Skip to content
Switch branches/tags

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


A framework for smart contract verification in Coq.

See the Papers for details on the development. ConCert is able to find real world attacks as explained here and here.

How to build

Our development works with Coq 8.11.2. and depends on MetaCoq installed from source, std++ and coq-bignums. The tests depend on QuickChick. Most of the dependencies can be installed through opam.

To set up a switch with the necessary dependencies run the following commands from the root of the project:

opam switch create . 4.07.1
eval $(opam env)
opam repo add coq-released
opam install -j 4 coq.8.11.2 coq-bignums coq-stdpp coq-quickchick
opam pin -j 4 add

After completing the procedures above, run make to build the development, and make html to build the documentation. The documentation will be located in the docs folder after make html.

Structure of the project

Each folder contains a separate README file with more details.

The embedding folder contains the development of the verified embedding of λsmart to Coq.

The execution folder contains the formalization of the smart contract execution layer, which allows reasoning about, and property-based testing of, interacting contracts. The tests folder contains example tests. The key generators used for automatically generating blockchain execution traces for testing can be found in TraceGens.v. The testing framework was developed as part of a Master's Thesis at Aarhus University, and the thesis detailing (an earlier state of) the development can be found here.

The extraction folder contains an implementation of the extraction pipeline based on MetaCoq's verified erasure extended with an erasure procedure for types. It also features certifying(proof-generating) pre-processing steps and verified dead argument elimination. Currently, we support smart contract languages Liquidity and CameLIGO, and general-purpose languages Elm and Rust as targets. Pretty-printers to these languages are implemented directly in Coq. One also can obtain an OCaml plugin for Coq by extracting our pipeline using the standard extraction of Coq (currently, it is possible for extraction to Rust).

Notes for developers

The project consists of three subprojects: embedding, execution, and extraction located in the corresponding folders. Each subproject has its own _CoqProject file and Makefile. The Makefile in the root folder dispatches the calls to the corresponding subproject.


The project documentation in HTML format is generated for each build. We use the standard Coqdoc with improved styles and scripts of CoqdocJS (license) and local table of contents by TOC(license).



A video collection, presenting various parts of ConCert can be found on Youtube.

Citing the papers

author = {Annenkov, Danil and Milo, Mikkel and Nielsen, Jakob Botsch and Spitters, Bas},
title = {Extracting Smart Contracts Tested and Verified in Coq},
year = {2021},
isbn = {9781450382991},
publisher = {Association for Computing Machinery},
url = {},
doi = {10.1145/3437992.3439934},
pages = {105–121},
numpages = {17},
location = {Virtual, Denmark},
series = {CPP 2021}

   title={ConCert: a smart contract certification framework in Coq},
   journal={Proceedings of the 9th ACM SIGPLAN International Conference on Certified Programs and Proofs},
   author={Annenkov, Danil and Nielsen, Jakob Botsch and Spitters, Bas},

  author    = {Jakob Botsch Nielsen and
               Bas Spitters},
  title     = {Smart Contract Interactions in Coq},
  booktitle = {{FM} Workshops {(1)}},
  series    = {Lecture Notes in Computer Science},
  volume    = {12232},
  pages     = {380--391},
  publisher = {Springer},
  year      = {2019}


A framework for smart contract verification in Coq







No releases published


No packages published