collision = false)
-  ∨ s₉.evm.hash_collision = true
-
-lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var var_account} :
-  Spec (fun_balanceOf_concrete_of_code.1 var var_account) s₀ s₉ →
-  Spec (A_fun_balanceOf var var_account) s₀ s₉ := by
+lemma fun_balanceOf_abs_of_concrete {s₀ s₉ : State} {var_ var_account} :
+  Spec (fun_balanceOf_concrete_of_code.1 var_ var_account) s₀ s₉ →
+  Spec (A_fun_balanceOf var_ var_account) s₀ s₉ := by
   unfold fun_balanceOf_concrete_of_code A_fun_balanceOf
-  rcases s₀ with ⟨evm, varstore⟩ | _ | _ <;> [simp only; aesop_spec; aesop_spec]
-  apply spec_eq
-  clr_funargs
-  rintro hasFuel ⟨s, mapping, code⟩
-  clr_varstore,
-
-  -- what we can get right now from mapping function
-  unfold A_mapping_index_access_mapping_address_uint256_of_address at mapping
-  clr_spec at mapping
-
-  -- Discharge the hash-colliding case immediately using `aesop_spec`.
-  rcases mapping with ⟨
-    ⟨preservesEvm, s_isOk, s_isEVMStatePreserved,
-    ⟨⟨keccak_value, keccak_using_keccak_value, hStore⟩,hHashCollision⟩⟩ | _, hHashCollision₁
-  ⟩ <;> [left; rcases s <;> aesop_spec]
-
-  intro erc20 is_erc20 s₀_isEVMState
-
-  obtain ⟨evmₛ, varstoreₛ, s_eq_ok⟩ := State_of_isOk s_isOk
-
-  have keccak : Finmap.lookup [↑↑(Address.ofUInt256 var_account), 0] s.evm.keccak_map = some (s["_2"]!!) := by
-    unfold store State.insert at hStore
-    unfold lookup!
-    aesop
-
-  rw [ ← Variables.balances_def
-    , s_eq_ok, get_evm_of_ok, ← s_eq_ok
-    ] at keccak
-
-  -- simplify contract
-  unfold reviveJump at code
-  simp [s_eq_ok] at code
-  rw [ ← State.insert_of_ok,  ← State.insert_of_ok, ← s_eq_ok ] at code
-  clr_varstore,
-
-  -- get underlying Preserved from preservesEvm
-  rw [ s_eq_ok, preservesEvm_of_insert, preservesEvm_of_insert ] at preservesEvm
-  have Preserved := Preserved_of_preservesEvm_of_Ok preservesEvm
-
-  refine' ⟨IsERC20_of_preservesEvm (by aesop) is_erc20, (by aesop), ?returns_correct_value⟩
-
-  rw [← code]
-  -- lookup balance
-  clr_varstore,
-  by_cases mem : Address.ofUInt256 var_account ∈ erc20.balances
-  · -- there is such account in balances
-    split_ands <;> [skip; aesop]
-
-    obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance mem
-
-    have address_def : s["_2"]!! = address := by
-      rw [s_eq_ok]
-      rw [← Option.some_inj]
-      trans
-      · exact Eq.symm (s_eq_ok ▸ keccak)
-      · exact (keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
-          ▸ has_address)
-
-    rw [address_def] at code ⊢
-    rw [ balance
-      , Option.getD_some
-      , State.get_evm_of_ok
-      , ← sload_eq_of_preserved Preserved
-      ]
-
-  · -- there is *no* such account in balances
-    -- so sload should return 0
-  
-    split_ands <;> [skip; aesop]
-
-    rw [ Finmap.lookup_eq_none.mpr mem
-      , Option.getD_none
-      ]
-
-    -- in order to do that it should be given storage address outside of
-    -- it's domain
-    apply sload_of_not_mem_dom
-    have := State.get_evm_of_ok ▸ is_erc20.storageDom
-    rw [ ← storage_eq_of_preserved Preserved
-      , this
-      ]
-    clear this
-    simp only [ Finset.not_mem_union, Set.mem_toFinset, Set.mem_def, setOf, not_exists, not_and ]
-    have s_erc20 : IsERC20 erc20 (Ok evmₛ _) :=
-      IsERC20_of_ok_of_Preserved Preserved is_erc20
-
-    split_ands
-    -- address not in balances
-    · intro account account_mem_balances
-      obtain ⟨address, has_address, balance⟩ := is_erc20.hasBalance account_mem_balances
-      rw [ ← keccak
-        , keccak_map_lookup_eq_of_Preserved_of_lookup
-            Preserved has_address ]
-      by_contra h
-      have : [↑↑account, ERC20Private.balances] ∈ evmₛ.keccak_map.keys := by
-        rw [Finmap.mem_keys]
-        apply Finmap.lookup_isSome.mp
-        have := get_evm_of_ok ▸ has_address
-        rw [ ← keccak_map_lookup_eq_of_Preserved_of_lookup Preserved has_address
-          , this ]
-        simp
-      have IsEVMₛ : evmₛ.isEVMState := by aesop
-      have keccak_inj := IsEVMₛ.1 this (Eq.symm h)
-
-      rw [← Fin.ofNat''_eq_cast, ← Fin.ofNat''_eq_cast] at keccak_inj
-      unfold Fin.ofNat'' at keccak_inj
-      simp at keccak_inj
-      rw [Nat.mod_eq_of_lt, Nat.mod_eq_of_lt, Fin.val_eq_val] at keccak_inj
-      rw [keccak_inj] at account_mem_balances
-      exact (mem account_mem_balances)
-      · exact Address.ofUInt256_lt_UInt256_size
-      · exact Address.val_lt_UInt256_size
-
-    -- address not in allowances
-    · intro owner spender mem_allowances
-      obtain ⟨erc_address, erc_intermediate, owner_lookup, spender_lookup, eq⟩ :=
-        is_erc20.hasAllowance mem_allowances
-      rw [get_evm_of_ok] at owner_lookup spender_lookup
-      have spender_lookup_s := keccak_map_lookup_eq_of_Preserved_of_lookup Preserved spender_lookup
-      push_neg
-      use erc_intermediate
-      rw [ ← keccak ]
-      by_contra h
-      rw [not_and'] at h
-      apply h at owner_lookup
-      exact owner_lookup
-
-      rw [spender_lookup_s]
-      by_contra h
-      have : [↑↑spender, erc_intermediate] ∈ evmₛ.keccak_map.keys := by
-        rw [Finmap.mem_keys]
-        apply Finmap.lookup_isSome.mp
-        have := Eq.trans (Eq.symm spender_lookup_s) spender_lookup
-        rw [this]
-        simp
-      have IsEVMₛ : evmₛ.isEVMState := by aesop
-      have keccak_inj := IsEVMₛ.1 this h
-      simp at keccak_inj
-      have intermediate_ne_balances : erc_intermediate ≠ ERC20Private.balances := by
-        obtain blocked_range := get_evm_of_ok ▸ is_erc20.block_acc_range.2.1
-        rw [owner_lookup] at blocked_range
-        unfold not_mem_private at blocked_range
-        simp at blocked_range
-        rw [← Finset.forall_mem_not_eq] at blocked_range
-        have bal_mem_private: ERC20Private.balances ∈ ERC20Private.toFinset := by
-          unfold PrivateAddresses.toFinset
-          simp
-        specialize blocked_range ERC20Private.balances
-        exact blocked_range bal_mem_private
-
-      tauto
-    -- address not in reserved space
-    · -- NOTE: Technically can be a one liner with a bit more infrastructure for keccak.
-      -- QUESTION: I don't think it's worth revisiting post-haste; or is it?
-      have blocked_range := keccak ▸ get_evm_of_ok ▸ s_erc20.block_acc_range.1
-      exact not_mem_private_of_some blocked_range
+  sorry
 
