Make critical systems
measurably credible
We provide cybersecurity solutions that are based on a deductive formal verification technology stack, empowered by in-depth scientific research.


We support systems with Solidity and Rust smart contracts
EVM, TVM and MultiversX VM


We provide secure Development of smart contracts, Audit, Formal specification and Deductive formal verification to ensure credibility and security of critical systems for either simple or complex multi-contract asynchronous systems.
Formal specification for TON Virtual Machine Assembler
Created formal specification for TVM Assembler. While it’s not a smart contract, but rather part of the node, its intention is to convert a stream of primitives with parameters into a cell that can be loaded into a TVM machine.
Deductive formal verification - Multisig
smart contract
Solidity smart contract - an Everscale cryptocurrency wallet that can require multiple signatures to make any payment. The list of eligible “custodians” as well as a number of signatures required can be altered as a separate action or by upgrading the full contract code. Both actions are allowed by the approval of the strong majority of custodians.
We designed business-level specification, described user scenarios and performed formal full deductive formal verification, uncovering several critical exploits overlooked by a series of common audits.
Result: advised on the rework of smart contract and completed formal verification, so now the system can be considered 100% predictable.
Formal verification
A formal verification (as an advanced form of an audit that dramatically decreases chance for important bugs) for smart contracts of Molecula project, as well as a traditional audit for web application of Molecula project
Formal verification for Hipo project
(Wallet contract)
a formal verification (as an advanced form of an audit that dramatically
decreases chance for important bugs, in a light form known as quickchicks) for Wallet smart contracts of Hipo project ( )
Deductive formal verification - Vesting smart contract system
Vesting system distributes a predefined amount of tokens to the recipient, splitting the amount into a set of monthly uniform tranches.
We designed a formal specification and proved all the properties of the system of smart contracts, so it is considered as 100% predictable, successfully deployed and no bugs or exploits were encountered since.

System of two solidity smart contracts: validator and elector and a web application. Successfully developed and deployed on blockchain
Development of auction smart contract
Free TON
Development of Solidity smart contract. This versatile system can handle a wide variety of auction types and also implement other scenarios like a cascaded auction. All the auctions are thoroughly tested and accompanied by the depots that allow to deal with auctions in the interactive mode. Implemented types of auctions: English, English first price, English reverse, First price reverse, Dutch straight, Dutch reverse
The Dune to Free TON merger smart contract system manages the configuration of the merge (in particular, the list of users (relays / oracles) that can confirm transactions that replicate Dune orders on the Free TON side. It also deploys UserSwap contracts upon eligible relays’ requests, accepts and sends tokens to UserSwaps. In this audit we uncovered several issues and advised on improvements and corrections.

Formal specification design
Detailed functional specification of the FLEX - decentralized stock exchange with Depth of Market. The created specification is supposed to be turned into a formal specification and later used for the formal verification of the product.
Perform an audit of the central smart contracts (DEXClient, DEXConnector, DEXPair, DEXRoot RootTokenContract, TONTokenWallet ) in the DEX solution developed by Radiance.
Report provides the findings about the current version of True NFT smart contract jointly developed by RSquad and TonLabs.
An audit of the Solidity smart contracts developed as a part of a decentralized token exchange (DEX).
Everscalend Functional Specification
Development of detailed functional specification of the Everscalend - decentralized lending system.
Tokenomics audit
Development of formal specification and deductive verification of DePool
Free TON


We research formal methods and other applied mathematics to develop Ursus Tech Stack and
Formal Specification tools
Automation of formal verification tested with benchmarks project
Ethereum foundation
Performed trials of Ethereum Foundation's Benchmarks Project: optimized the process of deductive formal verification with Ursus meta language. Integrated our process into ETH benchmarks pipeline, including pre-generation and launching tools on generation artifacts, making it possible to measure time of execution and to compare our approach with other solutions. Since that moment the manual efforts we spent for formal proof can be reduced to one line proof in many cases.
During the MultiversX hackathon in October 2023 we’ve successfully added support for the Rust language to Ursus online translator, providing capabilities of our deductive formal verification toolkit to the Rust developers community. And demonstrated results, automatically translated MVX Adder smart contract from Rust into Ursus.

In this showcase of our formal verification approach we proved properties   MVX Crowdfunding smart contract.

