[pidge]

To clarify, they implemented the algorithm in Dafny, and then proved that version correct. They did not verify code that will actually run in production.

From the paper:

> Dafny is a practical option for the verification of mission-critical smart contracts, and a possible avenue for adoption could be to extend the Dafny code generator engine to support Solidity … or to automatically translate Solidity into Dafny. We are currently evaluating these options

[X6S1x6Okd1st]

Additionally it's proving a translation of the algorithm implemented in solidity. Solidity is not what is run on Ethereum, EVM bytecode is. Solidity is compiled down to EVM bytecode and that's what is run.

That seems like another point where a bug could creep in.

I wouldn't be surprised if there was a hard fork to save the deposit contract if there was a critical bug discovered.

[yissp]

I mean if there was a critical bug in the solidity compiler itself that would put the correctness of pretty much every contract into question, right? It seems like a fork would be hard to argue against in that case.

[latchkey]

There will be many hard forks before the funds from the deposit contract can be retrieved.

[X6S1x6Okd1st]

Fair enough, non-contentious hard forks in Ethereum are usually called upgrades at this point.

[ilammy]

“Beware of bugs in the above code; I have only proved it correct, not tried it.” — D.E.K.

[westurner]

https://github.com/dafny-lang/dafny

Dafny Cheat Sheet: https://docs.google.com/document/d/1kz5_yqzhrEyXII96eCF1YoHZ...

Looks like there's a Haskell-to-Dafny converter.