Formalising Decentralised Exchanges in Coq

TL;DR

This paper presents the first formal verification of a decentralized exchange contract in Coq, ensuring safety and correctness for complex smart contract interactions on the Tezos blockchain.

Contribution

It introduces a formalisation of Dexter2, including proofs of correctness and safety, and extracts verified code for deployment, advancing formal methods in DeFi.

Findings

Proved functional correctness of Dexter2 contracts.

Established safety properties for interacting smart contracts.

Extracted verified code into CameLIGO for deployment.

Abstract

The number of attacks and accidents leading to significant losses of crypto-assets is growing. According to Chainalysis, in 2021, approx. $14 billion has been lost due to various incidents, and this number is dominated by Decentralized Finance (DeFi) applications. In order to address these issues, one can use a collection of tools ranging from auditing to formal methods. We use formal verification and provide the first formalisation of a DeFi contract in a foundational proof assistant capturing contract interactions. We focus on Dexter2, a decentralized, non-custodial exchange for the Tezos network similar to Uniswap on Ethereum. The Dexter implementation consists of several smart contracts. This poses unique challenges for formalisation due to the complex contract interactions. Our formalisation includes proofs of functional correctness with respect to an informal specification for the contracts involved in Dexter's implementation. Moreover, our formalisation is the first to feature proofs of safety properties of the interacting smart contracts of a decentralized exchange. We have extracted our contract from Coq into CameLIGO code, so it can be deployed on the Tezos blockchain. Uniswap and Dexter are paradigmatic for a collection of similar contracts. Our methodology thus allows us to implement and verify DeFi applications featuring similar interaction patterns.