Reverse Engineering Unknown Smart Contracts 区块链论文解读———未知智能合约的逆向

This is a paper reading note on “Erays: Reverse Engineering Ethereum’s Opaque Smart Contracts” published at USENIX Security 2018 by the University of Illinois Urbana-Champaign.

Smart contracts only need to execute bytecode and can keep their source code unknown — this poses significant challenges for analysis. The paper proposes a reverse engineering tool for EVM bytecode that produces higher-level representations suitable for manual analysis.

• Author: Liya Su, Ph.D. candidate at IIE, CAS. Research area: Cyberspace Security and Big Data.
• Paper: Erays: Reverse Engineering Ethereum’s Opaque Smart Contracts
• Authors: Yi Zhou, Deepak Kumar, Surya Bakshi, Joshua Mason, Andrew Miller, Michael Bailey

Introduction

Smart contracts are programs that facilitate traceable, irreversible digital transactions. In 2018, Ethereum smart contracts held over $10 billion and facilitated crowdfunding, decentralized exchanges, and supply chain tracking. However, many contracts lack publicly available source code, making auditing extremely difficult.

Key Contributions

1. Erays — a reverse engineering tool that takes compiled EVM bytecode and returns high-level pseudocode suitable for manual analysis, converting from stack-based to register-based representation
2. Measurement of the Ethereum smart contract ecosystem (code complexity and code reuse)
3. “Fuzzy hashing” mechanism to link opaque contracts to publicly available source code
4. Four case studies: high-value multisig wallets, arbitrage bots, exchange accounts, and CryptoKitties

System Design

1. Disassembly & Basic Block Identification: Disassemble hex strings into EVM instructions, partition into basic blocks
2. Control Flow Graph Recovery: Model stack states through CFG, handling three cases — sequential flow, termination instructions, and branch instructions (JUMP/JUMPI)
3. Lifting: Convert stack-based instructions to register-based
4. Optimization: Constant folding, constant propagation, copy propagation, dead code elimination
5. Aggregation: Combine definitions with their uses for more compact output
6. Validation: 15,855 historical transactions tested; 3.22% failure rate (196 construction failures, 314 validation failures)

Experiments

On 34K unique contracts: median block count is 100, median instructions per block is 15. 79% of contracts contain no function with McCabe complexity >10. Code reuse analysis shows the most popular function implementations appear in 11K contracts. Using Erays on the top-10 highest-balance opaque contracts, 66% of functions were successfully matched on average, with one contract achieving 100% match (holding 488K ETH ≈ $500M in 2018).

Case Studies

• High-value multisig wallets: Reverse-engineered access control revealing 2-of-3 admin signature requirements
• Arbitrage bots: Discovered batch-trading contracts for synchronized EtherDelta trades
• CryptoKitties: Fully reconstructed the mixGenes function in 3 hours, identifying gene selection probabilities and mutation mechanics