VeriChain: A Hybrid Formal Verification Approach Using Control Flow, Symbolic Execution, and Static Analysis for Smart Contract Vulnerability Detection
Abstract
Smart contracts facilitate the trustless and automated execution of agreements on blockchains, however several programming patterns in them (such as re-entrancy, integer overflow/underflow, access control) have led to substantial thefts due to vulnerabilities. Current verification tools (e.g., Mythril, Oyente, and Securify) are essentially based on symbolic execution, taint analysis, and pattern matching with high falsepositives as well as large time cost, poor scalability for complex contracts. This paper develops VeriChain, a hybrid verification framework that combines (i) lexicon/syntax parsing for abstract syntax tree (AST), (ii) Control Flow Graph (CFG) generation for path and dependency representation, (iii) CFG- guided symbolic execution with model checking to search feasible execution paths and (iv) rule-based static analysis towards identifying/characterizing vulnerability patterns. VeriChain was tested on N benchmark smart contracts (including re-entrancy, arithmetic and access-control vulnerabilities) and contrasted with Mythril, Oyente, and Securify. Experiments show that VeriChain enables 98.3% detection accuracy with only 1 false positive (and no false negative in our testing set) and finishes analysis within 2.3 seconds, surpassing state-of-the-art tools in both precision and execution efficiency. VeriChain also outputs a structured security report to categorise detected flaws by severity and to offer developers traces of execution as well as mitigation advice, enabling realistic pre-deployment audit of blockchain smart contract.
DOI:
https://doi.org/10.31449/inf.v50i1.9267Downloads
Published
04/13/2026
How to Cite
Vankudoth, R., & K, G. R. (2026). VeriChain: A Hybrid Formal Verification Approach Using Control Flow, Symbolic Execution, and Static Analysis for Smart Contract Vulnerability Detection. Informatica, 50(1). https://doi.org/10.31449/inf.v50i1.9267
Issue
Section
Regular papers
License
Authors retain copyright in their work. By submitting to and publishing with Informatica, authors grant the publisher (Slovene Society Informatika) the non-exclusive right to publish, reproduce, and distribute the article and to identify itself as the original publisher.
All articles are published under the Creative Commons Attribution license CC BY 3.0. Under this license, others may share and adapt the work for any purpose, provided appropriate credit is given and changes (if any) are indicated.
Authors may deposit and share the submitted version, accepted manuscript, and published version, provided the original publication in Informatica is properly cited.
