recentpopularlog in

jabley : contracts   8

Erays: Reverse Engineering Ethereum’s Opaque Smart Contracts
Interacting with Ethereum smart contracts can have potentially
devastating financial consequences. In light of
this, several regulatory bodies have called for a need to
audit smart contracts for security and correctness guarantees.
Unfortunately, auditing smart contracts that do
not have readily available source code can be challenging,
and there are currently few tools available that aid in
this process. Such contracts remain opaque to auditors.
To address this, we present Erays, a reverse engineering
tool for smart contracts. Erays takes in smart contract
from the Ethereum blockchain, and produces high-level
pseudocode suitable for manual analysis. We show how
Erays can be used to provide insight into several contract
properties, such as code complexity and code reuse in
the ecosystem. We then leverage Erays to link contracts
with no previously available source code to public source
code, thus reducing the overall opacity in the ecosystem.
Finally, we demonstrate how Erays can be used for
reverse-engineering in four case studies: high-value multisignature
wallets, arbitrage bots, exchange accounts, and
finally, a popular smart-contract game, Cryptokitties. We
conclude with a discussion regarding the value of reverse
engineering in the smart contract ecosystem, and how
Erays can be leveraged to address the challenges that lie
ahead
infosec  security  filetype:pdf  paper  toread  contracts  ethereum  cryptocurrency  vm  reverse-engineering 
august 2018 by jabley

Copy this bookmark:





to read