certora-prover

Formal verification using Certora Prover with CVL specification language. Supports invariant rules, parametric verification, ghost variables, and counterexample analysis for mathematical proof of contract correctness.

509 stars

bya5c-ai

View on GitHub Installation ↓

Best use case

certora-prover is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Teams using certora-prover should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

You only need a quick one-off answer and do not need a reusable workflow.
You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/certora-prover/SKILL.md --create-dirs "https://raw.githubusercontent.com/a5c-ai/babysitter/main/library/specializations/cryptography-blockchain/skills/certora-prover/SKILL.md"

Manual Installation

Download SKILL.md from GitHub
Place it in .claude/skills/certora-prover/SKILL.md inside your project
Restart your AI agent — it will auto-discover the skill

How certora-prover Compares

Feature / Agent	certora-prover	Standard Approach
Platform Support	Not specified	Limited / Varies
Context Awareness	High	Baseline
Installation Complexity	Unknown	N/A

Frequently Asked Questions

What does this skill do?

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Certora Formal Verification Skill

Formal verification of smart contracts using Certora Prover, providing mathematical proofs of contract correctness.

## Capabilities

- **CVL Specifications**: Write Certora Verification Language specs
- **Invariant Rules**: Define and verify state invariants
- **Parametric Rules**: Write comprehensive property tests
- **Ghost Variables**: Track abstract state
- **Counterexamples**: Analyze verification failures
- **Loop Handling**: Configure loop invariants and unrolling
- **Summarization**: Abstract complex functions

## Installation

```bash
# Install Java (required)
sudo apt install openjdk-17-jdk

# Install Certora CLI
pip install certora-cli

# Set API key
export CERTORAKEY=<your-api-key>

# Verify installation
certoraRun --version
```

## Project Setup

### Directory Structure

```
project/
├── contracts/
│   └── Token.sol
├── certora/
│   ├── conf/
│   │   └── token.conf
│   └── specs/
│       └── token.spec
└── foundry.toml
```

### Configuration File

```yaml
# certora/conf/token.conf
{
  "files": ["contracts/Token.sol"],
  "verify": "Token:certora/specs/token.spec",
  "solc": "solc-0.8.20",
  "msg": "Token verification",
  "rule_sanity": "basic",
  "optimistic_loop": true,
  "loop_iter": 3
}
```

## CVL Specification Language

### Basic Rules

```cvl
// certora/specs/token.spec

methods {
    function balanceOf(address) external returns (uint256) envfree;
    function totalSupply() external returns (uint256) envfree;
    function transfer(address, uint256) external returns (bool);
}

// Invariant: balance never exceeds total supply
invariant balanceUnderSupply(address user)
    balanceOf(user) <= totalSupply()

// Rule: transfer preserves total supply
rule transferPreservesTotalSupply(address to, uint256 amount) {
    env e;

    uint256 supplyBefore = totalSupply();

    transfer(e, to, amount);

    uint256 supplyAfter = totalSupply();

    assert supplyBefore == supplyAfter,
        "Total supply changed after transfer";
}
```

### Parametric Rules

```cvl
// Parametric rule: any function preserves an invariant
rule anyFunctionPreservesInvariant(method f) {
    env e;
    calldataarg args;

    uint256 supplyBefore = totalSupply();

    f(e, args);

    uint256 supplyAfter = totalSupply();

    assert supplyBefore == supplyAfter,
        "Total supply changed";
}
```

### Ghost Variables

```cvl
// Ghost variable to track sum of all balances
ghost mathint sumBalances {
    init_state axiom sumBalances == 0;
}

// Hook to update ghost on balance changes
hook Sstore balances[KEY address user] uint256 newBalance
    (uint256 oldBalance) STORAGE {
    sumBalances = sumBalances + newBalance - oldBalance;
}

// Invariant using ghost
invariant totalSupplyIsSumOfBalances()
    to_mathint(totalSupply()) == sumBalances
```

### Function Summaries

```cvl
// Summary for external calls
methods {
    function _.transfer(address, uint256) external => DISPATCHER(true);
    function _.balanceOf(address) external returns (uint256) => DISPATCHER(true);
}

// Havoc summary (non-deterministic)
methods {
    function externalCall() external => HAVOC_ECF;
}

// Constant summary
methods {
    function getConstant() external returns (uint256) => ALWAYS(100);
}
```

### Loop Handling

```cvl
// Loop invariant
rule loopInvariant() {
    env e;

    // Configure loop unrolling
    require e.msg.sender != 0;

    // Loop iterations are bounded by config
    processArray(e);

    assert true; // Verify loop terminates
}
```

