skip to main content
research-article
Open Access
Artifacts Evaluated & Reusable / v1.1

Elipmoc: advanced decompilation of Ethereum smart contracts

Published:29 April 2022Publication History
Skip Abstract Section

Abstract

Smart contracts on the Ethereum blockchain greatly benefit from cutting-edge analysis techniques and pose significant challenges. A primary challenge is the extremely low-level representation of deployed contracts. We present Elipmoc, a decompiler for the next generation of smart contract analyses. Elipmoc is an evolution of Gigahorse, the top research decompiler, dramatically improving over it and over other state-of-the-art tools, by employing several high-precision techniques and making them scalable. Among these techniques are a new kind of context sensitivity (termed “transactional sensitivity”) that provides a more effective static abstraction of distinct dynamic executions; a path-sensitive (yet scalable, through path merging) algorithm for inference of function arguments and returns; and a fully context sensitive private function reconstruction process. As a result, smart contract security analyses and reverse-engineering tools built on top of Elipmoc achieve high scalability, precision and completeness.

Elipmoc improves over all notable past decompilers, including its predecessor, Gigahorse, and the state-of-the-art industrial tool, Panoramix, integrated into the primary Ethereum blockchain explorer, Etherscan. Elipmoc produces decompiled contracts with fully resolved operands at a rate of 99.5% (compared to 62.8% for Gigahorse), and achieves much higher completeness in code decompilation than Panoramix—e.g., up to 67% more coverage of external call statements—while being over 5x faster. Elipmoc has been the enabler for recent (independent) discoveries of several exploitable vulnerabilities on popular protocols, over funds in the many millions of dollars.

