8. Process of formal verification

Formally verifying smart contracts to find security and functional correctness flaws seems like a non-trivial exercise (runtime verification commercializes it). Would it be true if we said that by running Solidity smart contracts on KEVM or IELE (correct by construction virtual machines) there are still no guarantees about the correctness of the contract unless it went to some type of formal verification process? In what other aspects would it be more secure or have better assurance than running it on the EVM?

KEVM removes some ambiguity in the yellow paper of Ethereum and less likely to have any bugs so it is safer in that regard.

IELE removes some dangerous constructs that were present in the EVM so it should remove a lot of common bugs (like integer overflow, calling library contracts, etc).

However, it is true that in general you will need extra work to verify your smart contract. Even if you don’t want to spend the time/money verifying your own smart contract, you can still benefit by complying to known standards that are verified. For example, you could run your contract against the formal specification of an ERC-20 smart contract.