What we see:
- Audits are expensive π°
- Audits must be repeated π
- No long-term deal with auditors π€
Our solution: building the best auditing tool with AI & formal verification to fully secure the next billions coming to Solana, paid as a reasonable subscription.
π
Of course, with the recent Zcash vulnerability, formal verification is once again at the center of attention.
With have a lot of opinions about how it should be done and how situation can improve. Happy to chat.
For context: $2B is the valuation gone following the bug.
Formal verification is a critical tool to protect protocols from vulnerabilities. The recent Zcash vulnerability with honest disclosure is a reminder of that.
FV is the technology we focus on at @FormalLand to secure protocols. Being π― focused enables us to create unique capabilities, some that we keep closed-source:
- FV on arbitrary circuit languages, without having to change one's implementation, using our Garden π framework. Verifying the code as it is very important to keep stacking security layers on the same code without having to re-implement things. Example: verification the optimized Keccak circuit in Plonky3, the main hash function of Ethereum.
- FV on Rust code π¦ at the implementation level, without modifying the Rust code and for arbitrarily large properties. This is still something that open tooling struggle with, constraining the way the Rust code should be written. We believe code should be verified as it is, otherwise optimizations are lost and it becomes harder to combine tooling. We have a demo of that for Revm an EVM interpreter in Rust.
- FV for the Ethereum infra and Soldity smart contracts: this is ongoing development and behind closed doors.
- General belief of combining different approaches to not depend on a unique stack and take different angles. We bet heavily on the Rocq prover for that, with some work in Lean as well like a recent verification of polynomial algorithms for ZK with it. The two provers can in addition be connected.
Happy to chat more about that π€ to help teams secure their code even more, covering the whole stack with FV! π‘οΈ
If you have some Solana smart contracts, and want them to be continuously formally verified through AI, let's talk!
AI + strong tooling > attacker AI alone
@KyleSamani True for AI making great designs. It still needs to be reviewed, to get all details well aligned, ...
Also, the capacity of devs to specify and breakdown problems is underestimated, and can make a great business value, especially with AI helping with non-dev tasks.
Founders must stop trying to building 2010-era businesses with 2026-era technology.
Don't try to rebuild Foursquare or Yelp.
Don't try to recreate Basecamp by 37 Signals with $10/mo SaaS pricing.
Don't underprice! If it works it's worth a lot more.
Don't be tempted to become "Tech enabled PE" with revenue tricks.
The rules of tech changed with AI. Play the new game.
Many doom calls about the safety of DeFi, saying attackers only have to find one bug.
But there are techniques helping defenders, like multi-layered security and formal verification.
@SAIRfoundation Math was already bigger than it seemed. This is maybe exposing the problem more.
Today, the "AI" understanding cannot beat the human one though, yet.
It took many terrible attacks to make formal verification hot.
The reason: providing a mathematical proof of security in the age of AI attacks and vibe code is convincing.
We were the first AI + FV project, and we continue building for the best dev experience and security.
AI is only going to increase the frequency of the exploits, they are getting very very smart and can go unsupervised for hours together.
Formal Verification will be table stakes for anything of consequence.
Eth DeFi got hacked with > $200 million stolen, similar to what happened with @DriftProtocol. Similar cause: compromised keys.
We need to deploy formal verification at scale, with clear global rules like timelocks to prevent these attacks, and listing protocols that are secured.
AI is getting the attack cost, but it is also helping defense, in particular, formal verification.
We are working to make it more broadly available across the Solana ecosystem for smart contract builders!
Formal verification is big these days.
Many companies are contacting us as this is perhaps the only way to keep safe against the wave of AI attacks.
What is difficult is verifying code down to the source level. Chat with us to know more about existing solutions.
With formal verification, the difficulty is scaling as complexity grows exponentially.
For the last @colosseum, we made Excalead (Honorable Mention) to make FV practical on Solana https://t.co/XZXITyr88S
@domin8Arena was a project we verified. Free assistance for Colosseum projects!
@vyperlang It is nice to see some diversity in the use of formal verification tools. HOL has a rich history in software verification and is nicely used here!