rayiskander2406/qanary-contracts: v2.0-arxiv-v1 — arXiv:2606.01794 reproducibility anchor

Kernel-verified Lean 4 + mathlib4 proof suite accompanying:

R. Iskander. "Tridirectional Discriminating-Power Formal Verification of Smart Contract Reentrancy Defense Against Production-Deployed Solidity Source." arXiv:2606.01794, 2026.

This tag (v2.0-arxiv-v1, commit 5c2beef) is the arXiv v1 reproducibility anchor and the Zenodo deposit target.

Headline result: The first machine-checked correctness proof of the OpenZeppelin ReentrancyGuard pattern against a Lean 4 state-machine model of production-deployed Solidity source, with a capstone composition meta-theorem spanning multiple production protocols. The corpus establishes discriminating power: the guard blocks attacks against vulnerable instances (negative leg — DAO 2016), preserves correct execution for non-attacking transactions (positive leg — Compound v2 cToken), and distinguishes structurally-adjacent safe and vulnerable variants (boundary leg — Aave V3 flashLoan vs. a constructed minimal-diff flashLoanVulnerable mutant). A single capstone meta-theorem composes the three protocol instantiations under a no-retrofit composition discipline (each protocol proof sealed before the capstone is authored, with no underlying-proof modification during composition).

Contents

• QanaryContracts/ — Lean 4 proof suite (13 theorems, 0 sorry, 0 user-introduced axioms; corpus axiom footprint bounded by [propext])
  • EVM model: EVM.lean, Storage.lean, Step.lean, CEI.lean, Reentrancy.lean, Contract.lean, FunctionBody.lean, ValidExecution.lean, Reachability.lean, ReentrancyFree.lean, MultiFunction.lean
  • Soundness: OZSoundness.lean, CEISufficiency.lean (OZ guard discipline + Theorems 4 & 5)
  • Body-to-trace lift: BodyTraceLift.lean, Executes.lean, Executes/{CountHelpers,StackHistory,BodyShape}.lean, W8.lean, Completeness.lean
  • Layer 6-A (negative): DAOContract.lean, DAOAttack.lean
  • Layer 6-B (positive): CompoundContract.lean
  • Layer 6-C (boundary): AaveBoundaryCase.lean
  • Layer 6-D (capstone): CrossProtocolAudit.lean — no-retrofit composition meta-theorem ([propext]-only record)
  • Audit gate: PrintAxioms.lean — per-theorem #print axioms introspection
• paper/ — manuscript source + arxiv_v1_package/ (LaTeX source + the arXiv-hosted PDF of record) + IEEEtran page-budget measurement scaffold
• methodology/ — companion methodology-paper pointer artifacts (referenced from manuscript Appendix B)
• .github/workflows/ — CI: four parallel verification blocks re-checking each theorem and its #print axioms record on every push
• lakefile.lean, lake-manifest.json, lean-toolchain — Lean/mathlib4 pins

Discriminating-power structure

| Layer | Role | Primary file(s) | |---|---|---| | 6-A negative instance | DAO 2016 attack reproduction | DAOContract.lean, DAOAttack.lean | | 6-B positive instance | Compound v2 cToken correctness | CompoundContract.lean | | 6-C boundary case | Aave V3 flashLoan vs. minimal-diff flashLoanVulnerable mutant | AaveBoundaryCase.lean | | 6-D capstone | no-retrofit composition meta-theorem ([propext]-only) | CrossProtocolAudit.lean |

Reproducibility

git clone https://github.com/rayiskander2406/qanary-contracts.git
cd qanary-contracts
git checkout v2.0-arxiv-v1
elan toolchain install "$(cat lean-toolchain)"
lake build                                       # ~901 jobs; first build ~10–15 min (mathlib4)
lake env lean QanaryContracts/PrintAxioms.lean   # prints each theorem's axiom record

Pinned to leanprover/lean4:v4.30.0-rc1 and mathlib4 322515540d7f. The corpus is reproducible end-to-end from this tagged commit; the substantive proof substrate is independently reproducible at v1.3-layer6-closure, and v1.6-phase7-closure is the post-audit content seal cited by the manuscript (Appendix A.3).

Spot checks

grep -rnE "^\s*(sorry|admit)\b" QanaryContracts/ --include="*.lean"   # (no output)
grep -rn "^axiom " QanaryContracts/ --include="*.lean"                # (no output)

Companion paper

arXiv:2606.01794 (v1, announced 2026-06-01). Categories: cs.CR primary, cs.LO + cs.PL cross-list.

License

MIT. Copyright © 2026 Ray Iskander.