Maxim Andreev

@WhiteHatMage This tool may also help - #0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2/eth/control_flow" target="_blank" rel="nofollow noopener">evmole.xyz/#0xC02aaA39b22…

I'll take a week to perform an interesting and probably stupid experiment: Hunting for live EVM bugs by checking the deployed bytecode. I'm allowing myself to cheat a little bit by checking the verified code to quickly understand what's going on. I'll also use a Yul decompiler for complex contracts and try a disassembler for simpler ones. There are critical contracts out there holding really big bags that are worth the effort. My main goal though is just to understand what's going on under the hood, and maybe get some inspiration for any potential unknown vectors. Also for understanding what's needed to get a clean input for any automated tools to perform further analysis. I don't expect to find any bugs honestly. It will be painful, but fun at the same time. I just love having the freedom to navigate any crazy paths I choose 🧙‍♂️

Just released Proton TUI! 🚀 A modern, unofficial terminal interface for @ProtonVPN written in #Rust. This project was almost entirely built by AI coding agents with me as reviewer. github.com/cdump/proton-t…

@optimizoor Protip 1 isn’t true. Proof: #0x7861dd75a2a833ecd52b5557f4e494b2650032f5/eth/control_flow" target="_blank" rel="nofollow noopener">evmole.xyz/#0x7861dd75a2a… You can find only one occurrence of SELFBALANCE in the Disassemble tab. See the source code in the Source Code tab.

The Solidity function dispatcher is a tree where: - Internal nodes perform binary splits. - Leaf nodes contain up to 4 function selectors, tested linearly. Protip 1: the `fallback` function's bytecode is generated twice in the bytecode. To reduce bytecode size, wrap the fallback logic in an internal function. Protip 2: if you have a very frequently used function, make an alias with a `0x00000000` function selector, which makes it the cheapest to lookup.

@pldespaigne @Arvolear Or evmole.xyz 😏

@Arvolear You can also try with bytegraph.xyz 😉

Always manually read the bytecode of your smart contract to make sure it's secure.

Say hello to more EthCC[8] speakers! Elias Tazartes from Kakarot ZK-EVM (@ETazou) Track: 🧬 Zero Knowledge & Cryptography Gaspard Peduzzi from Spectra (@GaspardPeduzzi) Track: 🏦 DeFi Manman from Crystality (@PREDALang) Track: 🛠️ Built on Ethereum Demo Maxim Andreev from EVMole (@cdump) Track: 🔐 Security See you in Cannes! 💙💛🧡

Security remains one of the most critical challenges in blockchain, from smart contract exploits to protocol vulnerabilities. At ETH Taipei, we’re bringing together leading security researchers and engineers who are working on the frontlines of blockchain security. In this next wave of speaker announcements, meet four experts shaping the future of blockchain security. 🔐 ​ Daniel Cumming – Runtime Verification (@rv_inc) ​ Smart contract audits often reveal critical bugs that were missed during development, but what if developers could catch them earlier? As a Verification Engineer at @rv_inc, Daniel Cumming focuses on formal methods—powerful tools for ensuring smart contract correctness. His talk, "Empowering Everyone: Taking Specialization Out Of Formal Methods," explores how developer-friendly formal verification tools can help teams detect vulnerabilities earlier. Louis Tsai (@0xlouistsai) – Amber Group ​ Fusaka upgrade is set to introduce Ethereum Object Format (EOF)—a major shift in smart contract structure and execution. But how will EOF impact program analysis and security tools? As a Web3 security researcher in @ambergroup_io and smart contract auditor, Louis Tsai is actively working on EOF integration and contributes to the Ethereum Execution Spec Tests (EEST) project. His talk, "A Deep Dive into EOF and Its Impact on Program Analysis," explores how EOF’s structured versioning, code-data separation, and new control flow mechanisms (CALLF, JUMPF, RETF) will change smart contract auditing and reverse engineering. Maxim Andreev (@cdump) – EVMole ​ Accurately analyzing EVM bytecode is critical for smart contract security, but existing control flow graph (CFG) reconstruction methods are often slow and imprecise. As the creator of EVMole, Maxim Andreev is developing advanced analysis algorithms to improve smart contract auditing and vulnerability detection. His talk, "Reconstructing Control Flow Graphs from EVM Bytecode: Faster, Better, Stronger," introduces a new algorithm that significantly enhances speed and accuracy, enabling more effective security analysis. Tim Pechersky (@iampeersky) – Peeramid Labs ​ How can Ethereum improve code verification, trust, and resource efficiency? EIP-7784: GETCONTRACT introduces a new opcode that enables retrieval of contract addresses by their bytecode hash, bringing content-addressed storage to the EVM. As the Founder of @peeramid_labs and former Security Architect at OpenZeppelin, Tim Pechersky applies dynamic systems theories to security in both crypto and social structures. His talk, "EIP-7784: GETCONTRACT opcode," explores how this proposal enhances security audits, pre-deployment whitelisting, and gas optimization. More speakers are on the way—stay tuned for the next wave of builders, researchers, and innovators joining us at ETH Taipei! 📍 Join us at ETH Taipei: ethtaipei.org 🎟️ Get your tickets now: app.moongate.id/e/eth-taipei-2…

