Papers
Topics
Authors
Recent
Search
2000 character limit reached

KindHML: formal verification of smart contracts based on Hennessy-Milner logic

Published 15 Apr 2026 in cs.CR and cs.LO | (2604.14038v1)

Abstract: Smart contracts deployed on blockchains such as Ethereum routinely manage large amounts of assets, making their security critical. Empirical studies show that real-world attacks often exploit flaws in the business logic of contracts that unfold across multiple transactions, such as liquidity or front-running attacks. Detecting these attacks requires reasoning about expressive temporal properties beyond the capabilities of existing analysis tools. In this paper, we present an automated approach to the formal verification of smart contracts, enabling the specification and verification of complex temporal properties. Our approach provides a fully automated encoding into Lustre -- the specification language supported by the Kind 2 model checker -- of an expressive subset of Solidity contracts and temporal specifications based on first-order Hennessy-Milner Logic. This encoding allows us to leverage Kind 2 to determine whether the contract respects the specification or not. We implement our approach in a toolchain that integrates the translation and verification steps, and we evaluate its effectiveness and performance on a benchmark of smart contracts and temporal properties capturing complex attack scenarios. Our results show that the proposed approach can effectively verify non-trivial temporal properties of smart contracts and detect violations that are beyond the reach of existing analysis tools.

Summary

  • The paper presents KindHML, a tool that extends Hennessy-Milner logic into CHML to formally verify complex, multi-transactional properties in smart contracts.
  • It compiles Solidity contracts and CHML specifications into Lustre, enabling both bounded and unbounded verification with automated counterexample generation.
  • The approach addresses limitations of existing tools by verifying advanced properties like liquidity and front-running resistance through strategic and temporal quantification.

Formal Verification of Smart Contracts with KindHML and First-Order Hennessy-Milner Logic

Introduction

"KindHML: formal verification of smart contracts based on Hennessy-Milner logic" (2604.14038) introduces a formal verification methodology and toolchain for smart contracts that accommodates specification and verification of complex temporal properties, particularly those involving multi-transactional behaviors such as liquidity and front-running. This is accomplished via the development of CHML, a first-order extension of Hennessy-Milner logic with domain-specific constructs, and a compilation of smart contracts and CHML specifications into Lustre for automated model checking with Kind. The work is motivated by the inadequacies of conventional static analysis and verification tools, which are unable to precisely capture and verify properties that involve business logic flaws responsible for major real-world exploits.

Motivation and Limitations of Existing Approaches

Current vulnerability detection tools for Ethereum smart contracts are largely confined to identifying syntactic patterns (e.g., reentrancy, overflows) and are ineffective for high-level business logic vulnerabilities that involve temporal sequences and adversarial strategies. Empirical assessments indicate that such tools could only prevent a small fraction (approximately 8%) of the economic losses from attacks recorded in recent studies, missing logic errors that unfold over multiple transactions.

Available formal analysis tools, such as SolCMC and Certora Prover, are primarily focused on safety properties and do not provide sufficient expressivity for comprehensive specifications involving sequences of transactions or variations of temporal and strategic properties (universality, existential quantification, fairness). Properties such as rich notions of liquidity—whether, in every reachable state, a user can eventually withdraw assets under adversarial conditions—or fine-grained front-running resistance, are unaddressed in existing frameworks.

The CHML Logic

The core novelty is the introduction of CHML (Contract Hennessy-Milner Logic), a first-order modal logic interpreted over labeled transition systems, integrating explicit quantification over transactions and variables corresponding to involved parties, values, and functions. Unlike standard HML, the modal operator is extended to parameterize over sender, contract, called procedure, argument vectors, and value fields (i.e., ⟨a,C,f,x⃗,n⟩ϕ\langle a, C, f, \vec{x}, n \rangle \phi). Universal and existential quantification at both state and action levels allow expression of strategic properties beyond the scope of LTL, CTL, or their first-order variants.

The logic also supports evaluation of expressions over current and previous states, and explicit referencing of transaction reverts. The typing system ensures well-scoped usage of state references and syntactic correctness, guaranteeing that specifications are well-formed and applicable within model checking encodings.

System Model and Encoding Approach

Smart contracts are modeled as transition systems derived from a well-typed, imperative Solidity-like fragment. Contracts encapsulate a set of procedures (methods), with explicit constructs to model transactions, conditional requirements, token transfers, and storage updates. Interaction sequences (transaction traces) are reified as transition edges, and each transaction carries sender, target, called method, parameters, and value.

