CryptoCoinsInfoClub.com

Ethereum Solidity Assembly

Reversing Evm Bytecode Withradare2

Reversing Evm Bytecode Withradare2

Howdy yall. Today we will look into the insides of Ethereum Virtual Machine (EVM), how Solidity language is translated into bytecode, how the bytecode is executed in the VM. We will also talk about how we implemented a plugin for radare2 reverse-engineering framework to RE and debug code that runs on EVM. If you are reading this, you have probably already heard about Ethereum blockchain and probably are already aware of its architecture and basic principles. Ethereum consists of a lot of parts and the excellent overview of them is given in [1] . Although there are a lot of interesting parts, here we will be focusing on the Ethereum Virtual Machine, the bytecode, transactions, debugging, all the good low-level stuff. So if you have no understanding of the basic Ethereum stuff like Solidity or the overall blockchain architecture, you should probably read about those first. Ethereum smart contracts security has been gaining more and more attention lately. However due to the novelty of this area we are still lacking good tools to use in the research process. Since not all contracts on the Ethereum blockchain have their source code published, one of such tools would be a handy reverse-engineering tool for EVM code. So we just decided to implement our own. EVM is a Turing complete, stack based virtual machine. However, unlike a classical Turing complete VM, execution of every instruction inside EVM is taxed by gas. It has a set of instructions that can be basically divided into two sets: general purpose instructions you would typically find in almost any instruction set (push, pop, jump etc.) and Ethereum specific instructions (calls to external contracts, reading the address of the caller, etc). For example, lets illustrate how adding two numbers together would work: If you Continue reading >>

Solc-js

Solc-js

JavaScript bindings for the Solidity compiler . Uses the Emscripten compiled Solidity found in the solc-bin repository . To use the latest stable version of the Solidity compiler via Node.js you can install it via npm: If this package is installed globally (npm install -g solc), a command-line tool called solcjs will be available. To see all the supported features, execute: Note: this commandline interface is not compatible with solc provided by the Solidity compiler package and thus cannot beused in combination with an Ethereum client via the eth.compile.solidity() RPC method. Please refer to the Solidity compiler documentation for instructions to install solc. It can also be included and used in other projects: varinput='contractx{functiong(){}}' //Setting1assecondparamateractivatestheoptimiser for(varcontractNameinoutput.contracts){ //codeandABIthatareneededbyweb3 console.log(contractName+':'+output.contracts[contractName].bytecode) Starting from version 0.1.6, multiple files are supported with automatic import resolution by the compiler as follows: 'lib.sol':'libraryL{functionf()returns(uint){return7;}}', 'cont.sol':'import"lib.sol";contractx{functiong(){L.f();}}' varoutput=solc.compile({sources:input},1) for(varcontractNameinoutput.contracts) console.log(contractName+':'+output.contracts[contractName].bytecode) Note that all input files that are imported have to be supplied, the compiler will not load any additional files on its own. Starting from version 0.2.1, a callback is supported to resolve missing imports as follows: 'cont.sol':'import"lib.sol";contractx{functiong(){L.f();}}' return{contents:'libraryL{functionf()returns(uint){return7;}}'} varoutput=solc.compile({sources:input},1,findImports) for(varcontractNameinoutput.contracts) console.log(contractName+': Continue reading >>

Just Skimming Through The Solidity Docs, I See A Lot Of Unwise Decisions There A... | Hacker News

Just Skimming Through The Solidity Docs, I See A Lot Of Unwise Decisions There A... | Hacker News

