Liquid Stake with compassSOL for an 7.50% APY from staking, MEV + fees

Enjoy the freedom of liquid staking in Solana Defi while delegating your stake to the high performance Solana Compass validator. Stake or unstake at any time here, or with a Jupiter swap.

Benefit from our high staking returns and over 2 years experience operating a Solana validator, and receive additional yield from priority fees + MEV tips

Earn 6.8% APY staking with Solana Compass

Help decentralize and secure the Solana network delegating your stake to us and earn an impressive 6.8% APY yield on your SOL, while supporting us to create new guides and tools. Learn more

Stake your SOL

  1. Click to connect your wallet
  2. Enter the amount you wish to stake
  3. Kick back and enjoy your returns
  4. Unstake from your wallet or our staking dashboard

Earn 6.8% APY staking with Solana Compass

Help decentralize and secure the Solana network delegating your stake to us and earn an impressive 6.8% APY yield on your SOL, while supporting us to create new guides and tools.

Learn more

Breakpoint 2023: Ensuring the Safety of SBF Programs Through Formal Verification

Published on 2023-11-09

A deep dive into making Solana contracts safer with Sertora's formal verification tool.

The notes below are AI generated and may not be 100% accurate. Watch the video to be sure!

Summary

In a recent presentation at Breakpoint 2023, a speaker from Sertora discussed the challenges of smart contract security, particularly within the realm of decentralized finance (DeFi) on the Solana blockchain. The increasing scale of crypto hacks and thefts emphasizes the need for reliable security solutions. Sertora's response to these challenges is formal verification, a systematic process that mathematically proves the correctness of smart contracts or highlights potential security breaches. Through this approach, the company aims to revolutionize the way Solana smart contracts are verified, ensuring higher safety standards in the crypto space.

Key Points:

The Challenges of Smart Contract Security

The rise of DeFi and blockchain technology has revolutionized financial transactions but has also introduced new security challenges. The speaker highlighted the alarming increase in crypto theft and the scale of hacks, making it imperative to seek out effective solutions for securing smart contracts. These solutions need to be robust and capable of adapting to the complexity and evolving nature of smart contracts.

The Role of Formal Verification

Formal verification stands as a beacon of hope in securing smart contracts. The technique involves constructing mathematical proofs to confirm that a program adheres to its specifications. In cases where specifications are not met, formal verification can identify the underlying issue. Sertora specializes in developing advanced formal verification tools that ease the process for developers and enhance the security of smart contracts on the blockchain. This method addresses the core needs of the blockchain sector by proving contract safety or identifying and rectifying vulnerabilities before deployment.

Sertora's Verification Approach

Sertora has been a prominent player in the formal verification domain since its establishment in 2018. Their verification tools have been successfully utilized in the Ethereum Virtual Machine (EVM) environment, analyzing millions of lines of code. In 2022, they turned their focus to the Solana ecosystem. The Sertora Prover, a proprietary tool, automatically scrutinizes Solana bytecode files (SBF) at various abstraction levels, ensuring that virtual machine details are considered during verification and even permitting code analysis without the source code or reliance on the compiler.

Case Study: Formal Verification of Squads' Multi-Sig Wallet

Sertora showcased its expertise through a case study involving the formal verification of a multi-signature wallet called "Squads." This sophisticated wallet, having undergone multiple manual audits and holding over 600 million dollars in assets, presented an ideal scenario to demonstrate the power of Sertora's tools in a complex DeFi application. The verification process targeted key components like the multi-sig mechanism and new features like time locks, proving essential safety properties and enhancing trust in the system.

Facts + Figures

  • Security breaches in the crypto space have been on the rise over the last six to seven years.
  • Sertora was founded in 2018, it's a globally operating company with expertise in verification and DeFi.
  • Over two million lines of code in solidity and viper have been verified by Sertora within the EVM ecosystem.
  • In 2022, Sertora began focusing on the verification of Solana smart contracts.
  • The Solana ecosystem offers different levels of abstraction for verification, including rust IR, LLVM bytecode, and SBF.
  • Formal verification at the SBF level entails challenges due to the loss of information during the compilation process.
  • Sertora provides a tool, Sertora Prover, to formally verify SBF code, analyzing it mathematically for correctness against specifications.

