Skip to content
forked from cdump/evmole

Extracts function selectors and arguments from bytecode, even for unverified contracts

License

Notifications You must be signed in to change notification settings

fuzzland/evmole

Repository files navigation

EVMole

npm Crates.io PyPI license

This library extracts function selectors and arguments from Ethereum Virtual Machine (EVM) bytecode, even for unverified contracts.

  • JavaScript, Rust and Python implementations
  • Clean code with zero external dependencies (py & js)
  • Faster and more accurate than other existing tools
  • Tested on Solidity and Vyper compiled contracts

Try it online

Usage

JavaScript

$ npm i evmole
import {functionArguments, functionSelectors} from 'evmole'
// Also supported: const e = require('evmole'); e.functionSelectors();

const code = '0x6080604052348015600e575f80fd5b50600436106030575f3560e01c80632125b65b146034578063b69ef8a8146044575b5f80fd5b6044603f3660046046565b505050565b005b5f805f606084860312156057575f80fd5b833563ffffffff811681146069575f80fd5b925060208401356001600160a01b03811681146083575f80fd5b915060408401356001600160e01b0381168114609d575f80fd5b80915050925092509256'
console.log( functionSelectors(code) )
// Output(list): [ '2125b65b', 'b69ef8a8' ]

console.log( functionArguments(code, '2125b65b') )
// Output(str): 'uint32,address,uint224'

Rust

Documentation available on docs.rs

let code = hex::decode("6080604052348015600e575f80fd5b50600436106030575f3560e01c80632125b65b146034578063b69ef8a8146044575b5f80fd5b6044603f3660046046565b505050565b005b5f805f606084860312156057575f80fd5b833563ffffffff811681146069575f80fd5b925060208401356001600160a01b03811681146083575f80fd5b915060408401356001600160e01b0381168114609d575f80fd5b80915050925092509256").unwrap();

println!("{:x?}", evmole::function_selectors(&code, 0));
// Output(Vec<[u8;4]>): [[21, 25, b6, 5b], [b6, 9e, f8, a8]]

println!("{}", evmole::function_arguments(&code, &[0x21, 0x25, 0xb6, 0x5b], 0));
// Output(String): uint32,address,uint224

Python

$ pip install evmole --upgrade
from evmole import function_arguments, function_selectors

code = '0x6080604052348015600e575f80fd5b50600436106030575f3560e01c80632125b65b146034578063b69ef8a8146044575b5f80fd5b6044603f3660046046565b505050565b005b5f805f606084860312156057575f80fd5b833563ffffffff811681146069575f80fd5b925060208401356001600160a01b03811681146083575f80fd5b915060408401356001600160e01b0381168114609d575f80fd5b80915050925092509256'
print( function_selectors(code) )
# Output(list): ['2125b65b', 'b69ef8a8']

print( function_arguments(code, '2125b65b') )
# Output(str): 'uint32,address,uint224'

Foundry

Foundy's cast uses the Rust implementation of EVMole

$ cast selectors $(cast code 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2)
0x06fdde03	
0x095ea7b3	address,uint256
0x18160ddd	
0x23b872dd	address,address,uint256
...

$ cast selectors --resolve $(cast code 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2)
0x06fdde03	                       	name()
0x095ea7b3	address,uint256        	approve(address,uint256)
0x18160ddd	                       	totalSupply()
0x23b872dd	address,address,uint256	transferFrom(address,address,uint256)
...

See examples for more

Benchmark

function selectors

FP/FN - False Positive/False Negative errors; smaller is better

Dataset evmole rs · js · py whatsabi evm-hound-rs heimdall-rs simple
largest1k
1000
contracts

24427
functions
FP contracts 1 🥈 0 🥇 75 18 95
FN contracts 0 🥇 8 40 102 9
FP functions 192 🥈 0 🥇 720 600 749
FN functions 0 🥇 8 🥈 191 113 12
Time 0.7s · 1.5s · 2.0s 3.0s 0.7s 727.2s 1.9s
random50k
50000
contracts

1171102
functions
FP contracts 1 🥇 43 693 waiting fixes 4136
FN contracts 9 🥇 31 2903 77
FP functions 3 🥇 51 10798 14652
FN functions 10 🥇 32 3538 96
Time 9.8s · 19.6s · 36.4s 52.3s 11.5s 46.3s
vyper
780
contracts

21244
functions
FP contracts 0 🥇 30 19 0 185
FN contracts 0 🥇 780 300 780 480
FP functions 0 🥇 30 19 0 197
FN functions 0 🥇 21244 8273 21244 12971
Time 0.6s · 0.9s · 1.4s 2.3s 0.6s 17.0s 1.2s

function arguments

Errors - when at least 1 argument is incorrect: (uint256,string) != (uint256,bytes); smaller is better

Dataset evmole rs · js · py heimdall-rs simple
largest1k
1000
contracts

24427
functions
Errors 15.0%, 3652 🥇 42.7%, 10438 58.3%, 14242
Time 1.1s · 7.5s · 15.7s 731.4s 0.8s
random50k
50000
contracts

1171102
functions
Errors 5.1%, 59484 🥇 waiting fixes 54.9%, 643213
Time 22.6s · 247.0s · 584.7s 9.5s
vyper
780
contracts

21244
functions
Errors 50.9%, 10805 🥇 100.0%, 21244 56.8%, 12077
Time 0.9s · 7.3s · 13.9s 16.8s 0.7s

See benchmark/README.md for the methodology and commands to reproduce these results

versions: evmole v0.3.3; whatsabi v0.11.0; evm-hound-rs v0.1.4; heimdall-rs v0.7.3

How it works

Short: Executes code with a custom EVM and traces CALLDATA usage.

Long: TODO

License

MIT

About

Extracts function selectors and arguments from bytecode, even for unverified contracts

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Rust 37.7%
  • Python 33.4%
  • JavaScript 23.2%
  • HTML 2.7%
  • Makefile 1.4%
  • Dockerfile 0.9%
  • Shell 0.7%