research-article

Open access

Elipmoc: advanced decompilation of Ethereum smart contracts

Authors:

Sifis Lagouvardos,

Ilias Tsatiris,

Yannis SmaragdakisAuthors Info & Claims

Proceedings of the ACM on Programming Languages, Volume 6, Issue OOPSLA1

Article No.: 77, Pages 1 - 27

https://doi.org/10.1145/3527321

Published: 29 April 2022 Publication History

Abstract

Smart contracts on the Ethereum blockchain greatly benefit from cutting-edge analysis techniques and pose significant challenges. A primary challenge is the extremely low-level representation of deployed contracts. We present Elipmoc, a decompiler for the next generation of smart contract analyses. Elipmoc is an evolution of Gigahorse, the top research decompiler, dramatically improving over it and over other state-of-the-art tools, by employing several high-precision techniques and making them scalable. Among these techniques are a new kind of context sensitivity (termed “transactional sensitivity”) that provides a more effective static abstraction of distinct dynamic executions; a path-sensitive (yet scalable, through path merging) algorithm for inference of function arguments and returns; and a fully context sensitive private function reconstruction process. As a result, smart contract security analyses and reverse-engineering tools built on top of Elipmoc achieve high scalability, precision and completeness.

Elipmoc improves over all notable past decompilers, including its predecessor, Gigahorse, and the state-of-the-art industrial tool, Panoramix, integrated into the primary Ethereum blockchain explorer, Etherscan. Elipmoc produces decompiled contracts with fully resolved operands at a rate of 99.5% (compared to 62.8% for Gigahorse), and achieves much higher completeness in code decompilation than Panoramix—e.g., up to 67% more coverage of external call statements—while being over 5x faster. Elipmoc has been the enabler for recent (independent) discoveries of several exploitable vulnerabilities on popular protocols, over funds in the many millions of dollars.

References

[1]

2018. Online Solidity Decompiler. http://ethervm.io/decompile

[2]

M. Ammar Ben Khadra, Dominik Stoffel, and Wolfgang Kunz. 2016. Speculative Disassembly of Binary Code. In Proceedings of the International Conference on Compilers, Architectures and Synthesis for Embedded Systems (Pittsburgh, Pennsylvania) (CASES ’16). Association for Computing Machinery, New York, NY, USA, Article 16, 10 pages. isbn:9781450344821

Digital Library

[3]

Lee Benfield. 2020. CFR - another java decompiler. https://www.benf.org/other/cfr/

[4]

Lexi Brent, Neville Grech, Sifis Lagouvardos, Bernhard Scholz, and Yannis Smaragdakis. 2020. Ethainter: A Smart Contract Security Analyzer for Composite Vulnerabilities. In Conf. on Programming Language Design and Implementation (PLDI). ACM.

[5]

Lexi Brent, Anton Jurisevic, Michael Kong, Eric Liu, Francois Gauthier, Vincent Gramoli, Ralph Holz, and Bernhard Scholz. 2018. Vandal: A Scalable Security Analysis Framework for Smart Contracts. arxiv:1809.03981 [cs.PL]

[6]

David Brumley, JongHyup Lee, Edward J. Schwartz, and Maverick Woo. 2013. Native x86 Decompilation Using Semantics-Preserving Structural Analysis and Iterative Control-Flow Structuring. In 22nd USENIX Security Symposium (USENIX Security 13). USENIX Association, Washington, D.C., 353–368. isbn:978-1-931971-03-4 https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/schwartz

[7]

JP Morgan Chase. 2020. Quorum: A permissioned implementation of Ethereum supporting data privacy. https://github.com/jpmorganchase/quorum

[8]

Ting Chen, Zihao Li, Xiapu Luo, Xiaofeng Wang, Ting Wang, Zheyuan He, Kezhao Fang, Yufei Zhang, Hang Zhu, Hongwei Li, Yan Cheng, and Xiao-song Zhang. 2021. SigRec: Automatic Recovery of Function Signatures in Smart Contracts. IEEE Transactions on Software Engineering (2021), 1–1.

