// GLOSSARY -- SECURITY & COMPLIANCE

What is Formal Verification?

1 min read Updated

Formal verification is the mathematical proof that a smart contract's code correctly implements its specification — providing the highest level of assurance that code behaves as intended under all possible conditions.

WHY IT MATTERS

While audits are expert review, formal verification is mathematical proof. Using tools like Certora Prover, developers write specifications (invariants and properties) and the tool mathematically proves the code satisfies them — or provides counterexamples showing where it doesn't.

Formal verification can prove statements like: 'total deposits always equal total withdrawals plus current balance' or 'no user can withdraw more than they deposited.' These proofs hold for ALL possible inputs and states, not just tested ones.

The limitation: formal verification proves code matches specification. If the specification is wrong, the verification is meaningless. It also can't catch economic/game-theoretic attacks that aren't expressible in the formal model.

FREQUENTLY ASKED QUESTIONS

Is formal verification better than auditing?
They're complementary. Formal verification proves specific properties mathematically. Auditing catches a broader range of issues including those not formally specified. The best protocols use both.
What tools are used?
Certora Prover (industry standard), Halmos (symbolic execution), K Framework, and TLA+. Each works differently but all attempt to prove properties of smart contract behavior.
Is formal verification practical?
Increasingly, yes. Tools have improved significantly. Major protocols (Aave, Compound, MakerDAO) use formal verification for critical components. It adds development time but provides strong guarantees.

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.