I never understood why they chose such a hacky language (an a VM model that encourages these kinds of languages), and expect people to write supposedly secure (in the sense of: obviously correct!) code with it. Any remotely popular functional programming language created over the last years shows a better design (and taste) than this one. And if that only attracts a certain type of programmers? (pun intended) That is, programmers valuing languages like Haskell/OCaml/F#/Kotlin/Rust, who would only ever touch C with verified compilers and 5 different static analysis tools? Well, that's exactly kind of people you to attract to write your security-sensitive code. Solidity is ostensibly designed to let people write smart contracts for Ethereum. More realistically, it is a marketing tool for enabling and onboarding people onto the Ethereum platform, which Ethereum benefits monetarily (enormously so) from. Security and design are secondary goals to the extent that they help prevent disasters which hurt adoption or churn developers away. Through this lens it's not a mystery why the language is "hacky". Perhaps being a good language is not even the driving goal. Curious question of a non-native speaker: What does this phrase mean? (in general, and in this context) From a Hegelian perspective, the best thing for Ethereum is for it to race back and forth across dialectics as quickly as it can. There will be many money stealing events as we discover how to do cryptocomputing safely. Better to get them over with now while the market cap is small and people know not to rely on it for anything too serious. If they were to be as safe as possible, there would be less news, and they would push the traversal of those dialectics further into the history, when more people are using Ethereu Continue reading >>

Solidity - Understanding Mload Assembly Function - Ethereum Stack Exchange

Solidity - Understanding Mload Assembly Function - Ethereum Stack Exchange

I am learning the inline assembly in solidity, i ve found the function mload(0x40) i am confused whith what this function does? did it reserve 4 Slot/word in memory or did it load the data stored in the address 0X40 or what? MLOAD(0XAB) Loads the word (32byte) located at the memory address 0XAB. e.g Mload(X060) loads the word located at 0x60 memory address. function f () { assembly { let freemem_pointer := mload(0x40) mstore(add(freemem_pointer,0x00),"36e5236fcd4c61044949678014f0d085") mstore(add(freemem_pointer,0x20),"36e5236fcd4c61044949678014f0d086") let arr1:= mload(freemem_pointer) //read first string mstore(add(freemem_pointer,0x40),arr1) } } this results in the flowing memory state : This previous code stores tow strings (two memory words 32bytes each) in the free memory space. The destinations memory addresses are obtained by adding an offset of 0bytes for the first and of 0x20 for the second to the free memory pointer address(located in the memory address 0x40). in the EVM The 6 first words in the memory are reserved and the 0x40-0x50 memory words are allocated to the free memory pointer. Details :mload and mstore are defined in details in the yellow paper : [a...b) signifies the bytes of memory starting at position a up to (excluding) position b. however b] means b included Continue reading >>

Evm Assembly Tricks

Evm Assembly Tricks

I recently discovered a method to do generic proxying of Ethereum calls. Skip further down for nitty gritty details, Ill start this off with some basics. Sometimes, its convenient to build contract factories. For example, say you want to implement crowdsourcing, or auctions, or games, or DAOs. In those cases, instead of having one Mother auction which keeps track of active auctions (which, in turn keep track of bidders, offers and items), it makes sense to implement each auction/crowdfund/game/DAO as its own contract. One problem is that these contracts are quite heavy; creating them may be very expensive and the creation of several may be limited by block gas limits. To counter this, the library-model can be used instead: When a new auction is needed, an AuctionLite contract is instantiated instead: B. AuctionLite has the same methods as Auction, but uses callcode/delegatecall to invoke the A instance as a library. The cost of a callcode/delegatecall (pretty small). The cost of unboxing and boxing parameters. When a method is entered, the parameters from msg.data is masked according to constraints, such as uint or address. The B contract then creates a new msg which, when received by A, goes through the same unboxing once again. The B contract has a 1-1 mapping of methods; thus it can also become pretty large (expensive to create), scaling linearly with the size of A. By going a bit under the hood of Solidity, and using raw EVM assembly, it is possible to create a more transparent proxy mechanism, where the proxy contract does not actually have to explicitly know the method signatures of the target (A). The trick do pull this off, is to use a default function in the proxy contract and just pass msg.data along to the target contract, within a callcode or delegatecall ( Continue reading >>

