invariant tests

[spengrah]

Running list of HSG invariants:

• the safe threshold should always be equal to lesser of the correct threshold and the current number of safe owners
• HSG should always be the guard of the safe (except when removing itself)
• HSG should always be enabled as a module of the safe (except when removing itself)
• There should never be more than 1 module enabled on the safe
• No multisig transactions can be executed when the number of static signers is less than the min threshold
• No multisig transactions can be executed when the number of static signers is less than the "enforced threshold"
• No multisig transactions can be executed when the number of valid signers is less than the "enforced threshold"
• Modules should never be able to change any values in Safe storage
• The safe can never change its own number of static signers
• The safe can never change its own threshold

---

Notes:

• the "enforced threshold" is the min number of valid signers that approve a transaction. It can differ from the safe threshold when one or more of the static signers are not valid.

[spengrah]

Useful foundry tool for verifying that no state has been changed for a given contract

function testNoStorageChanges() public {
    // Start recording storage accesses
    vm.record();

    // Perform the operation you're testing
    contract.someFunction();

    // Get the storage accesses
    (bytes32[] memory reads, bytes32[] memory writes) = vm.accesses(address(contract));

    // Assert that no storage writes occurred
    assertEq(writes.length, 0, "Storage was modified unexpectedly");
}