// Adds amount to the account's balance for the given token.
// amount may be positive or negative.
// Assert before setting that the balance does not exceed the upper bound.
//
// @storage_update account_balance(account_id, token_type) := account_balance(account_id, token_type) + amount
// @post account_balance(account_id, token_type) < BALANCE_UPPER_BOUND
func modify_account_balance{syscall_ptr: felt*, pedersen_ptr: HashBuiltin*, range_check_ptr}(

   account_id: felt, token_type: felt, amount: felt

Open-source formal verification tool for all Starknet developers

Horus is a user-friendly way to formally verify your Starknet smart contracts with respect to specifications written in a simple assertion language.

// Adds amount to the account's balance for the given token.
// amount may be positive or negative.
// Assert before setting that the balance does not exceed the upper bound.
//
// @storage_update account_balance(account_id, token_type) := account_balance(account_id, token_type) + amount
// @post account_balance(account_id, token_type) < BALANCE_UPPER_BOUND
func modify_account_balance{syscall_ptr: felt*, pedersen_ptr: HashBuiltin*, range_check_ptr}(

   account_id: felt, token_type: felt, amount: felt

// @storage_update account_balance(account_id, token_type)
:= account_balance(account_id, token_type) + amount
// @post account_balance(account_id, token_type) < BALANCE_UPPER_BOUND
func
modify_account_balance{syscall_ptr:
felt*, pedersen_ptr: HashBuiltin*,
range_check_ptr}(

Formally verifying
Cairo smart contracts

Horus employs various Satisfiability Modulo Theories (SMT) solvers to ensure that your smart contract’s implementation meets specifications written in a simple assertion language. The Horus alpha release currently supports Cairo 0.10.1.

Detect vulnerabilities before deployment

Smart contract security is more important than ever. In 2022, a total of $3.78 billion of total value locked (TVL) was lost from the crypto ecosystem due to exploits. As Ethereum scales and becomes more interoperable, the amount of TVL at risk and potential attack vectors will only increase. To secure the Ethereum and Starknet ecosystems, Nethermind has partnered with StarkWare to develop the Horus formal verification tool for Starknet smart contracts. What began as a modest prototype Python script, has grown to support many complex Starknet smart contract features. By leveraging Horus specifications, developers can detect software bugs that could lead to exploits and value losses before the contract is even deployed.

Formal verification on Starknet made easy

Horus streamlines the formal verification process for Starknet smart contracts, enabling developers to express assertions about their code using a straightforward assertion language. This language is similar to Cairo, making it especially user-friendly.

The heavy-lifting is built into Horus’s design. The tool allows developers to add preconditions and postconditions to Starknet functions, as well as other assertions that apply at various points in the code. It then verifies that for each annotated function, the postcondition remains valid after a non-faulting call to the function, assuming the precondition was met before the function was called. Horus achieves this by running the contract through a control-flow analysis and utilizing the resulting control-flow graph (CFG) to simplify the verification task. Instead of checking the entire contract, it focuses on verifying that individual "modules" meet specific specifications. A module, in this case, is a basic block annotated with a specification. The verification process for each module is then reduced to an SMT query, optimized and handled by various SMT solvers like Z3 and CVC5.

Our goal is to make formal verification more accessible for Cairo developers, fostering broader adoption and decentralization of the Starknet ecosystem.

Our formal verification team

The Horus development team at Nethermind is made up of experts in formal verification, type theory and logic. The team formally verifies smart contracts and develops a variety of formal verification tools, particularly for EVM-compatible chains and Starknet. Read more about our Formal Verification work.

Formal verification at Nethermind

Disclaimer: Horus is currently in the alpha stage and no guarantee is being given as to the accuracy and/or completeness of any of the outputs the tool may generate. More information can be found here.

Collaborating on this project

Julian

Sutherland

Rodrigo

Ribeiro

Ilia

Vlasov

František

Silváši

Collaborating on this project

Julian

Sutherland

Rodrigo

Ribeiro

Ilia

Vlasov

František

Silváši