ByteSpector Grant Application - EF

Ecosystem Support Program -- Small Grants ### Summary of the proposal The scope of this project is to **develop a front-end** for a tool, called **ByteSpector** that analyses and generates _annotated control flow graphs_ for EVM bytecode. This front-end would provide easy access to a tool which both security reseachers and smart contract engineers can use to easily further their understanding of EVM bytecode. ### Current state of the project We have developed an EVM bytecode analysis tool, [evm-dis](https://github.com/franck44/evm-dis) that can (among other features) construct Control Flow Graphs (CFGs) for EVM bytecode. The CFGs can be used by security auditors or static analysis tools to analyse the bytecode, by compilers' designers to get some insights in compiling or optimisation strategies and by beginners to get familiar with low-level programming of the EVM. The role of CFGs in the decompilation process is explained in this [post](https://hackmd.io/@FranckC/r1Rvvg4rp). [evm-dis](https://github.com/franck44/evm-dis) uses state-of-the-art formal methods (e.g. abstract interpretation, automata theory, automatic loop invariants detection) to construct the CFGs, and outperforms many other tools: the loop detection algorithm enables us to construct graphs for complex bytecode that includes nested loops, nested "calls" etc. The core algorithm to build the CFGs is explained in this [post](https://hackmd.io/@FranckC/rJIRA43Na). The algorithm is implemented in [Dafny](https://github.com/dafny-lang/dafny) and thanks to Dafny's many back-ends code generators, artefacts are available in JavaScript, Python, C# and Java. To explore the CFGs, we have built a [proof-of-concept for the front-end](https://bytespector.org), the code of the front-end is available on github at [evm-dis-app](https://github.com/aodhgan/evm-dis-app). The proof-of-concept (PoC) runs the Python version of the [evm-dis](https://github.com/franck44/evm-dis). The current front-end PoC has some limitations: - we only display a restricted set of the analysis results. - the front-end reads the text output of the backend which is not optimal. - the navigation of the graph and its relation with the actual code could be improved. - many features could be added to provide a richer experience for end users. ### Proposed work We propose to develop a richer front-end to provide a better experience to navigate the CFGs and make it easier to audit the code. This would be beneficial for security researchers and smart contract developers. To build an advanced front-end, we need a **front-end/designer/engineer**. ### Requested Support We have evaluated the amount of work to an equivalent of **4 weeks**, assuming a week is ~38hours of work. The average cost of a front-end/designer/engineer is USD200/hour, and for 4 weeks this amounts to USD30400. The amount requested for this small grant project is **USD30K**. The work will be organanised as follows: - week 1: intro to the team, requirement analysis and specification review, planning, design drafts. - week 2: feature freeze, build, test, internal review. - week 3: build, test, internal review. - week 4: user test, feedback, external review, handover. We will also investigate how to best host the front-end service (cloud), and may use some of the funds towards an access-point (~20USD/month). ### New front-end features Here are some examples of key features that we will implement to improve users' experience: - ability to input a contract address (vs. solely bytecode) for automatic retrieval of Bytecode. - the ability to toggle on/off tool tips. - maintain previous search history for easy comparison. - ability to download outputs. ### Project's Leaders - Aodhgan Gleeson ([github](https://github.com/aodhgan), [twitter](https://twitter.com/merkle34shade), [linkedIn](https://www.linkedin.com/in/aodhgangleeson/)) is a researcher in the Mantle Research team and built the proof-of-concept. Having previously been involved in building out front ends for [PoolTogether](https://pooltogether.com/) and Every.org, Aodhgan will oversee/co-ordinate the development of the new front-end. - Franck Cassez ([githubio](https://franck44.github.io), [linkedIn](https://www.linkedin.com/in/franck-cassez-ph-d-b775807/), [github](https://github.com/franck44), ] is a researcher in the Mantle Research team and has developed the back-end. Franck will provide support to collect structured data and the ability to generate outputs in different formats. ### Deliverables The deliverables include: - a github repo with the front-end code (open-source). - an access point to use the tool. - a blog/post/presentation/video that showcases the main features of the tool. We will also endeavour to collect feedback from developers, auditors, beginners, to propose new features and see how they can be implemented in the backend. ### Extensions and future developments This preliminary work can be extended in the future in several directions, one of them been to **provide an online auditing tool**. The back-end has been designed to support automatic verification of bytecode, and this feature can be leveraged to offer an online tool that developers and auditors can freely use. ### Resources The following articles explain the core CFG construction algoritm and how to use it: - [Decompiling EVM byte code](https://hackmd.io/@FranckC/r1Rvvg4rp), also available as a [Mantle blog post](https://www.mantle.xyz/blog/research/decompiling-evm-bytecode). - [CFG reconstruction for EVM bytecode](https://hackmd.io/@FranckC/rJIRA43Na). The code bases for the back-end and current front-end: - [evm-dis](https://github.com/franck44/evm-dis), Dafny source code and artefacts in Python, Java, Javascript and C#. - [evm-dis-app](https://github.com/aodhgan/evm-dis-app), current front-end code - [ByteSpector](https://bytespector.org), current front-end portal.