References

  1. 2018. Online Solidity Decompiler. http://ethervm.io/decompileGoogle ScholarGoogle Scholar
  2. M. Ammar Ben Khadra, Dominik Stoffel, and Wolfgang Kunz. 2016. Speculative Disassembly of Binary Code. In Proceedings of the International Conference on Compilers, Architectures and Synthesis for Embedded Systems (Pittsburgh, Pennsylvania) (CASES ’16). Association for Computing Machinery, New York, NY, USA, Article 16, 10 pages. isbn:9781450344821 Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Lee Benfield. 2020. CFR - another java decompiler. https://www.benf.org/other/cfr/Google ScholarGoogle Scholar
  4. Lexi Brent, Neville Grech, Sifis Lagouvardos, Bernhard Scholz, and Yannis Smaragdakis. 2020. Ethainter: A Smart Contract Security Analyzer for Composite Vulnerabilities. In Conf. on Programming Language Design and Implementation (PLDI). ACM.Google ScholarGoogle Scholar
  5. Lexi Brent, Anton Jurisevic, Michael Kong, Eric Liu, Francois Gauthier, Vincent Gramoli, Ralph Holz, and Bernhard Scholz. 2018. Vandal: A Scalable Security Analysis Framework for Smart Contracts. arxiv:1809.03981 [cs.PL]Google ScholarGoogle Scholar
  6. David Brumley, JongHyup Lee, Edward J. Schwartz, and Maverick Woo. 2013. Native x86 Decompilation Using Semantics-Preserving Structural Analysis and Iterative Control-Flow Structuring. In 22nd USENIX Security Symposium (USENIX Security 13). USENIX Association, Washington, D.C., 353–368. isbn:978-1-931971-03-4 https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/schwartzGoogle ScholarGoogle Scholar
  7. JP Morgan Chase. 2020. Quorum: A permissioned implementation of Ethereum supporting data privacy. https://github.com/jpmorganchase/quorumGoogle ScholarGoogle Scholar
  8. Ting Chen, Zihao Li, Xiapu Luo, Xiaofeng Wang, Ting Wang, Zheyuan He, Kezhao Fang, Yufei Zhang, Hang Zhu, Hongwei Li, Yan Cheng, and Xiao-song Zhang. 2021. SigRec: Automatic Recovery of Function Signatures in Smart Contracts. IEEE Transactions on Software Engineering (2021), 1–1. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Cristina Cifuentes. 1994. Reverse compilation techniques. Ph. D. Dissertation. Queensland University of Technology. https://eprints.qut.edu.au/36820/ Presented to the School of Computing Science, Queensland University of Technology..Google ScholarGoogle Scholar
  10. Filippo Contro, Marco Crosara, Mariano Ceccato, and Mila Dalla Preda. 2021. EtherSolve: Computing an Accurate Control-Flow Graph from Ethereum Bytecode. In 2021 IEEE/ACM 29th International Conference on Program Comprehension (ICPC). 127–137. Google ScholarGoogle ScholarCross RefCross Ref
  11. Dedaub. 2019. Rising Gas Prices are Threatening our Security (no, it’s not the Saudi attack). https://medium.com/dedaub/rising-gas-prices-are-threatening-our-security-no-its-not-the-saudi-attack-4b7aa4878e83Google ScholarGoogle Scholar
  12. Dedaub. 2021. EIP-3074 Impact Study. https://docs.google.com/document/d/1itvPn7BhZ9N8h27d1Ig5C86_FZpyG5_cdpsuPJYmb-o/edit?usp=sharingGoogle ScholarGoogle Scholar
  13. Dedaub. 2021. Ethereum Pawn Stars: ’$5.7M in hard assets? Best I can do is $2.3M’. https://medium.com/dedaub/ethereum-pawn-stars-5-7m-in-hard-assets-best-i-can-do-is-2-3m-b93604be503eGoogle ScholarGoogle Scholar
  14. Dedaub. 2021. Killing a Bad (Arbitrage) Bot ... to Save its Owners. https://medium.com/dedaub/killing-a-bad-arbitrage-bot-f29e7e808c7dGoogle ScholarGoogle Scholar
  15. Dedaub. 2021. Look Ma’, no source! Hacking a DeFi Service with No Source Code Available. https://medium.com/dedaub/look-ma-no-source-hacking-a-defi-service-with-no-source-code-available-c40a6583f28fGoogle ScholarGoogle Scholar
  16. Dedaub. 2021. Verkle Gas Cost Changes Insights. https://docs.google.com/document/d/1s3qqzbkQFPcNvhzKPdnxg3MlFbv0YjK1z02SxRtdMs8/edit#heading=h.slduooqtgkoqGoogle ScholarGoogle Scholar
  17. Dedaub. 2021. Yield Skimming: Forcing Bad Swaps on Yield Farming. https://medium.com/dedaub/yield-skimming-forcing-bad-swaps-on-yield-farming-397361fd7c72?source=friends_link&sk=d146b3640321f0a3ccc80540b54368ffGoogle ScholarGoogle Scholar
  18. E. Dupuy. 2020. Java Decompiler. http://java-decompiler.github.io/Google ScholarGoogle Scholar
  19. Nicolas Falliere. 2019. Ethereum Smart Contract Decompiler. https://www.pnfsoftware.com/blog/ethereum-smart-contract-decompiler/Google ScholarGoogle Scholar
  20. Antonio Flores-Montoya and Eric Schulte. 2019. Datalog Disassembly. arxiv:1906.03969 [cs.PL]Google ScholarGoogle Scholar
  21. Miguel Gómez-Zamalloa, Elvira Albert, and Germán Puebla. 2009. Decompilation of Java Bytecode to Prolog by Partial Evaluation. Inf. Softw. Technol. 51, 10 (Oct. 2009), 1409–1427. issn:0950-5849 Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Neville Grech, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2019. Gigahorse: Thorough, Declarative Decompilation of Smart Contracts. In Proceedings of the 41st International Conference on Software Engineering (Montreal, Quebec, Canada) (ICSE ’19). IEEE Press, Piscataway, NJ, USA, 1176–1186. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Neville Grech, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2019. Gigahorse: Thorough, Declarative Decompilation of Smart Contracts. Research artifact corresponding to ICSE’19 technical paper "Gigahorse: Thorough, Declarative Decompilation of Smart Contracts". Google ScholarGoogle ScholarCross RefCross Ref
  24. Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2018. MadMax: Surviving Out-of-Gas Conditions in Ethereum Smart Contracts. Proc. ACM Programming Languages 2, OOPSLA (Nov. 2018). Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. James Hamilton and Sebastian Danicic. 2009. An Evaluation of Current Java Bytecode Decompilers. In Proceedings of the 2009 Ninth IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM ’09). IEEE Computer Society, Washington, DC, USA, 129–136. isbn:978-0-7695-3793-1 Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Nicolas Harrand, C’esar Soto-Valero, Martin Monperrus, and Benoit Baudry. 2019. The Strengths and Behavioral Quirks of Java Bytecode Decompilers. In 2019 19th International Working Conference on Source Code Analysis and Manipulation (SCAM). IEEE, 92–102. https://arxiv.org/pdf/1908.06895.pdfGoogle ScholarGoogle Scholar
  27. Immunefi. 2021. Harvest Finance Uninitialized Proxies Bug Fix Postmortem. https://medium.com/immunefi/harvest-finance-uninitialized-proxies-bug-fix-postmortem-ea5c0f7af96bGoogle ScholarGoogle Scholar
  28. Sehun Jeong, Minseok Jeon, Sungdeok Cha, and Hakjoo Oh. 2017. Data-Driven Context-Sensitivity for Points-to Analysis. Proc. ACM Program. Lang. 1, OOPSLA, Article 100 (Oct. 2017), 28 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. D. S. Katz, J. Ruchti, and E. Schulte. 2018. Using recurrent neural networks for decompilation. In 2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER). 346–356.Google ScholarGoogle Scholar
  30. Tomasz Kolinko and Palkeo. 2020. Panoramix – Decompiler at the heart of eveem.org. https://github.com/palkeo/panoramixGoogle ScholarGoogle Scholar
  31. Christopher Kruegel, William Robertson, Fredrik Valeur, and Giovanni Vigna. 2004. Static Disassembly of Obfuscated Binaries. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13 (San Diego, CA) (SSYM’04). USENIX Association, USA, 18.Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Sifis Lagouvardos, Neville Grech, Ilias Tsatiris, and Yannis Smaragdakis. 2020. Precise Static Modelling of Ethereum “Memory”. Proceedings of the ACM in Programming Languages (OOPSLA) 4, OOPSLA (2020).Google ScholarGoogle Scholar
  33. Michales, Jonah. 2021. Inside the War Room That Saved Primitive Finance. https://medium.com/immunefi/inside-the-war-room-that-saved-primitive-finance-6509e2188c86Google ScholarGoogle Scholar
  34. Jerome Miecznikowski and Laurie J. Hendren. 2002. Decompiling Java Bytecode: Problems, Traps and Pitfalls. In Proceedings of the 11th International Conference on Compiler Construction (CC ’02). Springer-Verlag, London, UK, UK, 111–127. isbn:3-540-43369-4 http://dl.acm.org/citation.cfm?id=647478.727938Google ScholarGoogle Scholar
  35. Ana Milanova, Atanas Rountev, and Barbara G. Ryder. 2005. Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol. 14, 1 (2005), 1–41.Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Primitive Finance. 2021. PrimitiveFi post-mortem analysis. https://primitivefinance.medium.com/postmortem-on-the-primitive-finance-whitehack-of-february-21st-2021-17446c0f3122Google ScholarGoogle Scholar
  37. Todd A. Proebsting and Scott A. Watterson. 1997. Krakatoa: Decompilation in Java (Does Bytecode Reveal Source?). In Proceedings of the 3rd Conference on USENIX Conference on Object-Oriented Technologies (COOTS) - Volume 3 (Portland, Oregon) (COOTS’97). USENIX Association, Berkeley, CA, USA, 14–14. http://dl.acm.org/citation.cfm?id=1268028.1268042Google ScholarGoogle Scholar
