Discover
Apps
Runtime Verification

Runtime Verification

Preview Only

B2BDevelopment

Open app

This app is available for preview only and has not been validated by community. The owner can submit the application for validation.

About Runtime Verification

Runtime Verification builds formal-methods software tools (Kontrol, KEVM, Symbolic execution) to ensure correctness and safety in blockchain, aerospace, automotive, and mission-critical systems.

safety

Runtime Verification is a leading formal methods firm offering cutting-edge tools and services that help developers eliminate vulnerabilities and elevate application safety. Focused on providing mathematically proven guarantees for smart contracts and blockchain software, Runtime Verification empowers developers to verify logic, not just code, across diverse environments including Solidity, Rust, and even compiled binary code.

With over 100 academic publications, pioneering tools like Kontrol, Simbolik, and Komet, and clients ranging from Ethereum and Algorand to NASA, Runtime Verification blends research-backed rigor with hands-on execution. Their mission is to deliver formal verification and fuzz testing at scale, bridging the gap between developers and advanced security tooling in the web3 landscape.

Runtime Verification is not just another auditing firm — it’s a research-rooted company that builds powerful formal verification tools for developers and conducts comprehensive security audits with unparalleled precision. Their approach moves beyond traditional code reviews to mathematically prove properties that must always hold true within a software system. This means they can detect — and help prevent — bugs that even experienced human reviewers might miss.

The process starts with defining critical system-level properties. These can be general (e.g., no data races in concurrent systems) or custom (e.g., business logic invariants). Runtime Verification then leverages tools like Kontrol (symbolic execution), Simbolik (debugging for Solidity), and Kaas (compute infrastructure for verification) to execute formal proofs. These tools integrate seamlessly into developer workflows, particularly for web3 and blockchain environments where security risks are high and trust is essential.

Runtime Verification’s expertise spans multiple chains and ecosystems. Their clients include major projects like Polkadot, Lido, EigenLayer, MultiversX, and Stellar. They also support public blockchain teams, DeFi protocols, and infrastructure layers like MakerDAO, Band Protocol, Tezos, HydraDX, and SundaeSwap. Their audits are recognized across the industry as some of the most comprehensive available, often serving as a seal of security assurance.

Unlike static analysis tools that analyze code in isolation, runtime verification dynamically observes a system’s behavior during execution. This allows bugs to be identified in context, across multiple execution paths, and within compiled binaries — even where source-level verification would fall short. Their methodology is deeply complementary to unit testing, integration testing, and lightweight static analysis, offering a layered defense strategy.

The company has also been instrumental in shaping the formal methods ecosystem through public talks (e.g., ETH CC), open-source tooling, and research dissemination. They make their tools free for non-commercial use and actively promote education around their methodologies. While other web3 security providers like Trail of Bits or Consensys Diligence offer audits, Runtime Verification stands apart with its academic foundations, symbolic analysis capabilities, and dynamic verification strategies.

Runtime Verification offers a range of security tools and formal verification services that stand out in the blockchain development ecosystem:

Kontrol: Symbolically executes smart contract tests with advanced bug detection capabilities.
Simbolik: A Solidity debugger built for pinpointing subtle issues in execution flows and storage.
Kaas (K as a Service): Provides CI-integrated compute power for verification, including fuzzing and symbolic execution.
Komet: A formal verification and fuzzing tool specifically built for Rust.
Security Audits: Conducted by formal methods experts, with mathematical proofs instead of just reviews.
Fuzzing Campaigns: Includes the compute and design needed to execute large-scale protocol testing.
Open Source Tools: Many tools are freely available for non-commercial use, reflecting their commitment to the web3 ethos.
Cross-Chain Expertise: Supports multiple ecosystems including Ethereum, Polkadot, Algorand, and more.

Getting started with Runtime Verification depends on whether you’re a protocol team, enterprise, or individual developer:

Step 1: Visit the Site — Go to runtimeverification.com to explore available services and tools.
Step 2: Choose Your Need — Select from audits, formal verification, or fuzzing campaigns based on your project stage.
Step 3: Try the Tools — Access Kontrol, Simbolik, and Komet via open-source channels for evaluation or integration.
Step 4: Request an Audit — Use the contact form to begin a formal engagement for full project analysis.
Step 5: Join the Community — Engage with RV via GitHub, Twitter, or the main website.
Need Help? — Browse the FAQ or read product documentation to better understand each tool’s use case.

Runtime Verification FAQ

Runtime Verification stands out by applying formal methods not only to source code but also to compiled binaries. This is possible through dynamic runtime analysis and symbolic execution techniques that inspect how programs behave during execution. This approach uncovers bugs that arise due to miscompilation—issues that static analysis might miss entirely. By verifying actual runtime behavior, Runtime Verification offers an additional layer of assurance that goes beyond typical source-level reviews.
Unlike most audit firms that rely heavily on manual reviews or static scanners, Runtime Verification conducts audits based on formal logic and mathematical proofs. Their team defines critical properties that must always hold and then uses tools like Kontrol and Kaas to formally verify them. This allows detection of entire classes of bugs that traditional auditors miss, especially in concurrent or complex contract designs. The result is a provably correct system, not just a well-reviewed one. Learn more at runtimeverification.com.
Yes, several of Runtime Verification’s tools are designed for continuous integration and production-level monitoring. Tools like RV-Monitor can be deployed to observe live application behavior with minimal overhead. Meanwhile, Kaas integrates formal verification directly into CI pipelines, enabling developers to automate deep checks across deployments. This real-time capability makes Runtime Verification’s toolkit ideal for production-grade systems needing continuous assurance. See tools at runtimeverification.com.
Kaas, short for K as a Service, offers a scalable and CI-enabled compute layer for running formal verification and fuzzing jobs. Developers can plug Kaas into their test pipelines to execute complex symbolic executions and fuzzing campaigns without configuring infrastructure manually. This saves time, ensures reproducibility, and brings enterprise-grade verification capabilities to teams of all sizes. Visit runtimeverification.com for more on Kaas integration.
Symbolic execution allows testing all possible execution paths of a smart contract, rather than just specific inputs or scenarios. Tools like Kontrol and RV-Match simulate every branch of logic, verifying that invariants hold regardless of user actions or blockchain state. This depth makes symbolic execution one of the most comprehensive testing techniques in formal verification, ideal for catching rare edge cases and logic bugs in DeFi, staking, and DAO contracts. Learn more at runtimeverification.com.