Journal
2023 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION AND REENGINEERING, SANER
Volume -, Issue -, Pages 1-12Publisher
IEEE COMPUTER SOC
DOI: 10.1109/SANER56733.2023.00011
Keywords
Empirical study; Smart contracts; Decompilation
Categories
Ask authors/readers for more resources
This paper presents a large-scale empirical study of smart contract decompilers, aiming to understand the reliability, limitations, and research challenges of state-of-the-art decompilation tools. The study identifies root causes of decompiler failures, performance issues, and factors affecting decompilation effectiveness. It also proposes a completeness metric and investigates the resilience of decompilers against program transformations. Suggestions are given for decompiler builders and security researchers to improve decompilation tools and make appropriate selections. The findings and suggestions provided in this study can benefit decompiler builders, contract developers, and security researchers.
Smart contract decompilers, converting smart contract bytecode into smart contract source code, have been used extensively in many scenarios such as binary code analysis, reverse engineering, and security studies. However, existing studies, as well as industrial engineering practices, all assumed that smart contract decompilers are reliable and trustworthy, to generate correct and semantically equivalent source code from binaries. Unfortunately, whether such an assumption truly holds in practice is still unknown. In this paper, we conduct, to the best of our knowledge, the first and most comprehensive large-scale empirical study of smart contract decompilers, to gain an understanding of the reliability, limitations, and remaining research challenges of state-of-the-art smart contract decompilation tools. We first designed and implemented a software prototype SOLINSIGHT, then used it to study 5 state-of-the-art smart contract decompilers. We obtained important findings and insights from empirical results, such as: 1) we proposed 3 root causes leading to decompiler failures; 2) we revealed 2 reasons hurting performance; 3) we identified 3 root causes affecting decompilation effectiveness; 4) we proposed a measurement metric for completeness; and 5) we investigated the resilience of contract decompilers against program transformations. We suggest that: 1) decompiler builders should enhance decompilers in terms of effectiveness, performance, and completeness; and 2) security researchers should select appropriate decompilers based on the suggestions in this study. We believe these findings and suggestions will help decompiler builders, contract developers, and security researchers, by providing better guidelines for contract decompiler studies.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available