  38. Edward J. Schwartz, Cory F. Cohen, Michael Duggan, Jeffrey Gennari, Jeffrey S. Havrilla, and Charles Hines. 2018. Using Logic Programming to Recover C++ Classes and Methods from Compiled Executables. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (Toronto, Canada) (CCS ’18). Association for Computing Machinery, New York, NY, USA, 426–441. isbn:9781450356930 Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. Olin Shivers. 1991. Control-flow analysis of higher-order languages. Ph. D. Dissertation. Carnegie Mellon University.Google ScholarGoogle Scholar
  40. Yannis Smaragdakis, Martin Bravenboer, and Ondrej Lhoták. 2011. Pick Your Contexts Well: Understanding Object-Sensitivity. SIGPLAN Not. 46, 1 (Jan. 2011), 17–30. issn:0362-1340 Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Yannis Smaragdakis, Neville Grech, Sifis Lagouvardos, Konstantinos Triantafyllou, and Ilias Tsatiris. 2021. Symbolic Value-Flow Static Analysis: Deep, Precise, Complete Modeling of Ethereum Smart Contracts. Proc. ACM Program. Lang. 5, OOPSLA, Article 163 (oct 2021), 30 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Mike Strobel. 2020. Procyon. https://bitbucket.org/mstrobel/procyon/wiki/JavaGoogle ScholarGoogle Scholar
  43. Rei Thiessen and Ondřej Lhoták. 2017. Context Transformations for Pointer Analysis. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (Barcelona, Spain) (PLDI 2017). Association for Computing Machinery, New York, NY, USA, 263–277. isbn:9781450349888 Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. TrustLook. 2019. Smart Contract Guardian - Trustlook SECaaS. https://www.trustlook.com/services/smart.htmlGoogle ScholarGoogle Scholar
  45. Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Bünzli, and Martin Vechev. 2018. Securify: Practical Security Analysis of Smart Contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (Toronto, Canada) (CCS ’18). ACM, New York, NY, USA, 67–82. isbn:978-1-4503-5693-0 Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot - a Java Bytecode Optimization Framework. In Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research (Mississauga, Ontario, Canada) (CASCON ’99). IBM Press, 13–. http://dl.acm.org/citation.cfm?id=781995.782008Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Michael Van Emmerik. 2007. Static Single Assignment for Decompilation. Ph. D. Dissertation.Google ScholarGoogle Scholar
  48. Various. 2017. GitHub - vyperlang/vyper: Pythonic Smart Contract Language for the EVM. https://github.com/ethereum/solidityGoogle ScholarGoogle Scholar
  49. Various. 2018. GitHub - ethereum/solidity: The Solidity Contract-Oriented Programming Language. https://github.com/ethereum/solidityGoogle ScholarGoogle Scholar
  50. Various. 2018. GitHub - OpenZeppelin/openzeppelin-contracts: OpenZeppelin Contracts is a library for secure smart contract development. https://github.com/OpenZeppelin/openzeppelin-contractsGoogle ScholarGoogle Scholar
  51. Various. 2018. Porosity – a decompiler for EVM bytecode into readable Solidity-syntax contracts. https://github.com/comaeio/porosityGoogle ScholarGoogle Scholar
  52. Various. 2020. Fernflower. https://github.com/JetBrains/intellij-community/tree/master/plugins/java-decompiler/engineGoogle ScholarGoogle Scholar
  53. Gavin Wood. 2014. Ethereum: A secure decentralised generalised transaction ledger. http://gavwood.com/paper.pdf.Google ScholarGoogle Scholar
  54. K. Yakdan, S. Dechand, E. Gerhards-Padilla, and M. Smith. 2016. Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study. In 2016 IEEE Symposium on Security and Privacy (SP). 158–177.Google ScholarGoogle Scholar
  55. Khaled Yakdan, Sebastian Eschweiler, Elmar Gerhards-Padilla, and Matthew Smith. 2015. No More Gotos: Decompilation Using Pattern-Independent Control-Flow Structuring and Semantics-Preserving Transformations. Google ScholarGoogle ScholarCross RefCross Ref
  56. Yi Zhou, Deepak Kumar, Surya Bakshi, Joshua Mason, Andrew Miller, and Michael Bailey. 2018. Erays: Reverse Engineering Ethereums Opaque Smart Contracts. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 1371–1385. isbn:978-1-939133-04-5 https://www.usenix.org/conference/usenixsecurity18/presentation/zhouGoogle ScholarGoogle Scholar

Index Terms

  1. Elipmoc: advanced decompilation of Ethereum smart contracts

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!