formal methods engineer
Joined March 2022
- Tweets 242
- Following 196
- Followers 174
- Likes 171,331
2 Photos and videos
Mark Petruska retweeted
🚨 BREAKING: More than 400 Arch Linux User Repository packages have been compromised with infostealer malware and a rootkit.
Attacker posed as a trusted maintainer and "adopted" orphaned packages.
Arch maintainers are purging infected packages now. Audit your AUR installs.
175
804
4,598
1,180,933
Mark Petruska retweeted
Jun 11
🔥VITALIK: LIQUIDATION-FREE DEFI IS ON THE WAY
Buterin says multiple teams are building different versions of his proposal to replace forced liquidations with an options-based system.
He urged formal verification before anything goes live.
92
135
794
49,015
Mark Petruska retweeted
Jun 2
The controversy over "You should be able to prove your program correct before you run it" is still live.
For several decades after Dijkstra's pronouncement, the conventional wisdom was that he was wrong. And, with the tools and the hardware we had available, that was difficult to dispute. Attempts to apply formal proof methods scaled very badly, seldom worked at all on programs of larger than toy size, and were ridiculously expensive.
However, in the future that may change. There has been a lot of theoretical progress towards practical proofs on programs of nontrivial size. They remain difficult to apply to common languages and toolchains.
If we get Dijkstra's future it will be because the transition costs of moving to languages on which proofs are practical fall to the point where moving is less than the continuing cost of errors. LLMs make language-to-language translation cheap and will help.
Two domains to watch are avionics and medical-device software. The transition, if and when it becomes practical, is likely to start there.
27
8
334
11,513
Mark Petruska retweeted
May 26
Random experiment of the day. Using hs-to-lean, we can add a custom comment tag to add #Haskell specifications, and then send everything to #Lean and Blaster.
Claude made a small custom Visual Studio code to inline the results directly in Visual Studio.
Contrary to LiquidHaskell, we're not modular, if you call a function, we don't stub it with the specification. This means you don't have to specify every function, just the higher level ones, with the high level properties.
On top of that, you get a full counter-example to replay as a test vector on any falsified property.
This is purely a Proof of concept for the moment.
hs-to-lean: github.com/holcombet/hs-to-l…
Blaster: github.com/input-output-hk/L…
2
5
273
Mark Petruska retweeted
May 27
Founder of OpenZeppelin.
I guess formal verification of permissionless financial instruments is pretty important.
Blaster is our new Ouroboros, at-least three years ahead of all smart contract formal verification frameworks in other ecosystems.
May 26
PSA: I now consider *all* of DeFi unsafe.
Coding agents are superhuman at finding vulnerabilities, and smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds.
2
17
106
4,170
Mark Petruska retweeted
May 26
I want to thank the #Cardano community for granting our consortium 13.08m ada to deliver the extended version of Blaster and bring formal verification to all DApp developers.
We're fully aware this is a significant amount of ada. We believe in our tool and in our vision of what good, accessible formal verification tooling should look like. We're glad to see the community shares that vision.
The tool is open-source, but still at an early stage. We're still very much heads-down on this year's deliverables.
So far, we built a #Lean automated reasoning backend that outperforms the academic competition on neutral benchmarks, and is the only one able to prove UPLC programs running on the CEK machine: github.com/input-output-hk/L…
We delivered a complete formalization of the CEK machine, Plutus Core builtins, and UPLC, tailored for Blaster, but usable by anyone who wants to prove correctness of UPLC programs in Lean: github.com/input-output-hk/P…
We're now delivering the different ledger rules for script contexts and the Cardano Ledger API formalization (at the Data level!), also tailored for Blaster so users can easily express what a "correct script context" is: github.com/input-output-hk/C…
Work is in progress: optimizations are being pushed, we're formalizing the new builtins, the new CEK machine rules, the new cost models, and more.
And just because something has been delivered doesn't mean we stop: we're continuously improving the reasoning core, the formalizations, all of it.
If you want to use the tool and are looking for help, we're on Discord: discord.gg/waYbH94ajy
I promise, we're friendly. We just want to see the tool actually used by people ❤️
6
26
140
11,374
Ascend DEX is now live on Midnight mainnet, making it the first dApp to launch on Midnight🔥
May 24
Introducing Midnight's first dApp, live on mainnet: Ascend DEX
dex.ascend.market/
Ascend is now etched in history as the first team to bring onchain DeFi activity to Midnight, onboarding the first 100 users.
We said we would, so we did 😎
1
31
158
4,995
Mark Petruska retweeted
May 24
Robertino’s proposal is, in my view, very important to allow new developers to not have to face all the troubles we all had to go through.
If both, his and High assurance proposals pass, those 5 production ready contracts will come with their formal proofs using Blaster. This means that developers using those could reuse them, tweak to fit their business needs and in CI/CD check that the security properties have not been broken. Everything fully automated.