Solidity And The Ethereum Virtual Machine

Solidity And The Ethereum Virtual Machine

Without the Internet Bitcoin could have never existed and without Bitcoin, Ethereum could have never existed. Now thats a bold claim but Im willing to make in that I truly believe that the predecessor technology has enabled this new paradigm in decentralized computing. Bitcoin has and will continue to enable an unimaginable number of new and disruptive applications which will impact a number of verticals. I use my Shift card every day, wake up and check the price with an eye half open, and I anticipate my full attention will be back as we approach The Halvening. But right now, I want to learn how to write Smart Contracts in the Solidity programming language. I want to know how these contracts are compiled onto the Ethereum Virtual Machine (EVM). And how this is powering thenext generation of peer-to-peer technology. Install Mix IDE, the IDE for authoring Smart Contracts using the High Level Language Solidity. Program Solidity contracts on Visual Studio The EVM is stack-based execution environment thatuses Smart Contracts (similar to object-oriented classes) and HTML, CSS, and JavaScript to create dApps. When you are running a decentralized application (dApp), every instruction is executed on every node of the network. This means the operands for the instructions are taken from the stack, and it is also where the results are added. This is the low level assembly code of the EVM and the resulting flow-control functions that can be found in the Ethereum Yellow Paper . Items are pushed to the Stack and can be manipulated using POP (remove top item from the stack), SWAP (Swap item order on the stack / Limit of 16 elements), and DUP (copy and order new item on top of the stack). The stack also extends Memory and Calldata to be used in during program execution. Memory is an e Continue reading >>

Solidity: Using Solc On Windows

Solidity: Using Solc On Windows

If you plan to make extensive use of solc, I recommend adding it to you PATH variable: Click Start and type system. From the search results select System (Control Panel) From the System window on the left click Advanced system settings On the Advanced tab click Environmental variables Under User variables for select Path and click Edit Add the path to your solc installation, then click OK, OK, and OK to save. Close and reopen any command prompts for the change to be reflected. Now we want to try compiling a smart contract written in Solidity. Open a text editor, such as Notepad++, and create a new file helloworld.sol in the same directory as solc.exe. pragma solidity ^0.4.9;contract helloworld { address owner; function helloworld() { owner = msg.sender; }} Go back to the command prompt and use solc to compile the contract. If the code is free of errors, solc should return with no output. We also have a few options for compiler output. As per the help, solc --asm will output EVM assembly: The output will be a long list of opcodes: ======= helloworld.sol:helloworld =======EVM assembly: mstore(0x40, 0x60)... */ "helloworld.sol":25:125 contract helloworld { jumpi(tag_1, iszero(callvalue)) invalidtag_1:tag_2:... We can also output in bytecode (hex) using the --bin option: ======= helloworld.sol:helloworld =======Binary:60606040523415600b57fe5b5b33600060006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505b5b603380605c6000396000f30060606040525bfe00a165627a7a723058205e6c968a9c3c745055105cbf062e65b01c44eccb2c4fcc4a83e4298a6c9fac800029 Continue reading >>

Compiling An Lll Contract For The Firsttime

Compiling An Lll Contract For The Firsttime

Compiling an LLL Contract for the FirstTime This article will go through the steps necessary to compile an LLL-based smart contract, producing a binary thats suitable for deployment to an Ethereum blockchain. It is a companion piece to my screencast on the same subject. The compilation process will be done at a bash command prompt. If theres any interest Ill cover the macOS and Windows processes as well. The first thing youll need is a compiler. If you followed my previous screencast or read its supporting article youre all set. If not, you can either follow along here without trying to compilewhich sort of defeats the purpose of this articleor you can go and install the Ethereum compilers and come back when youre done. To ensure that you have an LLL compiler available to you, execute the following in your terminal: LLLC, the Lovely Little Language Compiler Version: 0.4.12-develop.2017.5.4+commit.2d89cfaa.Linux.g++ If you dont see a response similar to the above, youll need to figure out whats wrong and fix it. Troubleshooting is beyond the scope of this article. Since this isnt a tutorial on LLL syntax, Ill present a contract with a function that simply returns a value passed in to it. This is known in mathematics as an identity function . A Solidity implementation would look like this: function identity (uint value) returns (uint) { Since were working at a lower level, well have to be a bit more verbose when implementing this in LLL. Ive defined a few macros at the start of the contract to make reading the code itself a little easier. You dont need to understand how the macros work right now; there will be followup articles and screencasts explaining everything in detail. Here is the LLL version of an identity function: The identity function itself occurs after the l Continue reading >>

