VeriPro
From code to cryptographic attestation. Write specifications, run formal verification, and publish on-chain proof that your contracts meet their security requirements.
Videos
Description
VeriPro: Formal Verification for Smart Contracts
Executive Summary
VeriPro is a formal verification platform that mathematically proves smart contracts are secure before deployment. Unlike traditional testing that checks specific inputs, VeriPro uses symbolic execution to verify correctness for ALL possible inputs—eliminating entire classes of vulnerabilities that have caused billions in losses.
Built on Mantle Network, VeriPro provides developers with an intuitive interface to write specifications, run verification, and publish cryptographic attestations on-chain—creating a new standard for smart contract security.
The Problem
Smart Contract Vulnerabilities Are Catastrophic
Incident | Year | Loss | Root Cause |
|---|---|---|---|
The DAO | 2016 | $60M | Reentrancy |
Parity Wallet | 2017 | $280M | Access control |
Wormhole | 2022 | $320M | Signature verification |
Ronin Bridge | 2022 | $625M | Compromised validators |
Euler Finance | 2023 | $197M | Logic error |
Total losses exceed $10 billion since 2016.
Why Traditional Security Fails
Manual Audits Are Limited
Auditors review code manually
Can miss edge cases and complex interactions
Expensive (50K−50K−500K per audit)
Time-consuming (weeks to months)
No guarantee of completeness
Testing Is Incomplete
Only checks inputs you think of
Cannot cover all possible states
Hackers find the paths you don't test
100% code coverage ≠ 100% security
Fuzzing Is Probabilistic
Random inputs may never hit edge cases
No mathematical guarantee
Time-limited exploration
The Gap
There's no accessible way for developers to mathematically prove their contracts are correct. Formal verification exists but is:
Expensive (specialized consultants)
Complex (requires PhD-level expertise)
Slow (weeks of manual work)
Inaccessible (no self-service tools)
The Solution: VeriPro
VeriPro democratizes formal verification by providing:
1. Intuitive Specification Language
Write properties in familiar Solidity syntax:
contract TokenTest is Test {
function test_transferPreservesSupply(
address from,
address to,
uint256 amount
) public {
uint256 supplyBefore = token.totalSupply();
vm.prank(from);
token.transfer(to, amount);
// This is verified for ALL possible values
assertEq(token.totalSupply(), supplyBefore);
}
}
2. Powerful Symbolic Execution Engine
CBSE (Complete Blockchain Symbolic Executor): Rust-based engine using Z3 SMT solver
Explores all execution paths automatically
Finds counterexamples when properties fail
10x faster than existing tools
3. On-Chain Attestations
Cryptographically signed verification proofs
Recorded on Mantle blockchain
Immutable evidence of security
Verifiable by anyone
4. AI-Powered Specification Generation
Gemini AI analyzes contracts
Suggests properties to verify
Reduces barrier to entry
Accelerates adoption
How It Works
┌─────────────────────────────────────────────────────────────────┐
│ VeriPro Platform │
├─────────────────────────────────────────────────────────────────┤
│ │
│ 1. UPLOAD 2. SPECIFY 3. VERIFY │
│ ┌─────────┐ ┌─────────┐ ┌─────────┐ │
│ │Contract │───────▶│ Specs │───────▶│ CBSE │ │
│ │ .sol │ │ (AI or │ │ Engine │ │
│ └─────────┘ │ manual) │ └────┬────┘ │
│ └─────────┘ │ │
│ ▼ │
│ 4. ATTEST 5. PUBLISH ┌─────────┐ │
│ ┌─────────┐ ┌─────────┐ │ Results │ │
│ │ Signed │◀───────│ On-Chain│◀───────│ Pass/ │ │
│ │ Proof │ │ Record │ │ Fail │ │
│ └─────────┘ └─────────┘ └─────────┘ │
│ │
└─────────────────────────────────────────────────────────────────┘
Step-by-Step Flow
Upload Contract: Developer uploads Solidity smart contract
Write Specification: Define properties (manually or with AI assistance)
Run Verification: CBSE engine symbolically executes all paths
Review Results: See pass/fail with counterexamples for failures
Commit Attestation: Publish signed proof to Mantle blockchain
Technology Stack
Frontend
Next.js 16 with React 19
Tailwind CSS for styling
RainbowKit + wagmi for wallet integration
Framer Motion for animations
Verification Engine (CBSE)
Rust for performance and safety
Z3 SMT Solver for constraint solving
Foundry Integration for Solidity compilation
20+ specialized crates for EVM simulation
Smart Contracts
Solidity attestation registry
Deployed on Mantle Sepolia
ECDSA signatures for proof authenticity
Infrastructure
Vercel for frontend hosting
AWS EC2 for coordinator service
Mantle Network for on-chain attestations
Market Opportunity
Total Addressable Market
Segment | Size | Notes |
|---|---|---|
Smart Contract Audits | $500M/year | Growing 30% annually |
Blockchain Security Tools | $1.2B/year | Includes all security products |
DeFi TVL | $50B+ | All at risk without verification |
Target Customers
DeFi Protocols
Need security for user funds
Regulatory pressure increasing
Insurance requirements
Enterprise Blockchain
Fortune 500 entering Web3
Compliance requirements
Risk management mandates
Audit Firms
