Rattle - an Ethereum EVM binary analysis framework

Presented at REcon 2018, June 16, 2018, 6 p.m. (30 minutes)

The majority of smart contracts on the blockchain have no verified source code, but people still trust them to protect their cryptocurrency. These contracts should be auditable by a third party as they exist on the blockchain. EVM – the native code representation – was not designed with auditability in mind. EVM is implemented as a stack machine which makes it extremely difficult to identify and track variables. Rattle is an EVM binary static analysis framework designed to work on deployed smart contracts. Rattle takes EVM byte strings, uses a flow-sensitive analysis to recover the original control flow graph, lifts the control flow graph into an SSA/infinite register form, and optimizes the SSA – removing DUPs, SWAPs, PUSHs, and POPs. The conversion from a stack machine to SSA form removes 60%+ of all EVM instructions and presents a much friendlier interface to those who wish to read the smart contracts they’re interacting with. This talk presents Rattle, discusses its development process and design decisions, and explores binary auditing of Ethereum smart contracts.

Presenters:

• Ryan Stortz
  Ryan Stortz is a Principal Security Engineer at Trail of Bits in NYC.

Links:

• https://recon.cx/2018/montreal/schedule/events/144.html

Similar Presentations:

• Summercon 2018 / Blackhat Ethereum
• ToorCon San Diego 20 (2018) / Reversing Ethereum Smart Contracts: Find out what is behind EVM bytecode
• DEF CON 25 (2017) / Porosity: A Decompiler For Blockchain-Based Smart Contracts Bytecode