Digital Library

[9]

Cristina Cifuentes. 1994. Reverse compilation techniques. Ph. D. Dissertation. Queensland University of Technology. https://eprints.qut.edu.au/36820/ Presented to the School of Computing Science, Queensland University of Technology.

[10]

Filippo Contro, Marco Crosara, Mariano Ceccato, and Mila Dalla Preda. 2021. EtherSolve: Computing an Accurate Control-Flow Graph from Ethereum Bytecode. In 2021 IEEE/ACM 29th International Conference on Program Comprehension (ICPC). 127–137.

[11]

Dedaub. 2019. Rising Gas Prices are Threatening our Security (no, it’s not the Saudi attack). https://medium.com/dedaub/rising-gas-prices-are-threatening-our-security-no-its-not-the-saudi-attack-4b7aa4878e83

[12]

Dedaub. 2021. EIP-3074 Impact Study. https://docs.google.com/document/d/1itvPn7BhZ9N8h27d1Ig5C86_FZpyG5_cdpsuPJYmb-o/edit?usp=sharing

[13]

Dedaub. 2021. Ethereum Pawn Stars: ’$5.7M in hard assets? Best I can do is $2.3M’. https://medium.com/dedaub/ethereum-pawn-stars-5-7m-in-hard-assets-best-i-can-do-is-2-3m-b93604be503e

[14]

Dedaub. 2021. Killing a Bad (Arbitrage) Bot ... to Save its Owners. https://medium.com/dedaub/killing-a-bad-arbitrage-bot-f29e7e808c7d

[15]

Dedaub. 2021. Look Ma’, no source! Hacking a DeFi Service with No Source Code Available. https://medium.com/dedaub/look-ma-no-source-hacking-a-defi-service-with-no-source-code-available-c40a6583f28f

[16]

Dedaub. 2021. Verkle Gas Cost Changes Insights. https://docs.google.com/document/d/1s3qqzbkQFPcNvhzKPdnxg3MlFbv0YjK1z02SxRtdMs8/edit#heading=h.slduooqtgkoq

[17]

Dedaub. 2021. Yield Skimming: Forcing Bad Swaps on Yield Farming. https://medium.com/dedaub/yield-skimming-forcing-bad-swaps-on-yield-farming-397361fd7c72?source=friends_link&sk=d146b3640321f0a3ccc80540b54368ff

[18]

E. Dupuy. 2020. Java Decompiler. http://java-decompiler.github.io/

[19]

Nicolas Falliere. 2019. Ethereum Smart Contract Decompiler. https://www.pnfsoftware.com/blog/ethereum-smart-contract-decompiler/

[20]

Antonio Flores-Montoya and Eric Schulte. 2019. Datalog Disassembly. arxiv:1906.03969 [cs.PL]

[21]

Miguel Gómez-Zamalloa, Elvira Albert, and Germán Puebla. 2009. Decompilation of Java Bytecode to Prolog by Partial Evaluation. Inf. Softw. Technol. 51, 10 (Oct. 2009), 1409–1427. issn:0950-5849

Digital Library

[22]

Neville Grech, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2019. Gigahorse: Thorough, Declarative Decompilation of Smart Contracts. In Proceedings of the 41st International Conference on Software Engineering (Montreal, Quebec, Canada) (ICSE ’19). IEEE Press, Piscataway, NJ, USA, 1176–1186.

Digital Library

[23]

Neville Grech, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2019. Gigahorse: Thorough, Declarative Decompilation of Smart Contracts. Research artifact corresponding to ICSE’19 technical paper "Gigahorse: Thorough, Declarative Decompilation of Smart Contracts".

[24]

Neville Grech, Michael Kong, Anton Jurisevic, Lexi Brent, Bernhard Scholz, and Yannis Smaragdakis. 2018. MadMax: Surviving Out-of-Gas Conditions in Ethereum Smart Contracts. Proc. ACM Programming Languages 2, OOPSLA (Nov. 2018).

