Questions: Contract Verification (Blockchain)

Reentrancy is a high-level, logical error difficult for traditional testing to catch because it requires knowing that an external call might recursively invoke the contract. Formal methods address this by reasoning about contract semantics: when you call external code, that code can call back into your contract. Static analysis can detect reentrancy patterns; deductive verification can prove a contract is free of reentrancy by establishing an invariant that prevents loops. The DAO attack cost $50M and led to an Ethereum hard fork, motivating intense focus on contract verification.

Loop invariants are the key to reasoning about mutable state in contracts. Each operation is a loop iteration; the invariant must hold before and after. Automated tools like Certora use SMT solvers to discharge these proof obligations. If an operation violates the invariant, the SMT solver finds a counterexample — a sequence of operations that breaks the property. This same technique is used in program verification (Hoare logic) but applied to blockchain contracts where the stakes are extraordinarily high.

The contracts-locking pattern prevents reentrancy by establishing a mutex-like invariant: a critical section (funds transfer) can only execute if a state flag (locked) is false. Before the critical section, lock(); after, unlock(). Formal verification proves that the lock is always held during the critical section, preventing concurrent/reentrant execution. This is analogous to mutex verification in concurrent programs but applied to blockchain contracts. Tools like Certora verify this automatically.

This is an open research problem. Functional verification can be automated (SMT solvers, theorem provers); economic verification requires understanding rational agents and game theory. Some projects (like Formal Verification Research) are developing frameworks for specifying and verifying economic properties, but this is nascent. The insight is that even a formally verified contract can be economically broken, leading to unintended but predictable attacks.