We present ByteSpector, a tool for constructing and verifying control flow graphs (CFGs) from Ethereum Virtual Machine (EVM) bytecode. CFGs play a crucial role in analyzing smart contract behavior, but resolving dynamic jumps and ensuring CFG correctness remain significant challenges. ByteSpector addresses these challenges by generating formally verified CFGs, i.e., all target jumps have been resolved correctly, which can serve as a foundation for further contract verification. ByteSpector introduces several key innovation. First, ByteSpector features an efficient algorithm for resolving dynamic jumps that uses a combination of abstract interpretation and semantics reasoning. Second ByteSpector can automatically generate proof objects from EVM bytecode. Proof objects are Dafny programs that encode the semantics of the bytecode, and can be used to prove that computed CFGs over-approximate the contracts execution paths. Third, ByteSpector is written in Dafny and is guaranteed to be free of common runtime errors like array-out-bounds, division-by-zero etc. Moreover, the code and libraries can be automatically translated into multiple languages (e.g., C#, Python, Java, JavaScript), making them reusable in broader verification frameworks. By generating Dafny proof objects (and verified CFGs), ByteSpector provides a robust foundation for bytecode-level analysis, enabling formal verification of smart contracts beyond high-level source code analysis.
@InProceedings{cassez:OASIcs.FMBC.2025.4, author = {Cassez, Franck}, title = {{ByteSpector: A Verifying Disassembler for EVM Bytecode}}, booktitle = {6th International Workshop on Formal Methods for Blockchains (FMBC 2025)}, pages = {4:1--4:15}, series = {Open Access Series in Informatics (OASIcs)}, ISBN = {978-3-95977-371-3}, ISSN = {2190-6807}, year = {2025}, volume = {129}, editor = {Marmsoler, Diego and Xu, Meng}, publisher = {Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik}, address = {Dagstuhl, Germany}, URL = {https://drops.dagstuhl.de/entities/document/10.4230/OASIcs.FMBC.2025.4}, URN = {urn:nbn:de:0030-drops-230318}, doi = {10.4230/OASIcs.FMBC.2025.4}, annote = {Keywords: EVM bytecode, deductive verification, Control Flow Graph} }
Feedback for Dagstuhl Publishing