1. Translated smart contract into Ursus. (screen 1)
2. Formulated smart contract's properties in Coq (screen 2)
3. Proved them (screen 3) - we’re on the way to improving proof automation for Rust.

Result: this is a complex Rust smart contract which passed deductive formal verification. So now we are open to cooperation in formal verification and cybersecurity with teams building with Rust and MultiversX in particular.
We've added Rust support to our translation tool to provide our security and development services to MultiversX ecosystem.
Grant for Ursus design
Full-stack ecosystem for Everscale smart-contract verification
● Based on Coq custom grammar support
● Supports Solidity and C++
● Can be used as an independent language for smart-contract
● Supports fast proofs with QuickChick
● Full fledged deductive verification in Coq
Grant for development of Solidity->Ursus translation
There is a task of verifying smart contracts for solidity.
For this goal, Coq is used, in which smart contracts are described in a special Ursus language, therefore, in order to verify a specific smart contract, it is necessary to describe it in Ursus. This process requires a lot of manual labor and special skills, and there is a human error factor. For this purpose, a translation system is being created and developed.
Implemented TVM Solidity syntax highlighting for VS Code

Automated formal proof in several clicks
For Rust and Solidity smart contracts
Create math model of smart contract in minutes using
Ursus Online constructor
  • Debug with graphical display of transactions
  • Supports: Gosh, Everscale, Venom
May 2019
The inception of the Ursus idea as a tool of verifying smart contracts based on the Coq DSL
Aug 2019
Initiated development of the base lib for contract verification.
Nov 2019
Development of monadic representation of contracts, first contract ongoing verification (Multisig in TON)
May 2020
Created TVM assembler modeling in Coq
Nov 2020
Developed Ursus v1
Jun 2022
Developed exec generator
Feb 2022
Started randomized testing development
Nov 2022
Seed investment round, private equity
Dec 2022
Partnership with
Dec 2023
Ursus v32 - last major version
Sep 2023
Rust support added
Oct 2023
Multiversx collaboration
Jan 2024

ETH benchmarks completed.

Formalization and verification of social choice theory (Voting).
Mar 2024
Significant optimization of exec generator (up to 10,000,000 times faster)
Apr 2024
Formal verification of Voting protocols with Gosh and Jocelyn DAO presentation
May 2024
Support for TRON smart contracts
Jun 2024
FunC (TON smart contracts language) early support.
Jul 2024
Commencement of AI proof goals research
Aug 2024 plans
Open beta of Graphical collaborative Formal Specification tool.
Ursus-scrypt release.
Support for semiautomated verification of loops in Ursus Online.
Dec 2024 plans
Implementation of AI verification goal classifier.
Second major version for specification language.
Ursus online beta.

If you have any questions, join our Discord.
We're always open for discussion.
Where is Pruvendo legally incorporated?
Pruvendo-FZCO is incorporated in Dubai, UAE.
Do you focused on Web3 security only?
We are a technology company and our major focus is on Formal Methods R&D. We believe it's possible to make formal verification tools and services usable for the wider community of software developers (as for now FV is popular mostly in SoC design).

Smart contracts are relatively small programs and in the current state of formal verification of software technology stack it is the best test site for making R&D economically viable.
So you create tools for formal verification?
We develop a toolkit for software development and verification. It consists of Formal specification tools, Formal verification tools and QA tools.
Does Pruvendo toolkit suitable for smart contracts only?
For now, we support only Solidity and Rust languages. Our formal verification approach doesn't rely on VM, so we can potentially support most strongly typed languages without direct memory access in the future. So we hope to create a robust toolkit suitable for deductive formal verification of most software.
What are the main obstacles for wide spread of formal verification?
Agile (iterative direct to market prototyping) methodologies of software development. In the current state of technology, formal verification is a great approach only if the product or system has strict specification. Otherwise, it's not viable, especially in a continuous development approach.

So our long-term goal is to make formal verification tools helpful even in cases of continuous product changes.
Which chains do you support for development of smart contracts?
We're not chain-binded and can quickly support any blockchain with Solidity or Rust smart contracts (other languages will require us to add support to our Ursus Online translator first, so it will take + 1 or two months to prepare for the project development/verification).
How about web2 security?
Members of our team have in-depth expertise in traditional cybersecurity, we're open for a discussion in our Discord