Paper Presentation

CSE 6324-Advance Topic in Software Engineering

University of Texas at Arlington (UTA)
Paper Title: Elipmoc: Advanced Decompilation of Ethereum Smart Contracts
(OOPSLA 2022)

1. Rushikesh Mahesh Bhagat 1001911486

2. Sai Likhith Palasala 1001980407

1
1 .Introduction:

• Decentralized financial applications, built using smart contracts

running on programmable blockchains, are starting to rival
traditional financial systems. [1]

• Smart contracts are primary targets for automated analysis and

verification tasks, as coding or logical errors in smart contracts
can have large financial implications.

• Analysis of smart contracts as-deployed, i.e., by taking their

binary form as input, is attractive for several reasons, including
significant generality and a uniform platform for analysis. [2]
2
1 .Introduction (cont.):
• Elipmoc is a decompiler for Ethereum smart contracts that
advances the state of the art in EVM bytecode decompilation,
offering significantly increased precision and completeness.

• Elipmoc is the substrate of a successful analysis framework that

has flagged numerous exploitable vulnerabilities on contracts
with or without source, but with millions of dollars in locked
value.

• The Elipmoc team has been commissioned to perform three

separate studies Ethereum Improvement Proposals EIP-1884,
EIP-3074, and a future EIP that proposes a rearchitecting of
storage gas cost metering. 3
2. Background:
• Smart contracts: Self-executing contracts with the terms of the
agreement between buyer and seller being directly written into
lines of code. [3]
• Ethereum: a decentralized blockchain platform that enables the
creation of smart contracts. [4]
• Security issues with smart contracts: Smart contracts are
vulnerable to bugs, security flaws, and other issues that can
lead to financial loss
• Decompilation: The process of reverse-engineering machine
code back into source code. [2]
• Elipmoc plans to overcome the limitations by developing new
techniques for analyzing smart contracts and decompiling
Ethereum bytecode. 4
3. Structure of Elipmoc:

Fig 1: Elipmoc high-level architecture, where solid line depicts new elements .​[5]

5
3. Structure of Elipmoc:
• Elipmoc consists of three main components:

• Bytecode Parser: Parses the bytecode and generates a

control-flow graph (CFG) of the contract.

• CFG Transformer: Transforms the CFG into an intermediate

representation (IR) that includes high-level language
constructs such as variables, loops, and conditionals. [6]

• IR Optimizer: Optimizes the IR using a set of techniques,

such as constant propagation and dead code elimination, to
produce a more concise and readable representation of the
original code. 6
4. Transactional Context Sensitivity:
• Elipmoc is a decompiler built on the declarative (Datalog)
framework introduced by the Gigahorse decompiler.

• The decompilation process involves a context-sensitive analysis

of possible stack contents per program point.

• Context-sensitive static analysis aims to define a compact

abstract context that summarizes dynamic execution conditions.

• The context policy of Elipmoc is transactional context sensitivity,

which is designed for the execution model of smart contracts.
7
4. Transactional Context Sensitivity (cont.):
• Locally resolved jumps are either an intra-procedural jump or a
direct call to another function.

• Locally unresolved jumps are likely a return from a private

function or a call to a continuation passed by the caller.

• Transactional context sensitivity retains the public function (i.e.,

the transaction’s entry point) throughout the analysis.

• Context sensitivity can be defined precisely by a constructor

Merge, which produces a new context for a callee taking as
input the information (context and call instruction) at the call
site. 8
5. Function Reconstruction:
• Private functions in Ethereum smart contracts are not visible or
accessible, making it challenging to analyze a contract's behavior.
[7]

• Elipmoc tool uses private function reconstruction technique to

decompile and analyze private functions.

• Private function reconstruction involves identifying entry points and

reconstructing function body by analyzing the bytecode.
9
5.1 Private Function Reconstruction:
• Elipmoc's approach to private function reconstruction
involves:
• Identify Entry points
– Identify entry points to each private function in the bytecode.

• Symbolic Execution
– Monitor and record the values of symbolic variables that are utilized
within the Ethereum smart contract.