Digital Library

[25]

James Hamilton and Sebastian Danicic. 2009. An Evaluation of Current Java Bytecode Decompilers. In Proceedings of the 2009 Ninth IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM ’09). IEEE Computer Society, Washington, DC, USA, 129–136. isbn:978-0-7695-3793-1

Digital Library

[26]

Nicolas Harrand, C’esar Soto-Valero, Martin Monperrus, and Benoit Baudry. 2019. The Strengths and Behavioral Quirks of Java Bytecode Decompilers. In 2019 19th International Working Conference on Source Code Analysis and Manipulation (SCAM). IEEE, 92–102. https://arxiv.org/pdf/1908.06895.pdf

[27]

Immunefi. 2021. Harvest Finance Uninitialized Proxies Bug Fix Postmortem. https://medium.com/immunefi/harvest-finance-uninitialized-proxies-bug-fix-postmortem-ea5c0f7af96b

[28]

Sehun Jeong, Minseok Jeon, Sungdeok Cha, and Hakjoo Oh. 2017. Data-Driven Context-Sensitivity for Points-to Analysis. Proc. ACM Program. Lang. 1, OOPSLA, Article 100 (Oct. 2017), 28 pages.

Digital Library

[29]

D. S. Katz, J. Ruchti, and E. Schulte. 2018. Using recurrent neural networks for decompilation. In 2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER). 346–356.

[30]

Tomasz Kolinko and Palkeo. 2020. Panoramix – Decompiler at the heart of eveem.org. https://github.com/palkeo/panoramix

[31]

Christopher Kruegel, William Robertson, Fredrik Valeur, and Giovanni Vigna. 2004. Static Disassembly of Obfuscated Binaries. In Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13 (San Diego, CA) (SSYM’04). USENIX Association, USA, 18.

Digital Library

[32]

Sifis Lagouvardos, Neville Grech, Ilias Tsatiris, and Yannis Smaragdakis. 2020. Precise Static Modelling of Ethereum “Memory”. Proceedings of the ACM in Programming Languages (OOPSLA) 4, OOPSLA (2020).

[33]

Michales, Jonah. 2021. Inside the War Room That Saved Primitive Finance. https://medium.com/immunefi/inside-the-war-room-that-saved-primitive-finance-6509e2188c86

[34]

Jerome Miecznikowski and Laurie J. Hendren. 2002. Decompiling Java Bytecode: Problems, Traps and Pitfalls. In Proceedings of the 11th International Conference on Compiler Construction (CC ’02). Springer-Verlag, London, UK, UK, 111–127. isbn:3-540-43369-4 http://dl.acm.org/citation.cfm?id=647478.727938

[35]

Ana Milanova, Atanas Rountev, and Barbara G. Ryder. 2005. Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol. 14, 1 (2005), 1–41.

Digital Library

[36]

Primitive Finance. 2021. PrimitiveFi post-mortem analysis. https://primitivefinance.medium.com/postmortem-on-the-primitive-finance-whitehack-of-february-21st-2021-17446c0f3122

[37]

Todd A. Proebsting and Scott A. Watterson. 1997. Krakatoa: Decompilation in Java (Does Bytecode Reveal Source?). In Proceedings of the 3rd Conference on USENIX Conference on Object-Oriented Technologies (COOTS) - Volume 3 (Portland, Oregon) (COOTS’97). USENIX Association, Berkeley, CA, USA, 14–14. http://dl.acm.org/citation.cfm?id=1268028.1268042

[38]

Edward J. Schwartz, Cory F. Cohen, Michael Duggan, Jeffrey Gennari, Jeffrey S. Havrilla, and Charles Hines. 2018. Using Logic Programming to Recover C++ Classes and Methods from Compiled Executables. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (Toronto, Canada) (CCS ’18). Association for Computing Machinery, New York, NY, USA, 426–441. isbn:9781450356930

Digital Library

[39]

Olin Shivers. 1991. Control-flow analysis of higher-order languages. Ph. D. Dissertation. Carnegie Mellon University.

