Deconstruction of intelligent contracts

The first part. Preface

 Deconstruction of intelligent contracts

Imagine that you are driving the 1969 Mustang Mach on the western United States Road, the sun shines on the gorgeous gilded rim, the whole road only you and the desert, the endless horizon witnesses the chase of you and the sunset…

All of a sudden, your 335 horsepower horse was swallowed by the rolling white smoke and suddenly turned into a steam locomotive, and you were forced to stop on the roadside.

You’re going to see what’s going on. When you turn over the front car cover, you find that you don’t understand it completely. You don’t know how the damn machine works, so you pick up your cell phone for help and find there is no signal in the neighborhood…

 Deconstruction of intelligent contracts

 Deconstruction of intelligent contracts

Is the situation described above like the DApp development you are doing? In the process of developing Dapp, the luxury car is your intelligent contract in the analogy, the rim and the reformed place is the thoughtful little details. And once there’s a problem, you need to look for an answer in the smart contract EVM bytecode, and most of the time you don’t know exactly what’s going on.

If you are the developer of Dapp and have encountered the embarrassing situation on it, then you don’t have to worry about it again!

Because the purpose of this series is to deconstruct a simple Solidity contract, look at its bytecode, and decompose it into an identifiable structure until the lowest level. We will open the hood of the Solidity sports car. At the end of this series, you should feel comfortable when you look at or debug EVM bytecode. The focus of this series is to uncover the mystical veil of the EVM bytecode generated by the Solidity compiler, which is really much simpler than it looks.

The following are the smart contract code that we use to deconstruct:

Pragma solidity ^0.4.24;

Contract BasicToken {

Uint256 totalSupply_;

Mapping (address = > uint256) balances;

Constructor (uint256 _initialSupply) public {

TotalSupply_ = _initialSupply;

Balances[msg.sender] = _initialSupply;


Function totalSupply () public view returns (uint256) {

Return totalSupply_;


Function transfer (address _to, uint256 _value) public returns (bool) {

Require (_to! = address (0));

Require (_value < = balances[msg.sender]);

Balances[msg.sender] = balances[msg.sender] – _value;

Balances[_to] = balances[_to] + _value;

Return true;


Function balanceOf (address _owner) public view returns (uint256) {

Return balances[_owner];



Note: this contract is vulnerable to an overflow attack. We are simply trying to explain the problem, so we try to be concise.

Compiling contract

In order to compile the contract, we will use Remix (address:

When you open the Remix compiler, click the + button on the top left corner above the file browser area to create a new smart contract. Set the file name to BasicToken.sol. After you have created it, paste the above code onto the editor.

On the right side, go to the “Setting” option and make sure that “Enable Personal Mode” is selected. In addition, it is important to note the selected version of the Solidity compiler

“Version:0.4.24 +commit.e67f0147.Emscripten.clang”.

These two details are very important, or you will not be able to look at the bytecode discussed in the article.

Next, you can go into the Compile option and click the Details button, and you’ll see a pop-up window that contains everything that the Solidity compiler generates, one of which is a JSON object named BYTECODE, which has a “object” attribute, which is the compiled contract code, and its code is such:

608060405234801561001057600080fd5b5060405160208061021783398101604090815290516000818155338152600160205291909120556101d1806100466000396000f3006080604052600436106100565763ffffffff7c010000000000000000000000000000000000000000000000000000000060003504166318160dd d811461005b57806370a0823114610082578063a9059cbb146100b0575b600080fd5b34801561006757600080fd5b506100706100f5565b60408051918252519081900360200190f35b34801561008e57600080fd5b5061007073ffffffffffffffffffffffffffffffffffffffff600435166100fb565b3480156100bc5760 0080fd5b506100e173ffffffffffffffffffffffffffffffffffffffff60043516602435610123565b604080519115158252519081900360200190f35b60005490565b73ffffffffffffffffffffffffffffffffffffffff1660009081526001602052604090205490565b600073fffffffffffffffffffffffffffffffffff fffff8316151561014757600080fd5b3360009081526001602052604090205482111561016357600080fd5b503360009081526001602081905260408083208054859003905573ffffffffffffffffffffffffffffffffffffffff85168352909120805483019055929150505600a165627a7a72305820a5d999f4459642872a 29b E93a490575d345e40fc91a7cccb2cf29c88bcdaf3be0029

Yes, the code is completely unreadable (at least for the normal person).