• Taint analysis
– Tracking the flow of data through the contract and identifying
potential sources .

10
5.2 Function Boundary and Argument Inference:
• Identify entry and exit points of functions. Find instructions that
push addresses and eventually jump back to same addresses.
This produces an over-approximation of possible call- and return-
site pairings. These are filtered for well-formedness.

• Normalize the control flow of functions by in-lining basic blocks in

all functions that can reach them to address block merging that
occurred during compilation.

• To deduce the types of function arguments, Elipmoc employed a

blend of stack-based and taint-based analysis techniques.

11
6. End to end impact:

• Elipmoc has been utilized as the foundation for an extensive

security inspection and analysis infrastructure. [8]

• Many research tools have been developed on the basis of

Elipmoc.

• It has become basis for many studies by Ethereum Foundation for

deployed smart contracts.

12
7. Evaluation:

• The research questions were based upon three parameters,

Precision, Completeness and Scalability.

• Elipmoc was compared to other tools such as Gigahorse and

Panoramix with respect to the contract size and execution times.

13
7. Evaluation (cont.):
• Gigahorse:
Timeouts (%) Execution Time avg. (sec)
Elipmoc 4.94 % 2.74 s
Gigahorse 18.74 % 4.03 s
Table 1: Decompilation scalability metrics vs Gigiahorse [5]

Bytecode Size [0,5KB) [5KB,10KB) [10KB,15KB) [15KB,20KB) [20KB,max)

Elipmoc 2547 (99.8 %) 1023 (96 %) 536 (82.6 %) 254 (86.1 %) 393 (89.5 %)
Gigahorse 2538 (99.5 %) 909 (85.3 %) 405 (62.4 %) 124 (42.0 %) 87 (19.8 %)
Total Contracts 2552 1065 649 295 439

Table 2: Scalability and size distribution of contracts vs Gigiahorse [5]

14
7. Evaluation (cont.):
• Panoramix:
Unique Unique Events Timeouts (%) Execution
External calls Time avg. (sec)
Elipmoc 11816 11640 5% 2.75 s
Panoramix 7048 7128 17.94 % 15.6 s

Table 3: Decompilation completeness scalability metrics vs Panoramix [9]

Bytecode Size [0,5KB) [5KB,10KB) [10KB,15KB) [15KB,20KB) [20KB,max)

Elipmoc 2547 (99.8 %) 1022 (96 %) 535 (82.4 %) 253 (85.8 %) 393 (89.5 %)
Panoramix 2483 (97.3 %) 925 (86.9 %) 455 (70.1 %) 160 (54.2 %) 80 (18.2 %)
Total Contracts 2552 1065 649 295 439

Table 4: Scalability and size distribution of contracts vs Panoramix [9]

15
8. Related Work:

• Since industry prefers deploying low level Ethereum byte code, it

resulted in many decompilation tools like EtherSolve, SigRec[10]

• Binary disassembly and decompilation are closer to the EVM

decompilation problem, although control flow is still more
disciplined than in the EVM.

16
9. Conclusion:

• Authors described the enhancements made through Elipmoc

which they claim is better than its predecessors in terms of high-
precision algorithms and they perform better while compared
against parameters like scalability and completeness.

17
References:
[1]
https://researchblog.duke.edu/2021/12/13/decentralized-finance-and-the-power-of
-smart-contracts/
[2]
https://www.shielder.com/blog/2022/04/a-sneak-peek-into-smart-contracts-reversi
ng-and-emulation/

[3]
https://corpgov.law.harvard.edu/2018/05/26/an-introduction-to-smart-contracts-an
d-their-potential-and-inherent-limitations/
[4] https://ethereum.org/en/developers/docs/intro-to-ethereum/
[5] https://doi.org/10.1109/ICSE.2019.00120
[6]
https://www.cs.toronto.edu/~david/course-notes/csc110-111/15-graphs/07-control-
flow-graphs.html
18
References:
[8] https://dl.acm.org/doi/10.1145/1925844.1926390
[9] https://github.com/palkeo/panoramix
[10] https://doi.org/10.1109/ICPC52881.2021.00021

19
Thank you!

20