Awesome

EVMole

EVMole is a powerful library that extracts information from Ethereum Virtual Machine (EVM) bytecode, including function selectors, arguments, state mutability, and storage layout, even for unverified contracts.

Key Features

Multi-language support: Available as JavaScript, Rust, and Python libraries.
High accuracy and performance: Outperforms existing tools.
Broad compatibility: Tested with both Solidity and Vyper compiled contracts.
Lightweight: Clean codebase with minimal external dependencies.
Unverified contract analysis: Extracts information even from unverified bytecode.

Usage

JavaScript

API documentation and usage examples (node, vite, webpack, parcel, esbuild)

$ npm i evmole

import { contractInfo } from 'evmole'

const code = '0x6080604052348015600e575f80fd5b50600436106030575f3560e01c80632125b65b146034578063b69ef8a8146044575b5f80fd5b6044603f3660046046565b505050565b005b5f805f606084860312156057575f80fd5b833563ffffffff811681146069575f80fd5b925060208401356001600160a01b03811681146083575f80fd5b915060408401356001600160e01b0381168114609d575f80fd5b80915050925092509256'

console.log( contractInfo(code, {selectors:true, arguments:true, stateMutability:true}) )
// {
//   functions: [
//     {
//       selector: '2125b65b',
//       bytecodeOffset: 52,
//       arguments: 'uint32,address,uint224',
//       stateMutability: 'pure'
//     },
//     ...

Rust

Documentation is available on docs.rs

let code = hex::decode("6080604052348015600e575f80fd5b50600436106030575f3560e01c80632125b65b146034578063b69ef8a8146044575b5f80fd5b6044603f3660046046565b505050565b005b5f805f606084860312156057575f80fd5b833563ffffffff811681146069575f80fd5b925060208401356001600160a01b03811681146083575f80fd5b915060408401356001600160e01b0381168114609d575f80fd5b80915050925092509256").unwrap();

println!("{:?}", evmole::contract_info(
    evmole::ContractInfoArgs::new(&code)
        .with_selectors()
        .with_arguments()
        .with_state_mutability()
    )
);
// Contract {
//     functions: Some([
//         Function {
//             selector: [33, 37, 182, 91],
//             bytecode_offset: 52,
//             arguments: Some([Uint(32), Address, Uint(224)]),
//             state_mutability: Some(Pure)
//         },
//         ...

Python

API documentation

$ pip install evmole --upgrade

from evmole import contract_info

code = '0x6080604052348015600e575f80fd5b50600436106030575f3560e01c80632125b65b146034578063b69ef8a8146044575b5f80fd5b6044603f3660046046565b505050565b005b5f805f606084860312156057575f80fd5b833563ffffffff811681146069575f80fd5b925060208401356001600160a01b03811681146083575f80fd5b915060408401356001600160e01b0381168114609d575f80fd5b80915050925092509256'

print( contract_info(code, selectors=True, arguments=True, state_mutability=True) )
# Contract(
#     functions=[
#     Function(
#             selector=2125b65b,
#             bytecode_offset=52,
#             arguments=uint32,address,uint224,
#             state_mutability=pure),
#     ...

Foundry

<a href="https://getfoundry.sh/">Foundy's cast</a> uses the Rust implementation of EVMole


$ cast selectors $(cast code 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2)
0x06fdde03                           view
0x095ea7b3  address,uint256          nonpayable
0x18160ddd                           view
0x23b872dd  address,address,uint256  nonpayable
...

$ cast selectors --resolve $(cast code 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2)
0x06fdde03                           view        name()
0x095ea7b3  address,uint256          nonpayable  approve(address,uint256)
0x18160ddd                           view        totalSupply()
0x23b872dd  address,address,uint256  nonpayable  transferFrom(address,address,uint256)
...

