This work addresses the challenge of formal verification for legal contracts—particularly those governing asset transfers and obligations. We propose a translation-based automated verification framework that systematically transforms contracts written in the domain-specific language Stipula into Java programs annotated with Java Modeling Language (JML) specifications, enabling deductive verification via the KeY prover. To our knowledge, this is the first approach to achieve fully automated partial and total correctness verification for Stipula contracts containing disjoint loop structures. Our method establishes an end-to-end technical pipeline spanning legal semantic modeling (Stipula), formal specification (JML), and logical verification (KeY). Experimental evaluation demonstrates significant advantages in verification accuracy, automation level, and scalability. By bridging formal methods and legal contract engineering, this work advances the practical deployment of general-purpose formal verification tools in the domain of legal smart contracts.

Stipula is a domain-specific programming language designed to model legal contracts with enforceable properties, especially those involving asset transfers and obligations. This paper presents a methodology to formally verify the correctness of Stipula contracts through translation into Java code annotated with Java Modeling Language specifications. As a verification backend, the deductive verification tool KeY is used. Both, the translation and the verification of partial and total correctness for a large subset of Stipula contracts, those with disjoint cycles, is fully automatic. Our work demonstrates that a general-purpose deductive verification tool can be used successfully in a translation approach.