The Ethereum Virtual Machine (EVM) now has a new tool, which is considered to be its first ever decompiler designed to reverse engineer the code behind smart contracts into checkable source code.
Matt Suiche, Comae Technologies founder, announced at the DefCon hacker conference held in Las Vegas yesterday a new solution – Porosity, the open-source EVM decompiler capable of deciphering the code that makes up executable distributed code contracts (EDCC).
Porosity, coming at a time when a series of ethereum hacks have indicated the complexity of writing secure smart contract code, promises to make it possible for developers to revert sophisticated ethereum virtual machine bytecode back to the “comprehensible” basic code.
Errors often emerge in EDCCs, like in any developing software. If left unchecked, these bugs can result in quite costly hacks. The most infamous examples of these incidents may be the last month massive hack of the ethereum smart contracts written for CoinDash, Parity and Veritaseum, and also an exploit in the EDCC code governing multi-signature Parity wallets resulted in millions of stolen Ether. In this circumstances it’s understandable why Matt Suiche thinks his chosen profession as a reverse engineer is certainly about to see increased demand.
“The security community in ethereum is going to grow,” he said “And we’re going to see more and more reverse engineers.”
Porosity effectively translates the Ethereum Virtual Machine (EVM) bytecode, by which smart contracts are written, and generates Solidity syntax. This code can be continually revised and scanned to guarantee end-to-end check for bugs and attack vectors, or audited to maintain its integrity.
“Porosity removes a major roadblock to interacting with contracts of unknown origin and helps further the ‘trust but verify’ blockchain thinking.” – said Matt Suiche.
In addition, Porosity is now integrated with JP Morgan’s open-source Quorum blockchain, private ethereum blockchain network created for enterprise-grade solutions.
Porosity and Quorum are planned to be packaged together to help run real-time smart contract security checks integrating blockchain technology into traditional enterprise security workflows.
“Porosity is the first decompiler that generates human-readable Solidity syntax smart contracts from Ethereum Virtual Machine bytecode” – states Amber Baldet , JP Morgan blockchain lead.
In case Porosity, after all the tests, is being packaged with Quorum, Suiche claims that developers will be able to:
- Scan private contracts sent to your node from other network participants.
- Incorporate into security & patching processes for private networks with formalized governance models.
- Automate scanning and analyze risk across semi-public Quorum networks.
Looking back, Microsoft, JP Morgan, Santander and others formed an Enterprise Ethereum Alliance to contribute to the overall development of Ethereum seeking to provide a platform not only for the technology, but also to provide the governance and tools to create a standard for ‘Enterprise Ethereum’.