Lean proved this program was correct; then I found a bug
Summary
The article discusses fuzzing a verified Lean 4 zlib implementation, revealing a heap buffer overflow in the Lean runtime and a denial-of-service in the lean-zip archive parser. It argues that formal verification improves robustness but misses issues outside the verified boundary, highlighting the need to secure the runtime and I/O code and to consider verification scope in software security.