May 8
Contracts Library: An OpenZeppelin-style library of standardized, reusable smart contracts with an emphasis on building blocks and DeFi. Launching with at least five production-ready contracts, documented and ready for audit. No need to start from scratch ever again.
9
21
893
Mark Petruska retweeted
May 24
Hey all DReps, we are almost at the threshold for the Plutus proposal, thank for all YES votes thusfar, truly!
For those who can still make the difference, please read the following.
Part of the proposal is about introducing a Poseidon hash built-in to Plutus.
🧵
2
10
35
3,126
Mark Petruska retweeted
May 24
If you are a dRep who has not yet voted on the Plutus Core proposal, please take the time to review the proposal and consider voting yes to support further development of Cardano's UPLC smart contract platform.
Time to vote is ending in less than 12 hours!
@LucasMacchia2 @MicahAlexKenda1 @BullishDumpling @tempo_vote @longminswap @TheOCcryptobro @wolf31o2
May 23
If we halt the development of the execution layer then we are essentially throwing in the towel in competing for the DeFi market. No interoperability, module system, interface standards, or event system means no programmable pools (hook service contracts / hook data), no vaults, no programmatic offchain arbitrage bots.
Please wake up people.
1
14
44
1,845
Mark Petruska retweeted
May 24
Final hours before DRep voting closes.
Over the last 5 weeks, IO has published full proposal breakdowns, delivery plans and milestones, FAQs, proposal rationale, open discussions with initiative leads, and the proposals that were rejected alongside the reasoning behind those decisions.
The work is public and the decision now sits with the community.
Review the proposals and cast your vote:
momentum.cardano.iog.io/
6
41
194
5,353
Mark Petruska retweeted
May 22
Because most people don’t understand that plutus is not a smart contract language, it is the smart contract layer itself.
No Plutus => no improvements to smart contracts on Cardano.
Our smart contract platform desperately needs major improvements, a significant
improvement to efficiency, interoperability, modules, new builtins.
Right now there are gigabytes of redundant publication of the same standard library functions in the Cardano ledger history. Every single time someone publishes a smart contract language to Cardano they are redundantly republishing the same standard library functions. If left unaddressed, this bloat will continue to accumulate and plague us forever.
4
15
74
4,324
Mark Petruska retweeted
May 23
Hi DReps, if you are still looking for another IO proposal that should be approved at the last minute, I believe it is this one:
IO & VacuumLabs: Enhancing Plutus - Performance, Correctness, and Usability
May 4
As a DRep, I decided to vote YES on the proposal: IO & VacuumLabs: Enhancing Plutus – Performance, Correctness, and Usability
My rationale:
I support this proposal because it addresses real technical bottlenecks in Cardano's smart contract stack: execution costs, tooling friction, and formal correctness. These are fundamental issues that directly impact developer adoption, DeFi competitiveness, and long-term support for alternative node implementations.
The most tangible part of this proposal is reducing Plutus execution costs.
CIP-0156 (multiIndexArray) and CIP-0168 (BuiltinValue functions) introduce new built-ins that can reduce script complexity and lower execution costs for many common use cases.
This matters because Cardano smart contracts are frequently criticized for high execution costs, transaction constraints, inefficient handling of multi-assets, and unnecessary complexity for common DeFi operations.
These inefficiencies directly affect DEXs, lending protocols, stablecoins, and other on-chain applications that need to operate efficiently at scale.
Formal correctness and alternative node support may be even more important over the long term.
Without implementation-independent specifications, conformance testing, and stronger formal guarantees, alternative clients become significantly riskier to develop and maintain. Cardano cannot realistically pursue node diversity while lacking the tooling and specifications required to support multiple implementations safely.
At the same time, Cardano has marketed formal methods as a major differentiator for years. This proposal suggests that some important parts of Plutus formalization still require further maturation. The IO should clearly explain what formal specifications already exist, what gaps remain, and why those gaps were not addressed earlier.
This proposal must be considered in a broader context.
The blockchain industry has repeatedly demonstrated how expensive weak smart contract tooling and insufficient verification can become. Major exploits across EVM ecosystems have resulted in billions of dollars in losses due to contract vulnerabilities, implementation mistakes, and weak security assumptions.
While no system can eliminate risk, Cardano has consistently positioned itself as a platform built on higher assurance standards. Strengthening formal specifications, conformance testing, and smart contract correctness helps preserve that competitive advantage as the ecosystem grows and more value moves on-chain.
However, this proposal is not perfect.
I continue to see unnecessary fragmentation across IO proposals. Related work is often split across multiple proposals, while vague budget categories such as "Engagement & Ecosystem Support" continue to appear without sufficient breakdown. Future proposals should provide clearer boundaries between maintenance, developer tooling, and protocol upgrades.
