Opaque Bytecode, Real Risk
Closed-Source Contracts Are Not Safer
A surprising amount of capital sits behind contracts whose source code is unavailable or intentionally obfuscated. This paper shows that the opacity story is backwards: the hidden code often conceals vulnerabilities from operators more effectively than it deters attackers.
The core contribution is SKANF, a bytecode analysis pipeline for closed-source and obfuscated EVM contracts. Rather than treating opacity as a dead end, the paper shows how control-flow recovery and execution-guided analysis can still uncover asset-management bugs and recover exploit paths.
- Obscurity is not a defense. The paper argues that obfuscation does not remove attack surface; it mostly shifts the analysis burden onto better tooling.
- Bytecode can still be analyzed systematically. SKANF combines control-flow deobfuscation, symbolic execution, and concolic execution over historical transactions to recover exploitable behavior from opaque bytecode.
- The impact is not theoretical. In the reported evaluation, the system flags vulnerabilities in 1,028 contracts, generates exploits for 373 of them, and surfaces more than $9M in potential loss exposure.
Why this matters
For teams shipping infrastructure around opaque bytecode, the practical lesson is simple: if your security model depends on nobody understanding the contract, it is already brittle.
- Visibility still wins. Attackers only need enough semantic recovery to exploit one path; defenders need tooling that makes opaque systems legible again.
- Reverse engineering belongs in the workflow. Closed-source contract review is a reverse-engineering problem, not a reason to give up on review.
- Directly aligned with EVMDecompiler. This is exactly where EVM Decompiler fits: turning unreadable bytecode into something an analyst can actually work with.
Closed-source bytecode still leaks enough structure to support serious reverse engineering. For unreadable contracts, start with evmdecompiler.com or reach us at [email protected].