Benchmark

function selectors

FP/FN - False Positive/False Negative errors; smaller is better

<table> <tr> <td>Dataset</td> <td></td> <td>evmole <a href="benchmark/providers/evmole-rs/">rs</a> · <a href="benchmark/providers/evmole-js/">js</a> · <a href="benchmark/providers/evmole-py/">py</a></td> <td><a href="benchmark/providers/whatsabi/">whatsabi</a></td> <td><a href="benchmark/providers/sevm/">sevm</a></td> <td><a href="benchmark/providers/evm-hound-rs/">evmhound</a></td> <td><a href="benchmark/providers/heimdall-rs/">heimdall</a></td> <td><a href="benchmark/providers/simple/">smpl</a></td> </tr> <tr> <td rowspan="5">largest1k 1000 addresses 24427 functions</td> <td>FP addrs</td> <td>1 🥈</td> <td>0 🥇</td> <td>0 🥇</td> <td>75</td> <td>18</td> <td>95</td> </tr> <tr> <td>FN addrs</td> <td>0 🥇</td> <td>0 🥇</td> <td>0 🥇</td> <td>40</td> <td>111</td> <td>9</td> </tr> <tr> <td>FP funcs</td> <td>192 🥈</td> <td>0 🥇</td> <td>0 🥇</td> <td>720</td> <td>600</td> <td>749</td> </tr> <tr> <td>FN funcs</td> <td>0 🥇</td> <td>0 🥇</td> <td>0 🥇</td> <td>191</td> <td>147</td> <td>12</td> </tr> <tr> <td>Time</td> <td>0.4s · 0.6s · 0.4s</td> <td>2.8s</td> <td>35s(*)</td> <td>0.4s</td> <td>343s(*)</td> <td>1.6s</td> </tr> <tr><td colspan="8"></td></tr> <tr> <td rowspan="5">random50k 50000 addresses 1171102 functions</td> <td>FP addrs</td> <td>1 🥇</td> <td>43</td> <td>1</td> <td>693</td> <td>3</td> <td>4136</td> </tr> <tr> <td>FN addrs</td> <td>9 🥇</td> <td>11</td> <td>10</td> <td>2903</td> <td>4708</td> <td>77</td> </tr> <tr> <td>FP funcs</td> <td>3 🥇</td> <td>51</td> <td>3</td> <td>10798</td> <td>29</td> <td>14652</td> </tr> <tr> <td>FN funcs</td> <td>10 🥇</td> <td>12</td> <td>11</td> <td>3538</td> <td>6098</td> <td>96</td> </tr> <tr> <td>Time</td> <td>4.3s · 9.0s · 7.2s</td> <td>53s</td> <td>1124s(*)</td> <td>5.8s</td> <td>8572s(*)</td> <td>44s</td> </tr> <tr><td colspan="8"></td></tr> <tr> <td rowspan="5">vyper 780 addresses 21244 functions</td> <td>FP addrs</td> <td>0 🥇</td> <td>30</td> <td>0</td> <td>19</td> <td>0</td> <td>185</td> </tr> <tr> <td>FN addrs</td> <td>0 🥇</td> <td>780</td> <td>0</td> <td>300</td> <td>780</td> <td>480</td> </tr> <tr> <td>FP funcs</td> <td>0 🥇</td> <td>30</td> <td>0</td> <td>19</td> <td>0</td> <td>197</td> </tr> <tr> <td>FN funcs</td> <td>0 🥇</td> <td>21244</td> <td>0</td> <td>8273</td> <td>21244</td> <td>12971</td> </tr> <tr> <td>Time</td> <td>0.3s · 0.6s · 0.4s</td> <td>2.0s</td> <td>46s(*)</td> <td>0.3s</td> <td>28s(*)</td> <td>1.0s</td> </tr> </table>

function arguments

Errors - when at least 1 argument is incorrect: (uint256,string) ≠ (uint256,bytes)

function state mutability

Errors - Results are not equal (treating view and pure as equivalent to nonpayable)

Errors strict - Results are strictly unequal (nonpayable ≠ view). Some ABIs mark pure/view functions as nonpayable, so not all strict errors indicate real issues.

<table> <tr> <td>Dataset</td> <td></td> <td>evmole <a href="benchmark/providers/evmole-rs/">rs</a> · <a href="benchmark/providers/evmole-js/">js</a> · <a href="benchmark/providers/evmole-py/">py</a></td> <td><a href="benchmark/providers/whatsabi/">whatsabi</a></td> <td><a href="benchmark/providers/sevm/">sevm</a></td> <td><a href="benchmark/providers/heimdall-rs/">heimdall</a></td> <td><a href="benchmark/providers/simple/">smpl</a></td> </tr> <tr> <td rowspan="3">largest1k 24427 functions</td> <td>Errors</td> <td>0.0% 🥇 0</td> <td>68.1% 16623</td> <td>2.1% 501</td> <td>25.4% 6201</td> <td>2.6% 643</td> </tr> <tr> <td>Errors strict</td> <td>18.6% 🥇 4555</td> <td>79.4% 19393</td> <td>59.0% 14417</td> <td>54.9% 13403</td> <td>60.9% 14864</td> </tr> <tr> <td>Time</td> <td>8.9s · 16s · 8.9s</td> <td>3.8s</td> <td>33s(*)</td> <td>339s(*)</td> <td>0.5s</td> </tr> <tr><td colspan="6"></td></tr> <tr> <td rowspan="3">random50k 1160861 functions</td> <td>Errors</td> <td>0.0% 🥇 44</td> <td>30.2% 351060</td> <td>0.3% 3370</td> <td>11.6% 134196</td> <td>2.2% 24961</td> </tr> <tr> <td>Errors strict</td> <td>6.8% 🥇 78923</td> <td>58.2% 675111</td> <td>55.7% 646831</td> <td>27.7% 321495</td> <td>57.7% 670318</td> </tr> <tr> <td>Time</td> <td>169s · 334s · 172s</td> <td>88s</td> <td>1131s(*)</td> <td>8267s(*)</td> <td>8.2s</td> </tr> <tr><td colspan="6"></td></tr> <tr> <td rowspan="3">vyper 21166 functions</td> <td>Errors</td> <td>0.5% 🥇 110</td> <td>100.0% 21166</td> <td>76.3% 16150</td> <td>100.0% 21166</td> <td>1.8% 390</td> </tr> <tr> <td>Errors strict</td> <td>4.0% 🥇 854</td> <td>100.0% 21166</td> <td>90.2% 19092</td> <td>100.0% 21166</td> <td>59.6% 12610</td> </tr> <tr> <td>Time</td> <td>9.5s · 13s · 9.7s</td> <td>2.1s</td> <td>38s(*)</td> <td>28s(*)</td> <td>0.5s</td> </tr> </table>

See benchmark/README.md for the methodology and commands to reproduce these results

versions: evmole v0.6.2; <a href="https://github.com/shazow/whatsabi">whatsabi</a> v0.17.0; <a href="https://github.com/acuarica/evm">sevm</a> v0.7.3; <a href="https://github.com/g00dv1n/evm-hound-rs">evm-hound-rs</a> v0.1.4; <a href="https://github.com/Jon-Becker/heimdall-rs">heimdall-rs</a> v0.8.4

(*): sevm and heimdall-rs are full decompilers, not limited to extracting function selectors

How it works

Short: Executes code with a custom EVM and traces CALLDATA usage.

Long: TODO

License

MIT