Top quotes

  • "The trend [of crypto hacks and theft] is actually at a scale, right? So it's increasing and the amount is getting bigger and bigger."
  • "To write a specification is hard and it's time-consuming."
  • "You need to decide which level of abstraction you want to do verification."
  • "We don't trust anyone."
  • "We are able to find... to build the proof that the code is safe."
  • "A Squat is a very sophisticated multi-sig wallet, has already more than 600 million in asset secure."
  • "You should be approved only if you reach the threshold."
  • "We actually verify the SBF code."
  • "You cover all the possible permissions that the member may have or any other informational value."

Questions Answered

What is the purpose of formal verification in smart contracts?

Formal verification serves to mathematically prove that a smart contract adheres to its predefined specifications, ensuring its correct operation and security. By either confirming safety or identifying violations, developers can employ this process to debug and refine smart contract code before deployment.

Why is formal verification important for the future of DeFi and blockchain technology?

As the amount of funds and sensitive transactions managed by smart contracts grows, the need for robust security measures becomes critical. Formal verification provides stronger security guarantees, ensuring that smart contracts operate as intended and helping to prevent costly hacks and thefts in the DeFi sector.

How does Sertora's formal verification tool work?

Sertora's tool, the Sertora Prover, inputs Solana bytecode files and applies a rigorous process of decompilation to reconstruct information lost during compilation. It then creates a mathematical formula representing the program's semantics and uses SMT solvers to determine the safety of the contract relative to its specifications.

What are the challenges in performing formal verification at the SBF level?

Verification at the Solana binary format (SBF) level includes all details of the Solana virtual machine, which is beneficial for thoroughness. However, a significant challenge arises due to the loss of information like types and pointer details during compilation, making verification a more complex task.

How did Sertora's formal verification approach aid Squads' multi-sig wallet?

Sertora rigorously examined several core parts of the Squads multi-sig wallet protocol through formal verification. By mathematically proving its safety properties, they increased confidence in the protocol's robustness against potential hacks or logical errors, enhancing the overall security of the wallet's stored assets.

Related Content

Breakpoint 2023: How Helium Migrated to Solana

The migration of the Helium network to Solana blockchain.

Breakpoint 2023: Web3 Social Won't Sell You Socks

An exploration of what Web3 social platforms offer beyond traditional economic models.

Breakpoint 2023: Finding Utility for NFTs

An in-depth look into the expanding utility and application of NFTs in Web3.

Breakpoint 2023: Leveraging AI To Bolster Smart Contract Security

Discover how a security research firm is utilizing AI to enhance the security of smart contracts in blockchain.

Breakpoint 2023: When Are You Going to Get Serious About Security?

A compelling call for developers to prioritize security in the Web3 ecosystem.

Breakpoint 2023: Building a Creator Community

Industry experts discuss empowerment and innovation in the NFT creator community.

Breakpoint 2023: Building Blocks of a Regenerative Economy

An insightful discussion on blockchain's role in establishing a regenerative economy.

Breakpoint 2023: Securing FireDancer

FireDancer's security enhancements and strategies presented at Breakpoint 2023

Breakpoint 2023: ZK on Solana: Private Solana Programs

An exploration of zero-knowledge proofs for enhanced privacy on the Solana blockchain.

Breakpoint 2023: Measuring Solana's Carbon Footprint in Real Time

A look at how TriCarbonara measures Solana's network carbon emissions in real-time.

Breakpoint 2023: Payments on Solana, The Digital Commerce Revolution

Exploring the potential of Solana for revolutionizing digital payments and commerce.

Breakpoint 2023: Gaming in Web3 Panel

Leaders in the Web3 gaming space discuss the challenges and opportunities within the industry.

Breakpoint 2023: Removing the Risk from DeFi

Former CEO of Amulet addresses the risks in DeFi and proposes a solution inspired by successful FinTech models.

Breakpoint 2023: Security Considerations from RPC Providers

Exploring the critical security considerations for RPC providers in Web3 infrastructure.

Breakpoint 2023: Creator Economy on Solana

Exploring the rising creator economy on Solana with a focus on on-chain monetization and relationships.