Revela Decompiler
New

Security Advisory
Blog
Contact Us

Essential Innovations in Blockchain Smart Contract Security

Smart Contracts Massive Hunting for Vulnerabilities

Our paper, *Smart Contracts Massive Hunting for Vulnerabilities*, at JD-HITB Security Conference Beijing 2018 shows a new approach to finding security bugs in smart contracts using symbolic execution that is not pattern-based. Early results are promising: the tool managed to accurately detect most smart contract security bugs reported in 2018 and has helped us find many unpublished ones.

Monocerus: Dynamic Analysis for Smart Contract

Nguyen Anh Quynh, *Monocerus: Dynamic Analysis for Smart Contract*, BlackHat Asia 2019.

Detect Abnormal Behaviours in Ethereum Smart Contracts Using Attack Vectors

Blockchain has gradually been popularized by its transparency, fairness, and democracy. This technology has opened the door to the development of Ethereum, a blockchain platform with smart contracts that can hold and automatically transfer tokens. Like a legacy computer program, smart contracts are vulnerable to security bugs. In recent years, many successful attacks on Ethereum network have been recorded, costing victims millions of dollars. In this paper, we classify attack vectors of Ethereum smart contracts, then propose some behaviour-based methods to detect them. To realize the ideas, we implement Abbe, a tool that can not only discover known attacks but also detect zero-day vulnerabilities.

Bringing the X86 Complete RE Experience to Smart Contract

Ethereum Virtual Machine (EVM) is still the most widely used architecture to support the core of smart contracts such as Polkadot, EVM, and soon Cardano blockchain. Emulators built around EVM are merely good for development purposes. Most of the EVM analysis engines are just debugging tools based on symbolic execution. Unfortunately, these engines are just simple tools that do not encourage and support us to develop tools on top of them. During Black Hat Asia, we presented Qiling's EVM engine that brings the complete traditional X86 reverse engineering experience to the smart contract space.

Real-time EVM debugger, with step into, step over, and memory stack modification capabilities
Full emulation of multi-cross contract instrumentation
Fully automated reapply and verify latest smart contract attack to all existing contracts on an exchange or chain
Make symbolic execution work with Qiling EVM engine to provide a more in-depth emulation