[40]

Yannis Smaragdakis, Martin Bravenboer, and Ondrej Lhoták. 2011. Pick Your Contexts Well: Understanding Object-Sensitivity. SIGPLAN Not. 46, 1 (Jan. 2011), 17–30. issn:0362-1340

Digital Library

[41]

Yannis Smaragdakis, Neville Grech, Sifis Lagouvardos, Konstantinos Triantafyllou, and Ilias Tsatiris. 2021. Symbolic Value-Flow Static Analysis: Deep, Precise, Complete Modeling of Ethereum Smart Contracts. Proc. ACM Program. Lang. 5, OOPSLA, Article 163 (oct 2021), 30 pages.

Digital Library

[42]

Mike Strobel. 2020. Procyon. https://bitbucket.org/mstrobel/procyon/wiki/Java

[43]

Rei Thiessen and Ondřej Lhoták. 2017. Context Transformations for Pointer Analysis. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation (Barcelona, Spain) (PLDI 2017). Association for Computing Machinery, New York, NY, USA, 263–277. isbn:9781450349888

Digital Library

[44]

TrustLook. 2019. Smart Contract Guardian - Trustlook SECaaS. https://www.trustlook.com/services/smart.html

[45]

Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Bünzli, and Martin Vechev. 2018. Securify: Practical Security Analysis of Smart Contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (Toronto, Canada) (CCS ’18). ACM, New York, NY, USA, 67–82. isbn:978-1-4503-5693-0

Digital Library

[46]

Raja Vallée-Rai, Phong Co, Etienne Gagnon, Laurie Hendren, Patrick Lam, and Vijay Sundaresan. 1999. Soot - a Java Bytecode Optimization Framework. In Proceedings of the 1999 Conference of the Centre for Advanced Studies on Collaborative Research (Mississauga, Ontario, Canada) (CASCON ’99). IBM Press, 13–. http://dl.acm.org/citation.cfm?id=781995.782008

Digital Library

[47]

Michael Van Emmerik. 2007. Static Single Assignment for Decompilation. Ph. D. Dissertation.

[48]

Various. 2017. GitHub - vyperlang/vyper: Pythonic Smart Contract Language for the EVM. https://github.com/ethereum/solidity

[49]

Various. 2018. GitHub - ethereum/solidity: The Solidity Contract-Oriented Programming Language. https://github.com/ethereum/solidity

[50]

Various. 2018. GitHub - OpenZeppelin/openzeppelin-contracts: OpenZeppelin Contracts is a library for secure smart contract development. https://github.com/OpenZeppelin/openzeppelin-contracts

[51]

Various. 2018. Porosity – a decompiler for EVM bytecode into readable Solidity-syntax contracts. https://github.com/comaeio/porosity

[52]

Various. 2020. Fernflower. https://github.com/JetBrains/intellij-community/tree/master/plugins/java-decompiler/engine

[53]

Gavin Wood. 2014. Ethereum: A secure decentralised generalised transaction ledger. http://gavwood.com/paper.pdf.

[54]

K. Yakdan, S. Dechand, E. Gerhards-Padilla, and M. Smith. 2016. Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study. In 2016 IEEE Symposium on Security and Privacy (SP). 158–177.

[55]

Khaled Yakdan, Sebastian Eschweiler, Elmar Gerhards-Padilla, and Matthew Smith. 2015. No More Gotos: Decompilation Using Pattern-Independent Control-Flow Structuring and Semantics-Preserving Transformations.

