Formal verification is a process used for verifying the correctness of smart contracts, which can help in preventing potential security issues or bugs. In this blog post, we will explore formal verification in Solidity, discussing its approaches, techniques, and examples.

What is Formal Verification?

Formal verification is the process of proving the correctness of a system or program using mathematical methods. Formal verification uses formal methods, which are mathematical techniques for specifying, designing, and verifying systems. Formal verification techniques can prove that a program satisfies a given specification, or detect errors or violations of the specification.

Approaches to Formal Verification in Solidity

There are two main approaches to formal verification in Solidity: bounded model checking and theorem proving.

1. Bounded Model Checking

Bounded model checking (BMC) is a technique used to verify the correctness of a program by analyzing its behavior for a finite number of steps. BMC verifies whether a given property holds for a program with a fixed number of execution steps. The property can be specified using a temporal logic formula or an assertion in the program.

One tool used for BMC in Solidity is the SMT-based model checker, Mythril. Mythril is an open-source tool for smart contract analysis that uses symbolic execution, taint analysis, and other techniques for analyzing smart contracts. Mythril can be used to perform various security checks, such as detecting reentrancy vulnerabilities, integer overflows, and other potential security issues.

For example, consider the following Solidity code that implements a simple voting contract:

contract Voting {
mapping(address => bool) public hasVoted;
uint public yesVotes;
uint public noVotes;
function vote(bool voteYes) public {
require(!hasVoted[msg.sender]);
if (voteYes) {
yesVotes++;
} else {
noVotes++;
}
hasVoted[msg.sender] = true;
}
}

To verify the correctness of the vote function using Mythril, we can use the following command:

$ myth analyze Voting.sol --execution-timeout 120

This command will analyze the Voting contract for 120 seconds and report any potential security issues or vulnerabilities. Mythril can detect that the vote function does not have any input validation checks and can be called with invalid inputs, which can result in an overflow or underflow of the yesVotes and noVotes variables.

2. Theorem Proving

Theorem proving is a technique used to prove the correctness of a program by constructing a mathematical proof that the program satisfies a given specification. Theorem proving involves manually constructing a proof of correctness using a formal specification language, such as Coq, Isabelle, or HOL.

One tool used for theorem proving in Solidity is the K framework. The K framework is a formal semantics framework that can be used to specify and verify programming languages. The K framework can be used to specify the semantics of Solidity and verify its programs using theorem proving techniques.

For example, consider the following Solidity code that implements a simple smart contract for adding two integers:

contract Adder {
function add(uint a, uint b) public pure returns (uint) {
uint c = a + b;
return c;
}
}

To verify the correctness of the add function using K framework, we can define a formal specification of the function using the K language. The K specification of the add function can be written as follows:

rule <k> add(a:UInt, b:UInt) => c:UInt
requires true
ensures c == a + b
</k>

This K specification defines a rule that takes two unsigned integers a and b as input and returns their sum c as output. The rule specifies that the output c is equal to the sum of the input a and b. We can use the K framework to verify the correctness of the add function by proving that the K specification of the function is satisfied.

To prove the correctness of the add function using the K framework, we can use the following command:

$ kprove add.k

This command will use the K framework to prove that the K specification of the add function is satisfied, and will return a proof if the specification is valid.

Examples of Formal Verification in Solidity

Let’s look at some examples of formal verification in Solidity using both BMC and theorem proving techniques.

Example 1: Reentrancy Vulnerability Detection using Mythril

Reentrancy is a security vulnerability that can occur in smart contracts when a function can be called multiple times before its previous execution is completed. Reentrancy can allow an attacker to manipulate the contract’s state and steal funds or assets from the contract.

To detect reentrancy vulnerabilities in Solidity, we can use Mythril’s symbolic execution engine. Mythril’s symbolic execution engine can track the execution paths of a smart contract and detect potential reentrancy vulnerabilities.

Consider the following Solidity code that implements a simple banking contract:

contract Bank {
mapping(address => uint) public balances;
function deposit() public payable {
balances[msg.sender] += msg.value;
}
function withdraw(uint amount) public {
require(amount <= balances[msg.sender]);
(bool success, ) = msg.sender.call{value: amount}("");
require(success);
balances[msg.sender] -= amount;
}
}

This contract allows users to deposit and withdraw funds from their account. To detect potential reentrancy vulnerabilities in this contract, we can use the following command:

$ myth analyze Bank.sol --execution-timeout 120 --truffle

This command will analyze the Bank contract using Mythril’s symbolic execution engine and report any potential reentrancy vulnerabilities or security issues.

Example 2: Smart Contract Verification using the K Framework

We can use the K framework to verify the correctness of smart contracts written in Solidity. The K framework can be used to specify the semantics of Solidity and verify its programs using theorem proving techniques.

Consider the following Solidity code that implements a simple voting contract:

contract Voting {
mapping(address => bool) public hasVoted;
uint public yesVotes;
uint public noVotes;
function vote(bool voteYes) public {
require(!hasVoted[msg.sender]);
if (voteYes) {
yesVotes++;
} else {
noVotes++;
}
hasVoted[msg.sender] = true;
}
}

We can use the K framework to verify the correctness of the vote function in this contract by defining a K specification of the function and proving that the specification is satisfied.

The K specification of the vote function can be written as follows:

rule <k> vote(hv:Map, yv:UInt, nv:UInt, v:Address, b:Bool) => hv':Map, yv':UInt, nv':UInt
requires !hv

This K specification defines a rule that takes four inputs: a mapping hv that represents the set of addresses that have already voted, two unsigned integers yv and nv that represent the number of “yes” and “no” votes, respectively, and a Boolean value b that represents the current voter’s vote. The rule returns three outputs: a new mapping hv' that includes the current voter’s address, and two updated unsigned integers yv' and nv' that represent the updated number of “yes” and “no” votes, respectively. The rule specifies that the output hv' includes the current voter’s address, and that the output yv' and nv' are updated based on the current voter’s vote.

We can use the K framework to prove that the K specification of the vote function is satisfied by the Solidity implementation of the function. To do this, we can use the following command:

$ kprove vote.k

This command will use the K framework to prove that the K specification of the vote function is satisfied by the Solidity implementation of the function, and will return a proof if the specification is valid.

Final Words

Formal verification is an important technique for ensuring the correctness and security of smart contracts. By using formal verification techniques such as bounded model checking and theorem proving, we can detect and prevent security vulnerabilities in smart contracts, and ensure that they behave as intended. Solidity offers various tools and frameworks that make it easier to apply formal verification techniques to smart contracts, including Mythril and the K framework. By leveraging these tools and frameworks, you can write more secure and reliable smart contracts that are less susceptible to attack.

If you found this article informative and helpful, please consider following me for more blockchain and cryptocurrency-related content. You can also subscribe to my email list to receive updates on my latest articles and projects.

New to trading? Try crypto trading bots or copy trading on best crypto exchanges

Join Coinmonks Telegram Channel and Youtube Channel get daily Crypto News