Formal Verification, The Secret To Bug Free Blockchain
Formal Verification, The Secret To Bug Free Blockchain
25 Sep
Blockchain Technology
Smart contracts are self-executing, business automation applications that run on a decentralized network such as blockchain. Smart contract controls the execution of transactions, and due to its specificity, transactions are trackable and irreversible in most cases. Once launched, smart contracts commonly can’t be stopped, or changed. So, it’s extremely important to have it entirely correct, and secure.

A Typical smart contract contains 1.5–5 thousand lines of code. Pages upon pages of complex code, all written by skillful programmers. But no matter how good the people behind the project are, humans are always prone to errors. The problem is, even a small vulnerability can result in millions of dollars lost. To put that into perspective, in the biggest DeFi heist in 2022, $615 million worth of crypto on smart contracts was lost. That’s a lot of money, but more important it’s the huge reputational losses for the project.

The programming errors are one of the biggest factors in the mistrust of blockchain technology, as people aren’t willing to lock their funds on a smart contract if that means they risk losing them. The best way to avoid human errors is to perform formal verification (FV) of the smart contract code.

The main property of FV: it makes sure the program is working as it should and not acting unexpectedly.

What is formal verification?
Formal verification is a series of math methods and technologies developed in the late 60s that aim to make sure a system works perfectly as it was intended . FV allows a more precise and reliable guarantee that both the software and/or hardware are working as it should, compared to traditional testing approaches.

In the blockchain space, formal verification is a must-have for any serious project. If launched without performing a formal verification, the smart contract may contain errors in the architecture, internal logic or show unpredictable behavior in the case of unexpected values of input variables. These could cause bugs or worst hacks that result in users losing millions or even the end of the blockchain project.

FV consists of developers’ efforts making sure that the software can run in all circumstances and formally mathematically proving its correctness. Smart contracts are supposed to work continuously, without interruptions and FV excels at ensuring they are 100% error-free (in terms of the specification).

How does Formal Verification work?
To dive deeper, correctness with the formal verification technique is obtained when behavior strictly equates to specification. The outcome of the process is called the proof, which is then verified mathematically by specific software called proof assistants.

There are a lot of ways to perform software verification, differing in strictness and how precise they are. Several approaches imply partial verification. Most FV based themselves on complex mathematical theories and computer science tools. Overall Formal Verification is an approach constantly undergoing an evolution in its methods and tools.

Why do we need Formal Verification?
Regular testing of protocols exists, however it’s not enough. With the traditional method, once the algorithm has been finished, an input is inserted via a variable that checks whether it is running as it should. However, for this method to be 100% precise, you would have to check every single input possible, which is practically impossible. For example, using this method, mathematicians would have to check all possible triangles to prove the Pythagorean theorem, spending an unthinkable amount of time. In the case of smart contracts security, to get the result near to the result of the FV process by regular testing, countless tests should be performed, a huge amount of time must be spent, and it will not grant the absolute correctness, since it is impossible to test every possible value.

The standard testing method suffices for smaller projects, but certainly not for smart contracts. It only scratches the surface checking for the presence of errors and not the absence of them as does Formal Verification.

As Edsger Dijkstra said “Program testing can be used to show the presence of bugs, but never to show their absence!”

Formal Verification steps
  • Create a formal specification.
The first step is to precisely specify what the software has to do. The formal specification is generally done by a software engineer. The formal specification has to be flawless as the rest of the FV process will be based on this first step.
  • Verify the model
Now that you have the formal specification, it has to be proven to work. The mathematical theorems used have to go above and beyond the single input verification of the standard method. Performing formal verification is available due to the special software named proof assistants.
  • Build the software
Once the model’s logic is verified with mathematical proof, developers should build the software with the needed specifications. The programming languages used are Haskell, ML, or F# as they are the best for algebra. However the FV methods may be applied to imperative programming languages as well, such as C or Solidity.

What tools are essential for Formal Verification?
High skills in mathematics and computer science are needed to run Formal Verification. However, there are tools available to make the whole process easier and less time-consuming. Some of the proof assistants and model checkers include Coq, Mizar, Isabelle, HOL4, Lean, Arend, Agda, NuPRL. This software allows performing FV and creating trustworthy, reliable programs.