[56]

Yi Zhou, Deepak Kumar, Surya Bakshi, Joshua Mason, Andrew Miller, and Michael Bailey. 2018. Erays: Reverse Engineering Ethereums Opaque Smart Contracts. In 27th USENIX Security Symposium (USENIX Security 18). USENIX Association, Baltimore, MD, 1371–1385. isbn:978-1-939133-04-5 https://www.usenix.org/conference/usenixsecurity18/presentation/zhou

Cited By

Grossman SToman JBakst AArora SSagiv MNandi C(2024)Practical Verification of Smart Contracts using Memory SplittingProceedings of the ACM on Programming Languages10.1145/36897968:OOPSLA2(2402-2433)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689796
Li YSong WHuang J(2024)VarLifter: Recovering Variables and Types from Bytecode of Solidity Smart ContractsProceedings of the ACM on Programming Languages10.1145/36897118:OOPSLA2(1-29)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689711
Albert ECorreas JGordillo PRomán-Díez GRubio AChristakis MPradel M(2024)Synthesis of Sound and Precise Storage Cost Bounds via Unsound Resource Analysis and Max-SMTProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680352(1186-1197)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680352
Show More Cited By

Index Terms

Elipmoc: advanced decompilation of Ethereum smart contracts

Recommendations

Code cloning in smart contracts: a case study on verified contracts from the Ethereum blockchain platform
Abstract
Ethereum is a blockchain platform that hosts and executes smart contracts. Smart contracts have been used to implement cryptocurrencies and crowdfunding initiatives (ICOs). A major concern in Ethereum is the security of smart contracts. Different ...
The treewidth of smart contracts
SAC '19: Proceedings of the 34th ACM/SIGAPP Symposium on Applied Computing

Smart contracts are programs that are stored and executed on the Blockchain and can receive, manage and transfer money (cryptocurrency units). Two important problems regarding smart contracts are formal analysis and compiler optimization. Formal ...
A security framework for Ethereum smart contracts
Abstract
The use of blockchain and smart contracts have not stopped growing in recent years. Like all software that begins to expand its use, it is also beginning to be targeted by hackers who will try to exploit vulnerabilities in both the ...

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Programming Languages

Proceedings of the ACM on Programming Languages Volume 6, Issue OOPSLA1

April 2022

687 pages

EISSN:2475-1421

DOI:10.1145/3534679

Issue’s Table of Contents

Copyright © 2022 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 April 2022

Published in PACMPL Volume 6, Issue OOPSLA1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Artifacts Evaluated & Reusable / v1.1

Author Tags

Qualifiers

Research-article

Funding Sources

Hellenic Foundation for Research and Innovation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
1,280
Total Downloads

Downloads (Last 12 months)394
Downloads (Last 6 weeks)44

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Grossman SToman JBakst AArora SSagiv MNandi C(2024)Practical Verification of Smart Contracts using Memory SplittingProceedings of the ACM on Programming Languages10.1145/36897968:OOPSLA2(2402-2433)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689796
Li YSong WHuang J(2024)VarLifter: Recovering Variables and Types from Bytecode of Solidity Smart ContractsProceedings of the ACM on Programming Languages10.1145/36897118:OOPSLA2(1-29)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689711
Albert ECorreas JGordillo PRomán-Díez GRubio AChristakis MPradel M(2024)Synthesis of Sound and Precise Storage Cost Bounds via Unsound Resource Analysis and Max-SMTProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680352(1186-1197)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680352
Chen WLuo XCai HWang H(2024)Towards Smart Contract Fuzzing on GPUs2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00229(2255-2272)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00229
Liu XHua BWang YPan Z(2023)An Empirical Study of Smart Contract Decompilers2023 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER56733.2023.00011(1-12)Online publication date: Mar-2023
https://doi.org/10.1109/SANER56733.2023.00011
He JLi SWang XCheung SZhao GYang J(2023)Neural-FEBIJournal of Systems and Software10.1016/j.jss.2023.111627199:COnline publication date: 1-May-2023
https://dl.acm.org/doi/10.1016/j.jss.2023.111627
Albert ECorreas JGordillo PRomán-Díez GRubio A(2023)Inferring Needless Write Memory Accesses on Ethereum BytecodeTools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-031-30823-9_23(448-466)Online publication date: 22-Apr-2023
https://dl.acm.org/doi/10.1007/978-3-031-30823-9_23

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents