evm-cfg-builder is used to extract a control flow graph (CFG) from EVM bytecode. It is used by Ethersplay, Manticore, and other tools from Trail of Bits. It is a reliable foundation to build program analysis tools for EVM.
We encourage contributions that address any known issues and will pay out bounties for accepted PRs. Join us on the Empire Hacking Slack to discuss using or extending evm-cfg-builder.
- Reliably recovers a Control Flow Graph (CFG) from EVM bytecode using a dedicated Value Set Analysis
- Recovers functions names
- Recovers attributes (e.g., payable, view, pure)
- Outputs the CFG to a dot file
- Library API
To export basic dissassembly information, run:
evm-cfg-builder mycontract.evm
To export the CFG of each function (dot format), run:
evm-cfg-builder mycontract.evm --export-dot my_dir
dot files can be read using xdot.
See examples/explore_cfg.py and examples/explore_functions.py for library examples.
$ pip install evm-cfg-builder
git clone https://github.com/trailofbits/evm_cfg_builder
pip install .
- Python >= 3.6
- pyevmasm
Feel free to stop by our Slack channel (#ethereum) for help using or extending evm-cfg-builder.
evm-cfg-builder is licensed and distributed under the AGPLv3. Contact us if you're looking for an exception to the terms.