Core Verification
Forge
Formal security for smart contracts.
Formal vulnerability detection for Solidity and EVM contracts. Forge analyzes contract structure, call graphs, state transitions, and taint propagation to identify provable failure conditions in transaction-critical code. Built for protocol teams, auditors, and technical diligence on high-value deployments.
8
SWC Classes
<30s
Scan Time
$0
Test Capital
§ SPECIFICATION
Input
- Solidity source (.sol) or ABI + bytecode
- Deployment parameters and constructor arguments
- Optional: invariant specifications in SMT-LIB2
Constraints Verified
- Reentrancy reachability under adversarial call sequences
- Integer overflow in token arithmetic
- Access control bypass via delegatecall
- Flash loan oracle manipulation paths
- Uninitialized storage slot reads
- Timestamp dependence in critical branches
Output
- Z3 proof artifacts per vulnerability class
- Call graph with taint propagation paths
- State transition violation certificates
- SWC registry cross-reference
§ SAMPLE PROOF ARTIFACT
ARTIFACT // FORGE-RE-01FAILURE DETECTED
// SAMPLE PROOF — FORGE ENGINE
ERC4626 vault — reentrancy in withdraw()
TargetCustom ERC4626 implementation
Condition
malicious receiver calls back before balance updateVerdictSAT
SummaryState drain reachable via 2-hop reentrancy. Proof trace: withdraw→callback→withdraw.
StatusReview-ready
§ FIELD VALIDATION
| # | Target | Vulnerability Class | Status |
|---|---|---|---|
| 01 | Balancer V3 Reentrancy | Reentrancy | Fixed |
| 02 | Euler V2 Flash Loan Oracle | Flash Loan Oracle | ACK |
| 03 | Morpho Blue Access Control | Access Control | Fixed |
Run Forge on your system.
Formal engagement starts with a technical intake. We scope, configure, and deliver a proof artifact within the agreed SLA.