Day 1: Evmdis, A Solidity Disassembler

Day 1: Evmdis, A Solidity Disassembler

Solidity is the smart contract language of the Ethereum blockchain. It gets compiled into bytecode by the solc compiler. As one might expect, the compiled bytecode is intended to be executed by a computer - or rather, by the the Ethereum Virtual Machine (EVM) distributed across all of the nodes participating in the Ethereum blockchain. As bytecode it lacks the context of the original source code that would make it human readable. If all we have is the compiled Solidity bytecode of a smart contract, how do we know what it does? If theres documentation about what it does, great. But what if its missing, incomplete, or we dont trust it? We can try running the smart contract, perhaps in a sandboxed environment, with various inputs and observe the outputs, but many smart contracts are complex and linked to other smart contracts or hard coded Ethereum addresses. Heres a very simple example of Solidity, Test1.sol based on the example in the evmdis README : pragma solidity ^0.4.0;contract Test { function double(uint a) returns (uint) { return multiply(a, 2); } function triple(uint a) returns (uint) { return multiply(a, 3); } function multiply(uint a, uint b) internal returns (uint) { return a * b; }} And here it is assembled into bytecode with solc, the Solidity compiler: $ solc --optimize --bin-runtime Test1.sol Warning: This is a pre-release compiler version, please do not use it in production.======= Test1.sol:Test =======Binary of the runtime part: 606060405263ffffffff60e060020a600035041663eee972068114602a578063f40a049d14604c575bfe5b3415603157fe5b603a600435606e565b60408051918252519081900360200190f35b3415605357fe5b603a6004356081565b60408051918252519081900360200190f35b600060798260026094565b90505b919050565b600060798260036094565b90505b919050565b8181025b929150505600a165627a7a72 Continue reading >>

Reverse Engineering Ethereum Smart Contract: Lets Talk Assembly

Reverse Engineering Ethereum Smart Contract: Lets Talk Assembly

Back in 2009, Bitcoin was invented as a completely decentralized currency. We all appreciate such a huge advancement in terms of, well, money. However, it is not uncommon to argue that the underlying blockchain technology is even more important than currency itself, and I agree. Indeed, in recent years, weve been witnessing many blockchain projects popping up trying to change our lives. I personally think that the single most important revolution of the blockchain technology is the invention of smart contracts by Ethereum. True, even before Ethereum smart contracts you could already build simple applications by using scripts in Bitcoin. However, scripting in Bitcoin is rather painful and limited. In Ethereum, smart contracts are Turing-complete. Probably more importantly, its got a high-level language Solidity. Well, we all know Solidity is still evolving and far from perfect. Nevertheless, as a high-level language, Solidity makes it so easy to program on blockchain that most decentralized applications nowadays are built on Ethereum. Of course, just like any high-level languages, Solidity codes need to be compiled into binary code first before being used on the blockchain. People ask from time to time: how do smart contracts work? Well, the short answer: Ethereum smart contracts run in EVM (Ethereum Virtual Machine). But that doesnt really answer the question, and leaves more questions yet unanswered: How do Solidity events work? How does the data structure mapping work? Well, these questions may not bother those who only want to read and understand contracts. However, if you want to master smart contract development, knowing how everything works behind the scene becomes almost a prerequisite. Here, Ive listed some benefits of knowing EVM assembly: Understand any contr Continue reading >>

