Instead of using if blocks to postulate a lower bound for VGas, need to construct complex and precise minimum gas bounds for each success behaviour and place them in iff blocks. Otherwise the success and failure behaviour checks are not exhaustive (because gas is available to the program at execution time).

We could just generate a third reachability rule out of an act which is specified to end with OOG. Still would be hard to make completely exhaustive. I think working with ensures makes sense here as well. It certainly will help in applying lemmas / imported rules