Reversing Ethereum Smart Contracts: Find out what is behind EVM bytecode

Presented at ToorCon San Diego 20 (2018), Sept. 15, 2018, 3 p.m. (60 minutes)

Ethereum is currently the reference of smart contract platform due to the possibility to create decentralized applications (Dapps) using smart contracts. When you create a smart contract on the blockchain, it's not mandatory to provide the Solidity source code and that's why be able to reverse and analyze Ethereum smart contract (only with the EVM bytecode) make even more sense. Ethereum is the reference of smart contract platform due to the possibility to create decentralized applications (Dapps) by writing smart contracts. The Solidity source code of those smart contracts are not always available and can contains flaws (reentrancy, integer overflow/underflow, bad randomness, backdoor, ....). Some smart contract handle thousand of ETH and can't be modified once pushed into the blockchain. More than 90% of them doesn’t provide the associated Solidity source code and that's also why be able to reverse and analyze Ethereum smart contract (only with the EVM bytecode) make even more sense. This hands-on is intended to bring attendees the basic skills (theoretical and practical) to analyze Ethereum smart contracts. After this hands-on, they will be able to reverse, debug and start their analysis of real-life smart contracts without having the Solidity source code.

Presenters:

  • Patrick Ventuzelo
    Patrick is a French security researcher working for Quoscient GmbH. He is mainly focused on Reverse Engineering and Vulnerability Research on various platforms with a strong interest on new research areas such as WebAssembly, Smart Contracts and Blockchain. Patrick Ventuzelo is a French security researcher working for Quoscient GmbH. Previously, he worked for P1 Security, the French Department of Defense (DoD) and Airbus Defense & Space Cybersecurity. He is mainly focused on Reverse Engineering and Vulnerability Research on various platforms with a strong interest on new research areas such as WebAssembly, Smart Contracts and Blockchain. Patrick spoke in 2017 at the French security conference SSTIC about critical vulnerabilities that he found in VoLTE technology. He has been trainer at REcon conference multiple time (BRX 2017 / MTL 2017) and have presented recently his research on “Reverse Engineering of Blockchain Smart Contracts (ETH/NEO/EOS)” at the Recon Montreal 2018 edition.

Links:

Similar Presentations: