Gregory Makodzeba

In this blog post, we'd like to share how we build formal verification and fuzzing tools, highlight some of the projects we've developed—such as Kontrol, Kasmer, and Komet — and delve into what it takes to create a tool for formal semantics. Our goal is to provide insights for teams interested in using and developing similar tools for their smart contract languages or ecosystems.


blog11.png

Runtime Verification

How We Build Formal Verification and Fuzzing Tools: <br> Bridging the Gap Between Developers and Advanced Security Tooling with the K Framework

Over the last 6 weeks, Runtime Verification and Term Finance have worked together to formally verify a series of properties that play a key role in the Term Finance’s Tokenized Strategy Protocol.

Term.png

Term Labs

Kontrol and Term Finance: Formal Verification Success Story Working with Bounded Loops

We are pleased to announce our recently completed work with Optimism and Kontrol integration into their CI. Having Kontrol as part of Optimism’s CI produces proof of correctness for critical properties of the code as it evolves.

Opt.kontrol.png

optimism

Kontrol Integrated Verification of the Optimism Pausability Mechanism

Raoul Schaffranek

On April 14th, Andrej Vacaru and Raoul Schaffranek from Runtime Verification were privileged to lead an online workshop hosted by the EthCluj community. We are sincerely grateful for this opportunity, which allowed us to share our passion for innovative software verification tools with an engaged audience.


ethcluj.png

Runtime Verification Hosts EthCluj Workshop on Formal Methods

Yale Vinson

Palina Tolmach

Recently you may have heard about our new tool Kontrol, but are still uncertain about what it is or how it might benefit your project’s security. This blog post addresses those concerns by explaining the blockchain security lifecycle, how it differs from traditional software security, and the role that Kontrol plays in ensuring that your application is as secure as possible.

kontrol 101.png

Kontrol 101

ERCx

Runtime Verification and Certora partnered to compare and evaluate a set of testing tools for DeFi applications. In Part 1 of this blog post, we introduced the testing tools. In Part 2, we focus on the bug-detection capabilities of these tools. Specifically, we evaluate and compare them against each other by using mutation testing using Gambit.


testing erc20 part 2.png

Testing ERC-20 Tokens Part 2: Advancing Benchmarking with Mutation Testing

Runtime Verification & Certora

Runtime Verification and Certora partnered to analyze a set of tools for detecting bugs in ERC-20 token contracts. In this series of two blog posts, we dive into the tools for detecting bugs in ERC-20 smart contracts.

testing erc20 token.png

Testing ERC-20 Tokens Part 1:  An Arsenal for Bug Detection 

How confident can we be in the behavior of the contracts? Do they follow the standards as required? With the permissionless nature of blockchains, anyone can write and deploy smart contracts in blockchain ecosystems. Thus, it is important to check that they conform to the standard requirements as stated in their respective ERC standard. 

Non-audit banners.png

Is my ERC-4626 vault token up to the standard? 

ERCx can be used to check for a contract's security and reusability, but it can also help you develop your own contract that inherits desirable behaviors. In that respect, ERCx favors composability and ensures assumptions are correct.


We Love Formal Methods

Categories