Opcodes, Costs, And Gas | Ethereum Frontier Guide

Opcodes, Costs, And Gas | Ethereum Frontier Guide

Computation in the EVM is done using a stack-based bytecode language that is like a cross between Bitcoin Script, traditional assembly and Lisp (the Lisp part being due to the recursive message-sending functionality). A program in EVM is a sequence of opcodes, like this: PUSH1 0 CALLDATALOAD SLOAD NOT PUSH1 9 JUMPI STOP JUMPDEST PUSH1 32 CALLDATALOAD PUSH1 0 CALLDATALOAD SSTORE The purpose of this particular contract is to serve as a name registry; anyone can send a message containing 64 bytes of data, 32 for the key and 32 for the value. The contract checks if the key has already been registered in storage, and if it has not been then the contract registers the value at that key. During execution, an infinitely expandable byte-array called "memory", the "program counter" pointing to the current instruction, and a stack of 32-byte values is maintained. At the start of execution, memory and stack are empty and the PC is zero. Now, let us suppose the contract with this code is being accessed for the first time, and a message is sent in with 123 wei (1018 wei = 1 ether) and 64 bytes of data where the first 32 bytes encode the number 54 and the second 32 bytes encode the number 2020202020. The instruction at position 0 is PUSH1, which pushes a one-byte value onto the stack and jumps two steps in the code. Thus, we have: The instruction at position 2 is CALLDATALOAD, which pops one value from the stack, loads the 32 bytes of message data starting from that index, and pushes that on to the stack. Recall that the first 32 bytes here encode 54. SLOAD pops one from the stack, and pushes the value in contract storage at that index. Since the contract is used for the first time, it has nothing there, so zero. NOT pops one value and pushes 1 if the value is zero, else 0 The JUMPI Continue reading >>

Learn Solidity Inline Assembly Syntax - Solidity Tutorial, Inline Assembly

Learn Solidity Inline Assembly Syntax - Solidity Tutorial, Inline Assembly

Solidity Inline AssemblySyntax Main Tips This tutorial is about the specifics of syntax you use for inline assembly language in Solidity. The inline assembly in Solidity is essentially a way of accessing EVM at a low level. In assembly, comments are parsed, identifiers and literals are exactly as Solidity, therefore the usual//and/* */comments. When writing inline assembly, you have to mark it withassembly { }with the assembly code going inside these curly braces, the members mentioned in the list below may be used. We go into detail further in the tutorial: blocks with local variables being scoped inside identifiers (labels or variables and externals that are assembly local, if they are used as inline assembly) Although this tutorial is not a complete overview of the EVM, we will include a list of opcodes that may come to use when writing inline assembly code in Solidity. When an opcode takes arguments, it must follow a pair of conditions: If an opcode were to take arguments (they must be from the top of the stack), they would need to be given in parentheses. Keep in mind that the argument order may be seen reversed, although not in functional style (as explained later in this tutorial). Opcodes that are marked with thesymbol are not going to push any item onto the stack, and the opcodes that are marked with the* symbol are special, meanwhile, all others would push a single item onto the stack. In the list below,mem[ab)would show the memory bytes which start at the positionaup to (excluding) positionbandstorage[p]would signify the contents of storage at positionp. Note that the opcodesjumpdestandpushiare not allowed to be used directly. In grammar, pre-defined identifiers are meant to represent opcodes. Integer constants may be used by typing them in hexadecimals or d Continue reading >>

Ethereum/solidity - Gitter

Ethereum/solidity - Gitter

The Solidity Contract-Oriented Programming Langauge @Arachnid Here's one in 1014 gas, with a completely different approach. Compiler hangs if you enable optimizations, so leave it off. function hexEncode(address addr) returns (bytes32 ret) { uint x = uint(addr) / 2**32; // Nibble interleave x = x & 0x00000000000000000000000000000000ffffffffffffffffffffffffffffffff; x = (x | (x * 2**64)) & 0x0000000000000000ffffffffffffffff0000000000000000ffffffffffffffff; x = (x | (x * 2**32)) & 0x00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff; x = (x | (x * 2**16)) & 0x0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff; x = (x | (x * 2** 8)) & 0x00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff; x = (x | (x * 2** 4)) & 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f0f; // Hex encode uint h = (x & 0x0808080808080808080808080808080808080808080808080808080808080808) / 8; uint i = (x & 0x0404040404040404040404040404040404040404040404040404040404040404) / 4; uint j = (x & 0x0202020202020202020202020202020202020202020202020202020202020202) / 2; x = x + (h & (i | j)) * 0x27 + 0x3030303030303030303030303030303030303030303030303030303030303030; // Store and load next batch assembly { mstore(0, x) } x = uint(addr) * 2**96; // Nibble interleave x = x & 0x00000000000000000000000000000000ffffffffffffffffffffffffffffffff; x = (x | (x * 2**64)) & 0x0000000000000000ffffffffffffffff0000000000000000ffffffffffffffff; x = (x | (x * 2**32)) & 0x00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff; x = (x | (x * 2**16)) & 0x0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff0000ffff; x = (x | (x * 2** 8)) & 0x00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff00ff; x = (x | (x * 2** 4)) & 0x0f0f0f0f0f0f0f0f0f0f0f0f0f0 Continue reading >>