## Running Verification

### Basic Run

```bash
# Run verification
certoraRun certora/conf/token.conf

# Run specific rule
certoraRun certora/conf/token.conf --rule transferPreservesTotalSupply

# Run with message
certoraRun certora/conf/token.conf --msg "PR #123 verification"
```

### Advanced Options

```bash
# Sanity checks
certoraRun certora/conf/token.conf --rule_sanity basic

# Optimistic loop handling
certoraRun certora/conf/token.conf --optimistic_loop --loop_iter 5

# Multi-contract verification
certoraRun contracts/Token.sol contracts/Staking.sol \
  --verify Token:specs/token.spec

# Debug mode
certoraRun certora/conf/token.conf --debug
```

## Interpreting Results

### Verification Output

```
Rule: transferPreservesTotalSupply
  Status: VERIFIED ✓
  Time: 45s

Rule: balanceUnderSupply
  Status: VIOLATED ✗
  Counterexample:
    - user: 0x1234...
    - Initial balance: 100
    - Final balance: 200
    - Total supply: 150
```

### Counterexample Analysis

1. **Check Call Trace**: Understand the sequence of calls
2. **Examine State Changes**: Track storage modifications
3. **Identify Assumptions**: Check if assumptions are too weak
4. **Verify Model**: Ensure CVL spec matches intent

## Common Patterns

### ERC-20 Verification

```cvl
methods {
    function balanceOf(address) external returns (uint256) envfree;
    function totalSupply() external returns (uint256) envfree;
    function allowance(address, address) external returns (uint256) envfree;
}

// Transfer integrity
rule transferIntegrity(address to, uint256 amount) {
    env e;
    address from = e.msg.sender;

    uint256 fromBalanceBefore = balanceOf(from);
    uint256 toBalanceBefore = balanceOf(to);
    require from != to;

    transfer(e, to, amount);

    uint256 fromBalanceAfter = balanceOf(from);
    uint256 toBalanceAfter = balanceOf(to);

    assert fromBalanceAfter == fromBalanceBefore - amount;
    assert toBalanceAfter == toBalanceBefore + amount;
}

// Allowance monotonicity
rule approveIntegrity(address spender, uint256 amount) {
    env e;

    approve(e, spender, amount);

    assert allowance(e.msg.sender, spender) == amount;
}
```

### Access Control Verification

```cvl
methods {
    function owner() external returns (address) envfree;
    function setOwner(address) external;
}

// Only owner can change owner
rule onlyOwnerCanChangeOwner(address newOwner) {
    env e;

    address ownerBefore = owner();

    setOwner(e, newOwner);

    assert e.msg.sender == ownerBefore,
        "Non-owner changed owner";
}
```

## CI/CD Integration

### GitHub Actions

```yaml
name: Certora Verification
on: [push, pull_request]

jobs:
  certora:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      - name: Install Certora
        run: pip install certora-cli

      - name: Run Verification
        env:
          CERTORAKEY: ${{ secrets.CERTORAKEY }}
        run: certoraRun certora/conf/token.conf
```

## Process Integration

| Process | Purpose |
|---------|---------|
| `formal-verification.js` | Primary verification |
| `smart-contract-security-audit.js` | Deep security analysis |
| `lending-protocol.js` | Protocol correctness |
| `amm-pool-development.js` | DeFi invariants |
| `governance-system.js` | Governance properties |

## Best Practices

1. Start with simple invariants
2. Use parametric rules for comprehensive coverage
3. Document all assumptions
4. Analyze counterexamples carefully
5. Use ghost variables for complex state tracking
6. Set appropriate loop bounds
7. Run nightly verification in CI

## See Also

- `skills/slither-analysis/SKILL.md` - Static analysis
- `skills/echidna-fuzzer/SKILL.md` - Property fuzzing
- `agents/formal-methods/AGENT.md` - Verification expert
- [Certora Documentation](https://docs.certora.com/)

Related Skills

theorem-prover-interface

509

from a5c-ai/babysitter

Interface with interactive theorem provers for mechanized verification

process-builder

509

from a5c-ai/babysitter

Scaffold new babysitter process definitions following SDK patterns, proper structure, and best practices. Guides the 3-phase workflow from research to implementation.

Workflow & Productivity

babysitter

509

from a5c-ai/babysitter

Orchestrate via @babysitter. Use this skill when asked to babysit a run, orchestrate a process or whenever it is called explicitly. (babysit, babysitter, orchestrate, orchestrate a run, workflow, etc.)