EtherSolve: Computing an Accurate Control-Flow Graph from Ethereum Bytecode

  title={EtherSolve: Computing an Accurate Control-Flow Graph from Ethereum Bytecode},
  author={Filippo Contro and Marco Crosara and Mariano Ceccato and Mila Dalla Preda},
  journal={2021 IEEE/ACM 29th International Conference on Program Comprehension (ICPC)},
Motivated by the immutable nature of Ethereum smart contracts and of their transactions, quite many approaches have been proposed to detect defects and security problems before smart contracts become persistent in the blockchain and they are granted control on substantial financial value.Because smart contracts source code might not be available, static analysis approaches mostly face the challenge of analysing compiled Ethereum bytecode, that is available directly from the official blockchain… 

Figures and Tables from this paper

Elipmoc: advanced decompilation of Ethereum smart contracts
Elipmoc is an evolution of Gigahorse, the top research decompiler, dramatically improving over it and over other state-of-the-art tools, by employing several high-precision techniques and making them scalable.
A survey on ethereum smart contract vulnerability detection using machine learning
This survey paper extensively reviewed and summarized a wide variety of ML-driven intelligent detection mechanism from the following databases: Google Scholar, Engineering Village, Springer, Web of Science, Academic Search Premier, and Scholars Portal Journal, and provided insights on common traits, limitations and advancement ofML-driven solutions proposed for this field.
A Max-SMT Superoptimizer for EVM handling Memory and Storage
GASOL v 2 is presented, a gas and bytes-size superoptimization tool for Ethereum smart contracts, that leverages a previous Max-SMT approach for only stack optimization to optimize also wrt.


Gigahorse: Thorough, Declarative Decompilation of Smart Contracts
Gigahorse offers a full-featured toolchain for further analyses (and a ``batteries included'' approach, with multiple clients already implemented), together with the highest performance and scalability, and uses a declarative, logic-based specification, which allows high-level insights to inform low-level decompilation.
Making Smart Contracts Smarter
This paper investigates the security of running smart contracts based on Ethereum in an open distributed network like those of cryptocurrencies, and proposes ways to enhance the operational semantics of Ethereum to make contracts less vulnerable.
Vandal: A Scalable Security Analysis Framework for Smart Contracts
Vandal is both fast and robust, successfully analysing over 95% of all 141k unique contracts with an average runtime of 4.15 seconds; outperforming the current state of the art tools---Oyente, EthIR, Mythril, and Rattle---under equivalent conditions.
MadMax: surviving out-of-gas conditions in Ethereum smart contracts
MadMax is presented: a static program analysis technique to automatically detect gas-focused vulnerabilities with very high confidence and achieves high precision and scalability.
MadMax: analyzing the out-of-gas world of smart contracts
MadMax is presented: a static program analysis technique that automatically detects gas-focused vulnerabilities with very high confi dence and captures high-level program modeling concepts and delivers high precision and scalability.
STAN: Towards Describing Bytecodes of Smart Contract
This paper proposes the first system named Stan to generate descriptions for the bytecodes of smart contracts to help users comprehend them, and shows that it can generate adequate, accurate and readable descriptions for contract’s bytecodes, which have practical value for users.
Under-optimized smart contracts devour your money
This work conducts the first investigation on Solidity, the recommended compiler, and reveals that it fails to optimize gas- costly programming patterns, and proposes and develops GASPER, a new tool for automatically locating gas-costly patterns by analyzing smart contracts' bytecodes.
EthIR: A Framework for High-Level Analysis of Ethereum Bytecode
EthIR is presented, a framework for analyzing Ethereum bytecode, which relies on OYENTE, a tool that generates CFGs; EthIR produces from the CFGs, a rule-based representation of the bytecode that enables the application of (existing) high-level analyses to infer properties of EVM code.
Finding The Greedy, Prodigal, and Suicidal Contracts at Scale
Maian is implemented, the first tool for specifying and reasoning about trace properties, which employs interprocedural symbolic analysis and concrete validator for exhibiting real exploits.
Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey
This survey aims to identify the key vulnerabilities in smart contracts on Ethereum in the perspectives of their internal mechanisms and software security vulnerabilities by correlating 16 Ethereum vulnerabilities and 19 software security issues.