I’m becoming a formal verification engineer at Ethereum. My rationale: formal verification is a viable profession only in a few unique scenarios where
- the verification objective adheres to brief, straightforward regulations (EVM);
- the objective possesses substantial worth (Eth and other tokens);
- the objective is complex enough to ensure accuracy (any nontrivial program);
- and the community recognizes that it’s crucial to achieve correctness (perhaps).
My previous position as a formal verification engineer equipped me for this undertaking. Furthermore, within the Ethereum ecosystem, I’ve been engaged in two projects: an online tool known as Dr. Y’s Ethereum Contract Analyzer and a GitHub repository containing Coq proofs. These initiatives represent the two extremes of a spectrum ranging from an automatic analyzer to manual proof development.
In light of the overall influence on the entire ecosystem, I’m drawn to an automated analyzer embedded within a compiler. Numerous individuals would utilize it, and some would heed its warnings. Conversely, since any unexpected behavior might be categorized as a bug, all surprises should be eliminated, yet computers cannot perceive human anticipations. To convey human expectations to machines, some manual intervention is essential. Contract developers must articulate the contract in a machine-interpretable format and provide indications to the machines regarding how the implementation corresponds to the specifications (often the machine demands increasingly clearer hints until the human identifies a bug, frequently within the specifications). This is labor-intensive, but such manual initiatives are warranted when a contract is designed to handle millions of dollars.
Having a dedicated individual for formal methods not only enhances our capacity to progress swiftly in this critical yet rewarding domain, but it also hopefully facilitates improved communication with academic circles to unite the various distinct projects that have emerged in recent weeks.
Here are several initiatives we aspire to address in the future, most of which will likely be pursued in collaboration with other teams.
Solidity:
- extending the translation from Solidity to Why3 to encompass the complete Solidity language (potentially switching to F*)
- formal specification of Solidity
- syntax and semantics of modal logics aimed at reasoning about multiple stakeholders
Community:
- creating a directory of formal verification projects on Ethereum
- gathering buggy Solidity codes for benchmarking automatic analyzers
- examining deployed contracts on the blockchain for vulnerabilities (related: OYENTE tool)
Tools:
- offer a human- and machine-readable formalization of the EVM that is also executable
- developing formally verified libraries in EVM bytecode or Solidity
- creating a formally verified compiler for a minimal language
- investigating the possibilities for interaction-oriented languages (“if X occurs then execute Y; you may only perform Z if you completed A”)
