EthCluj - Formal Verification and Symbolic Execution

How to increase smart contract security

By Raoul Schaffranek
Posted on May 6, 2024

Elevating Smart Contract Security with Symbolic Execution and Formal Verification

In a recent workshop hosted by EthClub, my colleague André and I showcased two flagship tools developed at Runtime Verification: Simbolik and Kontrol. These tools leverage symbolic execution and formal verification to improve smart contract security, enabling developers and auditors to address vulnerabilities more systematically.

Key Takeaways:

  1. Symbolic Execution Made Accessible
    Simbolik, our Solidity debugger, introduces accessible symbolic execution to the Ethereum ecosystem. By combining traditional debugging techniques with symbolic execution, it allows developers to inspect variables, navigate call stacks, and explore all possible execution paths. This approach simplifies identifying edge cases and vulnerabilities.

    • Core Feature: Abstracting state spaces to reduce infinite possibilities into manageable representations.
    • Time Travel Debugging: Developers can step forward and backward in their code, as well as explore alternative execution paths.

  2. Formal Verification with Kontrol
    André introduced Kontrol, a symbolic testing and formal verification tool designed to work seamlessly with Foundry test cases. Kontrol enables the proof of correctness for smart contract behavior by generating symbolic test cases and verifying them against specifications.

    • Integration with Foundry: Developers can reuse existing fuzzing tests as symbolic tests, simplifying adoption.
    • Handling Complexity: Kontrol addresses challenging scenarios like loops and dynamic types using techniques like loop invariants and bounded symbolic execution.
  3. Practical Use Cases
    • Symbolic Debugging: Ideal for security auditors and developers optimizing gas usage or debugging critical code paths.
    • Formal Verification: Essential for high-stakes applications, such as protocols handling significant assets or complex logic.
  4. Key Challenges and Future Improvements
    • Enhancing the user interface for better clarity in symbolic expressions.
    • Expanding support for debugging dynamic types and handling loop invariants.
    • Integrating Kontrol into CI/CD pipelines for seamless pre-release verification.

Why Use These Tools?

While fuzzing remains a fast and effective testing method, symbolic execution and formal verification provide unparalleled confidence by systematically exploring all execution paths. Combining these techniques enables a robust development and security workflow, especially for mission-critical systems.

You can explore Simbolik through our public demo and learn more about Kontrol in our documentation.

Watch the full workshop recording here:

We’re excited to collaborate with the community to refine these tools further—try them out, and let us know your thoughts!

Tags: Conference Talk Formal Verification Symbolic Execution Debugging Solidity EVM
Share: Twitter LinkedIn