Today, we presented how to decompile Ethereum Smart-Contracts at DEF CON 25.Video Presentation of Porosity during DEFCON25 Materials
Porosity’s GitHub: https://github.com/comaeio/porosity And you can also find our Slides here and our WhitePaper here.Why ?
Ethereum smart contracts are code that is executed on every node of the decentralized Ethereum blockchain network. When connected together, they form the distributed applications (Dapps) that power an emerging “Internet of Value.” Contracts themselves are stored on the blockchain such that everyone can be certain they will generate the exact same output without relying on a central server (or single company) to own that application.
Prior hacks on the Ethereum network such as the 2016 DAO theft or the recent Parity multi-sig wallet compromise resulted because of poorly written Solidity code that introduced vulnerabilities which hackers exploited to steal funds from other Ethereum users, not because of compromises of the underlying blockchain protocol or cryptographic weakness.
Because of the perceived insecurity of Solidity, so far most tools have focused on scanning Solidity source code, which is assumed to be available. For example, frameworks like Open Zeppelin combine automated scanning for known issues with human review to build a library of “safe” contracts, but tools like this are only helpful if developers choose to submit their code for review.
Once a smart contract ...