 end
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance.lean
index 8dd3d3b..6b9232c 100644
--- a/Generated/erc20shim/ERC20Shim/fun_spendAllowance.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance.lean
@@ -1,7 +1,7 @@
 import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.fun_allowance
-import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110
 import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
 import Generated.erc20shim.ERC20Shim.fun__approve
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean
index 3e7e920..9fc9926 100644
--- a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_gen.lean
@@ -1,7 +1,7 @@
 import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.fun_allowance
-import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110
 import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
 import Generated.erc20shim.ERC20Shim.fun__approve
 
@@ -18,30 +18,31 @@ def fun_spendAllowance : FunctionDefinition := <f
 {
     let var_currentAllowance := fun_allowance(var_owner, var_spender)
     let _1 := not(0)
-    let _2 := lt(var_currentAllowance, _1)
-    if _2 
+    let _2 := eq(var_currentAllowance, _1)
+    let _3 := iszero(_2)
+    if _3 
     {
-        let _3 := lt(var_currentAllowance, var_value)
-        if _3 
+        let _4 := lt(var_currentAllowance, var_value)
+        if _4 
         {
             let expr := var_spender
             let expr_1 := var_currentAllowance
             let expr_2 := var_value
-            let _4 := 64
-            let _5 := mload(_4)
-            let _6 := shl(225, 2110234841)
-            mstore(_5, _6)
-            let _7 := 4
-            let _8 := add(_5, _7)
-            let _9 := abi_encode_address_uint256_uint256(_8, var_spender, var_currentAllowance, var_value)
-            let _10 := sub(_9, _5)
-            revert(_5, _10)
+            let _5 := 64
+            let _6 := mload(_5)
+            let _7 := shl(225, 2110234841)
+            mstore(_6, _7)
+            let _8 := 4
+            let _9 := add(_6, _8)
+            let _10 := abi_encode_address_uint256_uint256(_9, var_spender, var_currentAllowance, var_value)
+            let _11 := sub(_10, _6)
+            revert(_6, _11)
         }
         let expr_3 := var_owner
         let expr_4 := var_spender
-        let _11 := 0
-        let _12 := sub(var_currentAllowance, var_value)
-        fun__approve(var_owner, var_spender, _12, _11)
+        let _12 := 0
+        let _13 := sub(var_currentAllowance, var_value)
+        fun__approve(var_owner, var_spender, _13, _12)
     }
 }
     