Despite these concerns, this proposal addresses important infrastructure gaps, improves Cardano's long-term competitiveness, and the requested budget is relatively reasonable compared with other IO requests.
For these reasons, I support it.
If you'd like to support my work, consider delegating to the MANDA pool and backing me as a DRep. Your support is the only way I can get time for governance.
MANDA Pool ID:
pool1c3fjkls7d2aujud8y5xy5e0azu0ueatwn34u7jy3ql85ze3xya8
My DRep ID:
drep1y2m0g4r66pyaw3p7u454wc0p4f0ygm8ueaev0mgd3tvwm7sskqwqp
8
17
103
3,571
Mark Petruska retweeted
May 23
Plutus running ~1M scripts/month is evidence that the foundation works.
And mature infrastructure is exactly where careful, targeted improvements matter most.
Smart contract platforms across major ecosystems continue evolving as adoption grows.
This proposal focuses on:
• Estimated ~30% cost reductions
• New primitives like Poseidon for ZK workloads
• Property-based conformance testing to strengthen node diversity
• Continuous security audits and further Agda formalization
That’s how strong foundations stay strong.
15
61
8,253
Mark Petruska retweeted
DRep votes coming in, looks like Leios will have the required support from DReps.
Thank you, guys! 🫡 Won't let you down.
We still need 2 more CC votes🗳️
7
38
210
3,503
Mark Petruska retweeted
May 23
Plutus is the smart contract platform behind applications built on Cardano.
This proposal focuses on enhancing:
• efficiency and cost-effectiveness
• security, reliability, and testing
• readiness for the next generation of Cardano infrastructure
• the developer experience and tooling
It’s about making Cardano’s core smart contract layer more efficient, more secure, and more accessible for builders.
As Cardano adoption grows, investing in the foundations matters. Plutus is one of those foundations.
Read the proposal: momentum.cardano.iog.io/prop…
3
36
156
3,508
Mark Petruska retweeted
May 22
4 out of 9 IO proposals seem to get funding.
13
8
67
3,015
Mark Petruska retweeted
May 22
@Cardano_CF
Please reconsider the NO vote on the Plutus proposal.
After reading the rationale, I think several points misunderstand the scope and impact of the work:
The proposed features are strictly additive. Existing languages and tooling can continue operating on the current Plutus version without immediate changes. This is not forced breakage for downstream compilers; a significant amount of engineering effort goes into preserving that compatibility.
Most proposed builtins are performance-oriented. The community has consistently asked for cheaper execution, better script efficiency, and higher-throughput smart contracts. Several of these proposals also originate from community-driven CIP discussions, which reflects clear ecosystem demand for the capabilities these builtins provide.
Plinth is not just “one language’s tooling.” It also serves as a reference implementation for Plutus. Improvements there help clarify semantics, surface edge cases, and provide guidance that other ecosystem tools can rely on.
ZK builtins are not feature bloat. Without them, many ZK applications are either impossible or only feasible in a very limited form on Cardano. If we want Cardano to support serious zero-knowledge cryptographic applications, these builtins are necessary.
Budget transparency and downstream coordination may be worth discussing, but they should not be conflated with the technical value of the proposal itself.
This proposal strengthens the foundations of Plutus and expands what developers can realistically build on Cardano, which I believe is essential if Cardano is going to remain competitive with smart contract environments of other blockchains.
16
47
2,638
Mark Petruska retweeted
May 22
All Dreps, I ask you to vote YES on this proposal!
It might seem like a boring proposal, but the ROI after this is delivered is immediate. The past improvements showed this.
For those who voted NO, please reconsider your vote. Plutus is not done; we can improve so much more.
May 21
~1M Plutus scripts run on-chain every month.
The Plutus proposal targets a ~30% avg cost reduction for Plutus users, while expanding language capabilities, improving security, correctness, conformance, and developer tooling.
Vote for the proposal: iog.io/news/enhancing-plutus
1
5
23
1,036
Mark Petruska retweeted
May 21
Cardano and Midnight are getting a big upgrade 🔥
Cardano tokens are getting privacy and Midnight is getting tokens and liquidity
Introducing: Moonlight 🌙
We're excited to announce our newest product: a native, reliable bridging solution for Cardano and Midnight.
As we prepare for our upcoming mainnet DEX launch, Moonlight means we’ll be able to bridge all tokens from Cardano to Midnight such as ADA, SNEK, IAG, and STRIKE.
These tokens can be used to supply liquidity to our Midnight-native DEX and make trades securely and privately.
You can bridge your tokens back to Cardano at any time.
The smart contract is already complete and should be live in the next 30 days 🔥
Full details below.
Link: 🖱️ medium.com/@pulsecardano/int…
10
84
3,554