lecture: Rattle - an Ethereum EVM binary analysis framework
The majority of smart contracts on the blockchain have no verified source code,
but people still trust them to protect their cryptocurrency. These contracts
should be auditable by a third party as they exist on the blockchain. EVM – the
native code representation – was not designed with auditability in mind. EVM is
implemented as a stack machine which makes it extremely difficult to identify
and track variables.
Rattle is an EVM binary static analysis framework designed to work on deployed
smart contracts. Rattle takes EVM byte strings, uses a flow-sensitive analysis
to recover the original control flow graph, lifts the control flow graph into
an SSA/infinite register form, and optimizes the SSA – removing DUPs, SWAPs,
PUSHs, and POPs. The conversion from a stack machine to SSA form removes 60%+ of all EVM instructions and presents a much friendlier interface to those who wish to read the smart contracts they’re interacting with.
This talk presents Rattle, discusses its development process and design
decisions, and explores binary auditing of Ethereum smart contracts.