Augment manual reviews
Increase throughput
Reduce liability
Insurance Protocols
Underwrite verified contracts
Reduce claim risk
Premium pricing models
Competitive Advantage
Feature | VeriPro | Certora | Halmos | Manual Audit |
|---|---|---|---|---|
Self-service | ✅ | ❌ | ✅ | ❌ |
No expertise needed | ✅ | ❌ | ❌ | ❌ |
AI assistance | ✅ | ❌ | ❌ | ❌ |
On-chain proofs | ✅ | ❌ | ❌ | ❌ |
Speed | Minutes | Days | Hours | Weeks |
Cost | Low | High | Free | Very High |
Foundry native | ✅ | ❌ | ✅ | N/A |
Key Differentiators
Accessibility: No formal methods expertise required
Speed: Results in minutes, not weeks
AI Integration: Automated specification generation
On-Chain Attestations: Verifiable, immutable proofs
Mantle Native: Built for the Mantle ecosystem
Traction & Milestones
Completed
✅ Core CBSE engine (15 milestones complete)
✅ Full EVM opcode support
✅ Web platform with syntax highlighting
✅ AI specification generation (Gemini)
✅ On-chain attestation registry
✅ Deployed on Mantle Sepolia
✅ AWS infrastructure setup
Why Mantle?
Low Transaction Costs: Affordable on-chain attestations
EVM Compatibility: Seamless Solidity support
Growing Ecosystem: Increasing demand for security tools
Developer Focus: Strong tooling and documentation
Strategic Alignment: Security is foundational for ecosystem growth
Appendix
Technical Specifications
CBSE Engine Performance
~10 tests/second throughput
Support for 150+ EVM opcodes
Configurable path exploration bounds
Z3 solver with timeout controls
Supported Verification Properties
Arithmetic overflow/underflow
Access control violations
Reentrancy vulnerabilities
State invariants
Functional correctness
Custom assertions
Smart Contract Details
Registry Address:
0xae454F272197b110C28223dbE3e49b4a1c798015Network: Mantle Sepolia (Chain ID: 5003)
Explorer: https://sepolia.mantlescan.xyz
Glossary
Formal Verification: Mathematical proof that code meets specifications
Symbolic Execution: Analyzing programs using symbolic values instead of concrete inputs
SMT Solver: Satisfiability Modulo Theories solver (e.g., Z3)
Attestation: Cryptographically signed proof of verification
Counterexample: Input that violates a specification
Progress During Hackathon
During this hackathon, we took VeriPro from a raw idea to a fully functional, deployed verification platform. At the core is a complete Rust-based symbolic execution engine (CBSE), built with over 20 specialized crates and full support for more than 150 EVM opcodes. We integrated the Z3 SMT solver to handle constraint solving and exhaustive path exploration, achieving a throughput of roughly 10 verifications per second. This engine forms the backbone of VeriPro’s ability to reason about smart contract correctness at scale. On top of this core, we built a modern web platform using Next.js 16 and React 19. The frontend includes syntax-highlighted Solidity editors for both contracts and specifications, a project management dashboard with file organization, and real-time verification results that surface counterexamples when checks fail. To lower the barrier to entry for developers without formal methods expertise, we integrated the Google Gemini API, enabling natural-language–to–Solidity specification generation alongside manual spec writing. We also implemented on-chain attestations to make verification results publicly verifiable and tamper-proof. An `AttestationRegistry` smart contract was deployed to Mantle Sepolia, featuring ECDSA signature verification for prover authentication and immutable storage of verification proofs. The registry is live at `0xae454F272197b110C28223dbE3e49b4a1c798015`. Supporting infrastructure includes a Vercel-hosted frontend at https://veripro.vercel.app, an AWS EC2 coordinator for verification workloads, systemd-managed production services, and a backend API layer that connects the frontend to the verification engine. Wallet connectivity was completed using RainbowKit and wagmi. All major components were delivered and are fully operational: the CBSE engine, frontend UI, AI-powered specification generation, deployed smart contracts, backend API, wallet integration, and end-to-end on-chain attestations. Users can upload and edit Solidity contracts, write or generate specifications, run symbolic verification across all execution paths, inspect pass/fail results with concrete counterexamples, and commit signed attestations to the Mantle blockchain for public verification. Along the way, we overcame several technical challenges, including resolving Z3 Rust binding cross-compilation issues for AWS, fixing ECDSA signature recovery parameters for Ethereum compatibility, migrating to a Turbopack-compatible build system for Next.js 16, and configuring `forge-std` discovery on remote servers. Today, the full workflow is live: a user can create a project, verify a contract in seconds, connect a wallet, commit an attestation on Mantle Sepolia, and view the resulting transaction on Mantlescan. The entire pipeline, from contract upload to on-chain proof, is fully functional end to end.