Contracts and CHML properties are fully automatically compiled into Lustre, a synchronous dataflow language. The key technical contributions are:

  • Stateful Encoding: All contract variables, including balances, storage slots, and transition flags, are encoded as Lustre state variables.
  • Transition and Modal Encoding: Procedures are translated into transition relations, modeling both normal and reverted branches. Modal operators in CHML are compiled into transitions over explicit transaction parameters, supporting quantifier expansion as required by the specification.
  • Bounded and Unbounded Verification: Properties are transformed into Lustre properties, enabling bounded model checking, induction, and IC3-based invariant analysis through the Kind model checker.
  • Counterexample and Witness Generation: For violated properties, the tool produces concrete transaction traces that instantiate attacks or specification violations.

Specification and Verification of Security-Critical Properties

The logic and toolchain enable specification of properties beyond safety and basic liveness. Several paradigmatic examples are formalized in CHML:

  • Liquidity: For every user with sufficient credits, there exists a sequence of transactions enabling them to withdraw some amount of assets, parameterized by contract state and possibly quantified over adversarial actions.
  • Front-running: Universal-existential quantification over traces allows encoding whether, for all users and all front-running adversaries, there exists a sequence of actions preventing the adversary from disrupting contractual invariants or ensuring invariants under adversarial attempts.
  • Winnability and Strategic Reachability: The approach supports formalization of reachability properties involving joint actions, temporal dependencies, and specific player strategies, as required for multi-user protocols and games.
  • Reversibility and Additivity: Specifications can involve strategic reversibility (for all actions, there exists an undo path) and additive invariants across transaction compositions.

Implementation and Evaluation

KindHML comprises a pipeline parsing Solidity contracts, typechecking, encoding contracts and properties, flattening data structures as required by Lustre, and interfacing with the Kind2 model checker and CVC5 backend for SMT-solving. The evaluation on a suite of contracts and property benchmarks demonstrates that:

  • All verification results produced by KindHML are aligned with the ground truth of the test cases.
  • Violations (counterexamples) are found rapidly (sub-second in most cases); validity proofs (invariant-based) require more substantial resources, but remain tractable.
  • KindHML supports verification of strategic, temporal, and multi-step properties not addressable by industrial tools.
  • For the first time, verification of expressive front-running properties is mechanized.
  • The tool supports the derivation of concrete witness traces, which can be reified into executable proof-of-concept exploits or invariance validation sequences.

KindHML departs from LTL- or CTL-based tool approaches (e.g., SmartPulse, VeriSolid) by supporting arbitrary quantifier mixing and transaction-parameterized modalities; temporal logics do not suffice for expressing the strategic multi-agent behaviors endemic to DeFi contracts. The provision of existential-existential quantification (witnessing the existence of adversarial and honest strategies) is unique in the smart contract verification ecosystem.

Compared to bounded model checking tools such as Solvent, KindHML supports universal (unbounded depth) properties and a richer logic. The tool design contrasts with vulnerability scanners (static analyzers, fuzzers) by providing formal proofs and counterexamples, rather than heuristic or bounded confidence findings.

Implications and Future Work

KindHML removes a significant obstacle to the full formal verification of temporal and strategic properties in smart contracts by introducing a logic and method capable of handling properties that span multiple transactions and depend on adversarial interleavings. Practically, this supports the specification and verification of higher-resilience financial protocols and reduces economic risk exposure related to latent business logic bugs.

Several extensions are anticipated:

  • Support for compositional verification across inter-contract control flows, enabling cross-contract properties and invariants.
  • Expansion to cover the full Solidity language, including contract-to-contract calls with dynamic dispatch and reentrancy, loops, and gas-related operations.
  • Integration of automatic proof-of-concept exploit synthesis from counterexamples, leveraging symbolic reasoning or neural approaches.
  • Theoretical exploration of expressivity boundaries, relating CHML to strategic logics (ATL, Strategy Logic) and the modal μ\mu-calculus, as well as connections to recent advances in quantitative and multi-agent temporal logics.

Conclusion

KindHML encapsulates a significant advancement in formal smart contract verification, providing—for the first time—a mechanized means to specify and verify multi-transactional, strategic, and adversarial temporal properties in Solidity contracts (2604.14038). The CHML logic and accompanying toolchain close a critical gap in the expressiveness and automation of contract verification, and form a benchmark for future work in both theory and tooling for high-assurance blockchain systems.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 1 tweet with 8 likes about this paper.