It might sound pompous, but formal verification does appear to be a viable solution that can eliminate the chaos in the blockchain world. Performing a security audit based on formal verification is the best way to prove that smart contracts are vulnerability-free.

Where Formal Verification Excels at
The result of the Formal Verification process (the proof) does not need to be read by developers enough. Formal Verification by definition bases itself on mathematical and scientific methods, meaning that the results yielded are also foolproof. With a manual check, there’s always a risk of human error as well as uncertainty. Formal verification, by using all possible variable inputs, provides irrefutable proof that the smart contract is running as it should.

Formal Verification can be run on most programming languages used for smart contracts: Solidity, Michelson, Plutus, Rust and many more.

The downside of Formal Verification
The main downside of Formal Verification is the complicated process. Engineers will still have to manually check hundreds of lines of code to write the specification. This process is inevitably very time-consuming and requires a lot of knowledge in programming and formal verification.

Conclusion
Blockchain is an extremely promising technology, which can be applied to many aspects of life in the future, with projects coming up with new and exciting innovations. However, a lot of issues remain concerning bugs and hacks. Millions upon millions are lost every year due to human errors. It’s almost a weekly occurrence reading about hackers stealing millions worth of users’ funds by finding an exploit in the protocol’s code.

Blockchain technology has brought about a new era of decentralized and trustless systems. However, it is essential to ensure the security and correctness of smart contracts, which are a potential weak point in blockchain security. Formal verification is a powerful technique for verifying the correctness of computer programs, including smart contracts. By providing a rigorous and systematic method for verifying smart contract correctness, formal verification can help to prevent errors, bugs, and hacks, and ensure the security of the blockchain platform.

Unfortunately, these issues come with a hefty price. A major factor in stopping blockchain technology adoption is the lack of trust in society. Which is largely due to the hacks and bugs we mentioned.

Human errors are inevitable when it comes to programming, but Formal Verification can make sure engineers find them in time to fix them before releasing a project. For the blockchain industry to grow and achieve the adoption it deserves, businesses have to adopt Formal Verification methods.


Smart contracts are self-executing, business automation applications that run on a decentralized network such as blockchain. Smart contract controls the execution of transactions, and due to its specificity, transactions are trackable and irreversible in most cases. Once launched, smart contracts commonly can’t be stopped, or changed. So, it’s extremely important to have it entirely correct, and secure.

A Typical smart contract contains 1.5–5 thousand lines of code. Pages upon pages of complex code, all written by skillful programmers. But no matter how good the people behind the project are, humans are always prone to errors. The problem is, even a small vulnerability can result in millions of dollars lost. To put that into perspective, in the biggest DeFi heist in 2022, $615 million worth of crypto on smart contracts was lost. That’s a lot of money, but more important it’s the huge reputational losses for the project.

The programming errors are one of the biggest factors in the mistrust of blockchain technology, as people aren’t willing to lock their funds on a smart contract if that means they risk losing them. The best way to avoid human errors is to perform formal verification (FV) of the smart contract code.

The main property of FV: it makes sure the program is working as it should and not acting unexpectedly.

What is formal verification?
Formal verification is a series of math methods and technologies developed in the late 60s that aim to make sure a system works perfectly as it was intended . FV allows a more precise and reliable guarantee that both the software and/or hardware are working as it should, compared to traditional testing approaches.

In the blockchain space, formal verification is a must-have for any serious project. If launched without performing a formal verification, the smart contract may contain errors in the architecture, internal logic or show unpredictable behavior in the case of unexpected values of input variables. These could cause bugs or worst hacks that result in users losing millions or even the end of the blockchain project.

FV consists of developers’ efforts making sure that the software can run in all circumstances and formally mathematically proving its correctness. Smart contracts are supposed to work continuously, without interruptions and FV excels at ensuring they are 100% error-free (in terms of the specification).

How does Formal Verification work?
To dive deeper, correctness with the formal verification technique is obtained when behavior strictly equates to specification. The outcome of the process is called the proof, which is then verified mathematically by specific software called proof assistants.