Deployment contract

Next, go to the Run part in Remix. First, make sure that you are using Javascript VM. This is basically an embedded Javascript EVM + network, ideal for the Tai Fang training field. Make sure that BasicToken is selected in ComboBox, and the number 10000 is entered in the Deploy input box. Next, click the “Deploy” button to deploy. This is deployed as an example of the BasicToken intelligent contract we created, with the first 10000 token provided by the account currently selected at the top of the ComboBox account, which will retain all the token supply we set up.

In the “Deployed Contracts” tab of the “Run” tab, you can see the deployed smart contracts, which contain three fields that interact with the contract: transfer, balanceOf, and totalSupply. Here, we can interact with the newly deployed intelligent contract instances.

But before that, let’s see what the “Deploy” of a contract means:

In the console area at the bottom of the page, you can see a log “creation of BasicToken pending…”, and then a transaction entry containing various fields: from, to, value, data, logs, and hash. Click this entry to expand the transaction information, and you should see transaction’s date, input, and the bytecode we mentioned above. So, create an instance of an intelligent contract that will contain your own address and code.

We will examine these transaction processes in detail in the next article.

Disassembly bytecode

At the console center, on the right side of the transaction frame, there is a “debug” (debug) button. Clicking on this button, you will activate the Debugger option in the right area of the Remix. We can look at the Instructions part together, and if you scroll down, it should be the following:

000 PUSH1 80

002 PUSH1 40



006 DUP1


008 PUSH2 0010


012 PUSH1 00

014 DUP1



017 POP

018 PUSH1 40


021 PUSH1 20

023 DUP1

024 PUSH2 0217

027 DUP4


029 DUP2

030 ADD

031 PUSH1 40

033 SWAP1

034 DUP2


036 SWAP1


038 PUSH1 00

040 DUP2

041 DUP2



044 DUP2


046 PUSH1 01

048 PUSH1 20


051 SWAP2

… (abbreviation)

In order to ensure that there is no error in the operation in front of you, you can compare the contents you see in the Remix compiler that you operate.

This is actually the disassembly bytecode of the contract. If you scan the original bytecode (two characters at one time) by bytes, the EVM recognizes a specific operating code associated with a particular operation. For example:

0x60 = > PUSH

0x01 = > ADD

0x02 = > MUL

0x00 = > STOP

Disassembler code is very low and difficult to understand, but we can start to understand it in this way.


Before the deconstruction of the intelligent contract code, you will need a basic set of tools to understand the operating codes of a single opcode, such as PUSH, ADD, SWAP, DUP and so on. At the end, each operation can only be pressed into an item or consumption of an item from the stack of EVM, memory, or the storage of the contract.

To see all the available operating codes that EVM can handle, you can look at the Pyethereum, which shows the list of operating codes. To understand the working principles of each operating code, the official Solidity assembly document is also a good reference. Even if it doesn’t correspond to the original operating code one by one, it is very close (it is actually Yul, intermediate language between Solidity and EVM bytecode). If you can read technical documents, you can read the yellow paper in the ether Fang, in the final analysis, it is the above.

Although you have recommended so many documents, it doesn’t make any sense to read these resources from beginning to end. You just have to remember that information, and we’ll use them when you need them.


Each line in the above disassembly code is an operation instruction executed by EVM, each instruction contains an operating code, for example, let us use one of the instructions, instruction 88, and push the number 4 to the stack. The explanation of this special disassembler is as follows:

88 PUSH1 0x04


Hex value for push.


Instruction number

Although disassembling code can make us more understanding of the underlying things, it still makes it impossible for people to touch their minds. We need a way to deconstruct all the problems.


Any task that seems impossible at the beginning, in fact, can be disassembled into a task that can be resolved, and the problems we encounter are no exception. In the face of this problem, the strategy I adopt is “divide and rule”.

We can try to find the forking point of the disassembly code and gradually break down until it is broken down into small blocks, and we will do it gradually in the debugger of the Remix.

In the following figure, we can see our first disassembly of disassembly code (I will analyze it in a comprehensive way in the next article).

 Deconstruction of intelligent contracts

If you don’t know the chart, don’t worry about it. You don’t have to do anything at the beginning. Our series of articles will be introduced in a gradual way. We will follow the rhythm now, deepening the internal structure of your car.

* by Alejandro Santander starting in medium, and by the cheetah block chain security translation *

Cheetah Kingsoft to block chain security technology based on combination of artificial intelligence, NLP technology, provide contract audit, sentiment analysis and ecological security services for the blockchain users.

You can visit the Ratingtoken website to learn more

Leave a Reply

Your email address will not be published. Required fields are marked *