EVMole

Extracts function selectors and arguments from EVM bytecode, even for unverified contracts.

• Python & JavaScript implementations
• Clean code with zero dependencies
• Faster and more accurate than other tools
• Tested on Solidity and Vyper compiled contracts

Try it online

Usage

JavaScript

$ npm i evmole

import {functionSelectors} from 'evmole'
// Also supported: const e = require('evmole'); e.functionSelectors();

const code = '0x6080604052348015600e575f80fd5b50600436106030575f3560e01c80632125b65b146034578063b69ef8a8146044575b5f80fd5b6044603f3660046046565b505050565b005b5f805f606084860312156057575f80fd5b833563ffffffff811681146069575f80fd5b925060208401356001600160a01b03811681146083575f80fd5b915060408401356001600160e01b0381168114609d575f80fd5b80915050925092509256fea2646970667358221220fbd308f142157eaf0fdc0374a3f95f796b293d35c337d2d9665b76dfc69501ea64736f6c63430008170033'
console.log( functionSelectors(code) )
// Output(list): [ '2125b65b', 'b69ef8a8' ]

console.log( functionArguments(code, '2125b65b') )
// Output(str): 'uint32,address,uint224'

Python

$ pip install evmole --upgrade

from evmole import function_arguments, function_selectors

code = '0x6080604052348015600e575f80fd5b50600436106030575f3560e01c80632125b65b146034578063b69ef8a8146044575b5f80fd5b6044603f3660046046565b505050565b005b5f805f606084860312156057575f80fd5b833563ffffffff811681146069575f80fd5b925060208401356001600160a01b03811681146083575f80fd5b915060408401356001600160e01b0381168114609d575f80fd5b80915050925092509256fea2646970667358221220fbd308f142157eaf0fdc0374a3f95f796b293d35c337d2d9665b76dfc69501ea64736f6c63430008170033'
print( function_selectors(code) )
# Output(list): ['2125b65b', 'b69ef8a8']

print( function_arguments(code, '2125b65b') )
# Output(str): 'uint32,address,uint224'

See examples for more

Benchmark

function selectors

FP/FN - False Positive/False Negative errors; smaller is better

Dataset		evmole-js (py)	whatsabi	evm-hound-rs	heimdall-rs	simple
largest1k 1000 contracts 24427 functions	FP contracts	1 🥇	38	75	18	95
	FN contracts	0 🥇	8	40	103	9
	FP functions	192 🥈	38 🥇	720	600	749
	FN functions	0 🥇	8 🥈	191	116	12
	Time	1.6s (1.6s)	3.5s	1.1s	691.7s	1.8s
random50k 50000 contracts 1171102 functions	FP contracts	1 🥇	251	693	waiting fixes	4136
	FN contracts	9 🥇	31	2903		77
	FP functions	3 🥇	261	10798		14652
	FN functions	10 🥇	32	3538		96
	Time	17.2s (25.3s)	67.1s	11.9s		34.4s
vyper 780 contracts 21244 functions	FP contracts	0 🥇	178	19	0	185
	FN contracts	0 🥇	780	300	780	480
	FP functions	0 🥇	181	19	0	197
	FN functions	0 🥇	21244	8273	21244	12971
	Time	1.2s (1.3s)	2.4s	1.0s	9.9s	1.3s

function arguments

Errors - when at least 1 argument is incorrect: (uint256,string) != (uint256,bytes); smaller is better

Dataset		evmole-js (py)	heimdall-rs	simple
largest1k 1000 contracts 24427 functions	Errors	15.0%, 3664 🥇	42.6%, 10407	58.3%, 14242
	Time	6.4s (9.8s)	693.4s	1.2s
random50k 50000 contracts 1171102 functions	Errors	5.4%, 63448 🥇	waiting fixes	54.9%, 643213
	Time	173.9s (292.6s)		8.8s
vyper 780 contracts 21244 functions	Errors	52.3%, 11122 🥇	100.0%, 21244	56.8%, 12077
	Time	7.2s (13.1s)	10.2s	1.0s

See benchmark/README.md for the methodology and commands to reproduce these results

versions: evmole master; whatsabi v0.9.1; evm-hound-rs v0.1.4; heimdall-rs v0.7.1

How it works

Short: Executes code with a custom EVM and traces CALLDATA usage.

Long: TODO

License

MIT