There are a lot of ways to perform software verification, differing in strictness and how precise they are. Several approaches imply partial verification. Most FV based themselves on complex mathematical theories and computer science tools. Overall Formal Verification is an approach constantly undergoing an evolution in its methods and tools.

Why do we need Formal Verification?
Regular testing of protocols exists, however it’s not enough. With the traditional method, once the algorithm has been finished, an input is inserted via a variable that checks whether it is running as it should. However, for this method to be 100% precise, you would have to check every single input possible, which is practically impossible. For example, using this method, mathematicians would have to check all possible triangles to prove the Pythagorean theorem, spending an unthinkable amount of time. In the case of smart contracts security, to get the result near to the result of the FV process by regular testing, countless tests should be performed, a huge amount of time must be spent, and it will not grant the absolute correctness, since it is impossible to test every possible value.

The standard testing method suffices for smaller projects, but certainly not for smart contracts. It only scratches the surface checking for the presence of errors and not the absence of them as does Formal Verification.

As Edsger Dijkstra said “Program testing can be used to show the presence of bugs, but never to show their absence!”

Formal Verification steps
  • Create a formal specification.
The first step is to precisely specify what the software has to do. The formal specification is generally done by a software engineer. The formal specification has to be flawless as the rest of the FV process will be based on this first step.
  • Verify the model
Now that you have the formal specification, it has to be proven to work. The mathematical theorems used have to go above and beyond the single input verification of the standard method. Performing formal verification is available due to the special software named proof assistants.
  • Build the software
Once the model’s logic is verified with mathematical proof, developers should build the software with the needed specifications. The programming languages used are Haskell, ML, or F# as they are the best for algebra. However the FV methods may be applied to imperative programming languages as well, such as C or Solidity.

What tools are essential for Formal Verification?
High skills in mathematics and computer science are needed to run Formal Verification. However, there are tools available to make the whole process easier and less time-consuming. Some of the proof assistants and model checkers include Coq, Mizar, Isabelle, HOL4, Lean, Arend, Agda, NuPRL. This software allows performing FV and creating trustworthy, reliable programs.

It might sound pompous, but formal verification does appear to be a viable solution that can eliminate the chaos in the blockchain world. Performing a security audit based on formal verification is the best way to prove that smart contracts are vulnerability-free.

Where Formal Verification Excels at
The result of the Formal Verification process (the proof) does not need to be read by developers enough. Formal Verification by definition bases itself on mathematical and scientific methods, meaning that the results yielded are also foolproof. With a manual check, there’s always a risk of human error as well as uncertainty. Formal verification, by using all possible variable inputs, provides irrefutable proof that the smart contract is running as it should.

Formal Verification can be run on most programming languages used for smart contracts: Solidity, Michelson, Plutus, Rust and many more.

The downside of Formal Verification
The main downside of Formal Verification is the complicated process. Engineers will still have to manually check hundreds of lines of code to write the specification. This process is inevitably very time-consuming and requires a lot of knowledge in programming and formal verification.

Conclusion
Blockchain is an extremely promising technology, which can be applied to many aspects of life in the future, with projects coming up with new and exciting innovations. However, a lot of issues remain concerning bugs and hacks. Millions upon millions are lost every year due to human errors. It’s almost a weekly occurrence reading about hackers stealing millions worth of users’ funds by finding an exploit in the protocol’s code.

Blockchain technology has brought about a new era of decentralized and trustless systems. However, it is essential to ensure the security and correctness of smart contracts, which are a potential weak point in blockchain security. Formal verification is a powerful technique for verifying the correctness of computer programs, including smart contracts. By providing a rigorous and systematic method for verifying smart contract correctness, formal verification can help to prevent errors, bugs, and hacks, and ensure the security of the blockchain platform.

Unfortunately, these issues come with a hefty price. A major factor in stopping blockchain technology adoption is the lack of trust in society. Which is largely due to the hacks and bugs we mentioned.

Human errors are inevitable when it comes to programming, but Formal Verification can make sure engineers find them in time to fix them before releasing a project. For the blockchain industry to grow and achieve the adoption it deserves, businesses have to adopt Formal Verification methods.

Interested in unprecedented security of your smart contracts?
Inquire us for the details and we’ll make it worth your time