The Need for Formal Verification

When smart contract code is deployed onto a blockchain, it can be used to power sophisticated, synchronous processing across many machines on a network, ultimately leading to substantial inter-party automation. Before the advent of blockchain technology, processes had to be independently built by each party on a network, which has led to high and redundant operational costs, both from the duplication of development across firms, as well as from the resulting breaks and required reconciliations. In a blockchain network, where each party is executing the same code in the same deterministic environment, those costly disagreements can be eliminated, but this can also amplify the effect that an error in the single implementation of a process has on all parties who depend on shared software. In order to capture the benefits of blockchain technology’s synchronicity and cross-system automation, while also minimizing risk of such errors, extra precautions to ensure smart contracts are error-free can be extremely valuable.

We have seen firsthand the difficulties of building enterprise-grade applications with existing smart contract programming languages, and we’re not alone: Over the past two years, more than $500mm has been stolen or lost due to faulty smart contracts on the public Ethereum network, and recent research has found 34,200 contracts with similar existing vulnerabilities. This is due, at least in part, to limitations in Solidity, the dominant language used to write Ethereum smart contracts. One manifestation of those limitations is the inability to use techniques like formal verification to prove the correctness of smart contract code prior to deploying the contracts on the live network.

Formal verification is a rigorous mathematical method used to prove the correctness of computer programs. Historically, this methodology has been used to fortify software and hardware logic in military systems, transportation infrastructure, cryptography and microprocessors. More recently there is increased awareness of the benefits of formal verification for smart contract code.