@@ -106,13 +107,18 @@ def fun_spendAllowance_concrete_of_code
   
   rw [cons]; simp only [LetPrimCall', AssignPrimCall']
   (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
-  rw [EVMLt']
+  rw [EVMEq']
+  try simp
+  
+  rw [cons]; simp only [LetPrimCall', AssignPrimCall']
+  (try (simp only [Fin.isValue])); (try (rw [List.foldr_cons])); (try (rw [List.foldr_nil])); simp [evalArgs, head', reverse', multifill', PrimCall', Lit', Var', execPrimCall, evalPrimCall]; (try (rewrite [List.foldr_nil]))
+  rw [EVMIszero']
   try simp
   
   -- abstraction offsetting
   rw [cons]
   generalize hxs : Block _ = xs
-  abstract if_8475192588736690919_abs_of_code if_8475192588736690919 with ss hs
+  abstract if_5327145078839977110_abs_of_code if_5327145078839977110 with ss hs
   try rw [← hs₁, hok] at hs
   intros h
   try intros h'
diff --git a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
index 91263a9..f5dfb21 100644
--- a/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_spendAllowance_user.lean
@@ -1,7 +1,7 @@
 import Clear.ReasoningPrinciple
 
 import Generated.erc20shim.ERC20Shim.fun_allowance
-import Generated.erc20shim.ERC20Shim.Common.if_8475192588736690919
+import Generated.erc20shim.ERC20Shim.Common.if_5327145078839977110
 import Generated.erc20shim.ERC20Shim.abi_encode_address_uint256_uint256
 import Generated.erc20shim.ERC20Shim.fun__approve
 
diff --git a/Generated/erc20shim/ERC20Shim/fun_totalSupply.lean b/Generated/erc20shim/ERC20Shim/fun_totalSupply.lean
index 817f796..549229b 100644
--- a/Generated/erc20shim/ERC20Shim/fun_totalSupply.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_totalSupply.lean
@@ -12,9 +12,9 @@ section
 
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
-lemma fun_totalSupply_abs_of_code {s₀ s₉ : State} {var_ } {fuel : Nat} :
-  execCall fuel fun_totalSupply [var_] (s₀, []) = s₉ →
-  Spec (A_fun_totalSupply var_ ) s₀ s₉
+lemma fun_totalSupply_abs_of_code {s₀ s₉ : State} {var } {fuel : Nat} :
+  execCall fuel fun_totalSupply [var] (s₀, []) = s₉ →
+  Spec (A_fun_totalSupply var ) s₀ s₉
 := λ h ↦ fun_totalSupply_abs_of_concrete (fun_totalSupply_concrete_of_code.2 h)
 
 end
diff --git a/Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean b/Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean
index 9e6a199..3e9c34a 100644
--- a/Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean
+++ b/Generated/erc20shim/ERC20Shim/fun_totalSupply_gen.lean
@@ -9,11 +9,11 @@ section
 open Clear EVMState Ast Expr Stmt FunctionDefinition State Interpreter ExecLemmas OutOfFuelLemmas Abstraction YulNotation PrimOps ReasoningPrinciple Utilities 
 
 def fun_totalSupply : FunctionDefinition := <f
-    function fun_totalSupply() -> var_
+    function fun_totalSupply() -> var
     
 {
     let _1 := 2
-    var_ := sload(_1)
+    var := sload(_1)
 }
     
 >
@@ -26,12 +26,12 @@ def fun_totalSupply_concrete_of_code
     C :
       _ → 
       State → State → Prop
-    // ∀ {s₀ s₉ : State} {var_  fuel},
-         execCall fuel fun_totalSupply [var_] (s₀, []) = s₉ →
-         Spec (C var_ ) s₀ s₉
+    // ∀ {s₀ s₉ : State} {var  fuel},
+         execCall fuel fun_totalSupply [var] (s₀, []) = s₉ →
+         Spec (C var ) s₀ s₉
   } := by
   constructor
-  intros s₀ s₉ var_  fuel
+  intros s₀ s₉ var  fuel
   unfold fun_totalSupply
 
   unfold Spec