Are Ethereum Contracts Vulnerable To Hash Table Poisoning Attacks?

Are Ethereum Contracts Vulnerable To Hash Table Poisoning Attacks?

Are Ethereum Contracts Vulnerable to Hash Table Poisoning Attacks? TL;DR: No. But its good to understand why, and convincing myself of it taught me more about Ethereum. At my former employer there was a long running gag. At some point, some new hire would complain about Javas HashMap class being non-deterministic, and my co-worker would chime in saying yeah, sorry about that, thats my fault with a little grin, and wed all have a good chuckle. The joke is my co-worker had pioneered DoS attacks against hash tables and the like during his PhD, which led Sun to make changes to Javas implementation (which as a side effect made iteration over a HashMap non-deterministic). But despite that discovery being ~15 years old now, its still somewhat esoteric. (As evidenced by frequency of the gag working, and few companies can claim to be as picky as TS about new hires.) So when I saw that Solidity (the scripting language most used for writing Ethereum contracts) had a built in mapping type , with nary a mention of implementation details, I wondered are Solidity contracts that use maps vulnerable to these kind of poisoning attacks? Google returned bupkis on the topic, so I dug into it while my son was watching Nature Cat . As everyone knows, hash tables have an average lookup time of O(1+), but hash table collisions can degrade performance to O(n). If you know the hashing algorithm, you can feed it specific inputs that would cause its performance to degrade. This could be very dangerous in an Ethereum contract. From a naive observers point of view, either you could cause a contract to prematurely hit the gas limit, possibly permanently DoSing any action in the contract that uses a map, or if the gas limit doesnt take into the true cost of the map lookup, DoSing the mining itself. Ty Continue reading >>

Writing Smart Contracts Iniulia

Writing Smart Contracts Iniulia

People keep asking about the status of our new low-level language IULIA and are often surprised when I tell them that it is already used in the Solidity compiler. Perhaps you have even used IULIA in the past without noticing. The reason is that IULIA shares a lot of code and structure with what was previously called inline assembly. For the compiler, the distinction between the two is often not even noticeable. Since people sometimes like writing smart contracts very close to the metal (or rather close to the ether), I would like to explain how you can use IULIA to write smart contracts directly. Or perhaps almost directly. One component is missing for writing smart contracts in IULIA and that is the ability to reference code from within code. This is needed for the deployment (constructor) part of a smart contract. We already have a specification about that, but it is not yet implemented in the Solidity compiler. Because of that, I will use the inline assembly tools for Solidity so that the compiler will create the necessary wrappers for us. Using IULIA inside of Solidity instead of stand-alone also has the benefit that we can use existing Solidity tools like the remix IDE and debugger. Since IULIA is designed to compile to different backends including the EVM but also Ethereum-flavoured WebAssembly, it comes with a certain set of built-in functions which are not exactly the EVM opcodes. While these built-in functions are not yet implemented, there is a flavour of IULIA which uses EVM opcodes instead of the built-in functions and is currently used as inline assembly for Solidity and also inside the compiler. Translating these opcodes to fully-fledged IULIA built-ins will be trivial, though. So what we are doing here is that we are using the syntactic elements of IULIA Continue reading >>

More in ethereum