The Gnosis Safe UI is down Etherscan proxy doesn't resolve? Try evmole !

Reverse Engineering for Security x.com/i/broadcasts/1…

@0xKitsune saw your issue on github about function selectors/signatures for your amms-rs. You might want to check out #benchmark" target="_blank" rel="nofollow noopener">github.com/cdump/evmole#b…

@jtriley2p EVMole can resolve every "jump/jumpi" block in the control flow graph - #0xd129D8C12f0e7aA51157D9e6cc3F7Ece2dc84ecD/eth/control_flow" target="_blank" rel="nofollow noopener">evmole.xyz/#0xd129D8C12f0… P.S. You can change the graph representation by clicking the "⇄" button

🚨 New Guest Speaker! 🚨 Joining us this Sunday, the 23rd will be @cdump ! - Creator of EVMole - the fastest and most accurate tool for analyzing EVM bytecode without source code - Tech enthusiast, worked with deep networks before they became mainstream - Took a sabbatical last year to travel, learn Rust, and build EVMole

@plotchy For now, only the source code is available at github.com/cdump/evmole/b…, but I plan to give a talk about algorithm this year

@cdump yep. any contract that uses recursion or deploys bytecode it'll probably fail on. curious how you approach the problem! any pointers on where I can read up on it?

🚀 Unleashing the next-gen upgrade to EVMole: Control Flow Graph Reconstruction! Outperforming every solution in both accuracy & speed 🔥 – perfect for deep smart contract audits. Demo: evmole.xyz | Code: github.com/cdump/evmole

Tagging folks who might find this useful 👀 @samczsun @peckshield @officer_secret @banteg @xyz_remedy

@plotchy your evm-cfg outperforms other tools I've benchmarked but panics on some contracts

@cdump Awesome!

Tagging folks who might find this useful for security research & auditing 👀 @samczsun @peckshield @evan_van_ness @officer_secret @banteg @xyz_remedy

📢 EVMole v0.6.1 is out! 🎉 New: Storage layout extraction for EVM smart contracts! 🔍 Analyze unverified contracts like a pro: • Function selectors • Arguments • State mutability • Storage layout Try it now at evmole.xyz 🚀 #Ethereum #Web3 #Blockchain

The EVMole tool is now live at 👉 evmole.xyz with brand new features. 🎉 Effortlessly extract function selectors, arguments, and mutability directly from EVM bytecode—no source code needed! 🔍 #Blockchain #EVM #SmartContracts #CryptoTools

#MuchClicked * @alibuda_builder Proof of @Strava * @base target -> 1 Mgas/s * @cdump state mutability extraction accuracy * @EFDevcon community hubs * @Optimism simulate OPStack interoperability * @arbitrum Stylus WASM live on mainnet

@xyz_remedy And function state mutability too (payable, view, pure) in latest versions 🔥

Spotted yet another amazing initiative project! Extract function selectors and arguments from bytecode, even for unverified contracts 👀 code: github.com/cdump/evmole demo: cdump.github.io/evmole/