Overview
Explore a reverse engineering tool for Ethereum smart contracts in this USENIX Security '18 conference talk. Dive into Erays, a system designed to produce high-level pseudocode from blockchain-based smart contracts, enabling manual analysis and auditing. Learn how this tool provides insights into contract properties, code complexity, and ecosystem code reuse. Discover techniques for linking contracts without available source code to public repositories, reducing opacity in the Ethereum ecosystem. Examine four case studies demonstrating Erays' practical applications: high-value multi-signature wallets, arbitrage bots, exchange accounts, and the popular game Cryptokitties. Gain understanding of the EVM bytecode, control flow graph recovery, and optimization processes involved in reverse engineering smart contracts. Consider the importance of such tools in addressing regulatory concerns and enhancing security in the rapidly evolving world of blockchain technology.
Syllabus
Intro
EVM Bytecode
Ecosystem: Measuring Opacity
Erays: System Design
Control Flow Graph Recovery
Lifting: Stack-based to Register-based
Optimization: Removing Redundancy
Aggregation: Condensing the Output
Control Flow Structure Recovery
Validation
Use Case
Erays: Function Fuzzy Hash
Case Studies
Case Study: High Value Contracts
Time Dependency Hazard
Case Study: Duplicate Contracts
Case Study: EtherDelta Arbitrage Bots
Case Study: CryptoKitties
Conclusion
Taught by
USENIX