{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,4]],"date-time":"2026-05-04T11:06:45Z","timestamp":1777892805236,"version":"3.51.4"},"reference-count":53,"publisher":"Association for Computing Machinery (ACM)","issue":"OOPSLA2","license":[{"start":{"date-parts":[[2024,10,8]],"date-time":"2024-10-08T00:00:00Z","timestamp":1728345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62472221, 61761136003"],"award-info":[{"award-number":["62472221, 61761136003"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Program. Lang."],"published-print":{"date-parts":[[2024,10,8]]},"abstract":"<jats:p>\n                    Since funds or tokens in smart contracts are maintained through specific state variables, contract audit, an effective means for security assurance, particularly focuses on these variables and their related operations. However, the absence of publicly accessible source code for numerous contracts, with only bytecode exposed, hinders audit efforts. Recovering variables and their types from Solidity bytecode is thus a critical task in smart contract analysis and audit, yet this is a challenging task because the bytecode loses variable and type information, only with low-level data operated by stack manipulations and untyped memory\/storage accesses. The state-of-the-art smart contract decompilers miss identifying many variables and incorrectly infer the types for many identified variables. To this end, we propose\n                    <jats:sc>VarLifter<\/jats:sc>\n                    , a lifter dedicated to the precise and efficient recovery of typed variables.\n                    <jats:sc>VarLifter<\/jats:sc>\n                    interprets every read or written field of a data region as at least one potential variable, and after discarding falsely identified variables, it progressively refines the variable types based on the variable behaviors in the form of operation sequences. We evaluate\n                    <jats:sc>VarLifter<\/jats:sc>\n                    on 34,832 real-world Solidity smart contracts.\n                    <jats:sc>VarLifter<\/jats:sc>\n                    attains a precision of 97.48% and a recall of 91.84% for typed variable recovery. Moreover,\n                    <jats:sc>VarLifter<\/jats:sc>\n                    finishes analyzing 77% of smart contracts in around 10 seconds per contract. If\n                    <jats:sc>VarLifter<\/jats:sc>\n                    is used to replace the variable recovery modules of the two state-of-the-art Solidity bytecode decompilers, 52.4%, and 74.6% more typed variables will be correctly recovered, respectively. The applications of\n                    <jats:sc>VarLifter<\/jats:sc>\n                    to contract decompilation, contract audit, and contract bytecode fuzzing illustrate that the recovered variable information improves many contract analysis tasks.\n                  <\/jats:p>","DOI":"10.1145\/3689711","type":"journal-article","created":{"date-parts":[[2024,10,8]],"date-time":"2024-10-08T03:23:04Z","timestamp":1728357784000},"page":"1-29","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["VarLifter: Recovering Variables and Types from Bytecode of Solidity Smart Contracts"],"prefix":"10.1145","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-9166-087X","authenticated-orcid":false,"given":"Yichuan","family":"Li","sequence":"first","affiliation":[{"name":"Nanjing University of Science and Technology, Nanjing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4324-3382","authenticated-orcid":false,"given":"Wei","family":"Song","sequence":"additional","affiliation":[{"name":"Nanjing University of Science and Technology, Nanjing, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1393-0752","authenticated-orcid":false,"given":"Jeff","family":"Huang","sequence":"additional","affiliation":[{"name":"Texas A&amp;M University, College Station, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,10,8]]},"reference":[{"key":"e_1_3_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01090-4_30"},{"key":"e_1_3_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/800028.808479"},{"key":"e_1_3_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-24723-4_2"},{"key":"e_1_3_1_5_1","doi-asserted-by":"publisher","unstructured":"Gogul Balakrishnan and Thomas W. Reps. 2010. WYSINWYX: What you see is not what you eXecute. ACM Trans. Program. Lang. Syst. 32 6 (2010) 23:1\u201323:84. https:\/\/doi.org\/10.1145\/1749608.1749612 10.1145\/1749608.1749612","DOI":"10.1145\/1749608.1749612"},{"key":"e_1_3_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/1449764.1449802"},{"key":"e_1_3_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786832"},{"key":"e_1_3_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP46214.2022.9833721"},{"key":"e_1_3_1_9_1","unstructured":"Lexi Brent Anton Jurisevic Michael Kong Eric Liu Fran\u00e7ois Gauthier Vincent Gramoli Ralph Holz and Bernhard Scholz. 2018. Vandal: A Scalable Security Analysis Framework for Smart Contracts. CoRR abs\/1809.03981 (2018) 28 pages. http:\/\/arxiv.org\/abs\/1809.03981"},{"key":"e_1_3_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3563328"},{"key":"e_1_3_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3078342"},{"key":"e_1_3_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3563308"},{"key":"e_1_3_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE51524.2021.9678888"},{"key":"e_1_3_1_14_1","unstructured":"ConsenSys. 2019. Mythril: Security analysis tool for EVM bytecode. https:\/\/github.com\/ConsenSys\/mythril"},{"key":"e_1_3_1_15_1","unstructured":"Crytic. 2018. Rattle \u2013 an Ethereum EVM binary analysis framework. https:\/\/github.com\/trailofbits\/rattle"},{"key":"e_1_3_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/115372.115320"},{"key":"e_1_3_1_17_1","unstructured":"Ethereum Foundation. 2014. Ethereum Yellow Paper. https:\/\/ethereum.github.io\/yellowpaper\/paper.pdf"},{"key":"e_1_3_1_18_1","unstructured":"Ethereum.org Team. 2023. Solidity Documentation. https:\/\/docs.soliditylang.org Accessed: 2024-01-26."},{"key":"e_1_3_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1985793.1985840"},{"key":"e_1_3_1_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45099-3_11"},{"key":"e_1_3_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336773"},{"key":"e_1_3_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00087"},{"key":"e_1_3_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00120"},{"key":"e_1_3_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3416262"},{"key":"e_1_3_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3527321"},{"key":"e_1_3_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM.2009.24"},{"key":"e_1_3_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-48806-1_22"},{"key":"e_1_3_1_28_1","unstructured":"Hex-Rays Teams. 2019. IDA. https:\/\/www.hex-rays.com\/products\/ida"},{"key":"e_1_3_1_29_1","doi-asserted-by":"publisher","unstructured":"Xiaowen Hu Bernd Burgstaller and Bernhard Scholz. 2023. EVMTracer: Dynamic Analysis of the Parallelization and Redundancy Potential in the Ethereum Virtual Machine. IEEE Access 11 (2023) 47159\u201347178. https:\/\/doi.org\/10.1109\/ACCESS.2023.3267277 10.1109\/ACCESS.2023.3267277","DOI":"10.1109\/ACCESS.2023.3267277"},{"key":"e_1_3_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3419614.3423261"},{"key":"e_1_3_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/383043.383045"},{"key":"e_1_3_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.10"},{"key":"e_1_3_1_33_1","unstructured":"Tomasz Kolinko and Palkeo. 2020. Panoramix - Decompiler at the heart of eveem.org. https:\/\/github.com\/palkeo\/panoramix"},{"key":"e_1_3_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-22110-1_47"},{"key":"e_1_3_1_35_1","volume-title":"Proceedings of the 6th Network and Distributed System Security Symposium, NDSS'11, February 1-9","author":"Lee Jong Hyup","year":"2011","unstructured":"Jong Hyup Lee, Thanassis Avgerinos, and David Brumley. 2011. TIE: Principled Reverse Engineering of Types in Binary Programs. In Proceedings of the 6th Network and Distributed System Security Symposium, NDSS'11, February 1-9. The Internet Society, San Diego, California, USA, 18 pages. https:\/\/www.ndss-symposium.org\/ndss2011\/tie-principled-reverse-engineering-of-types-in-binary-programs"},{"key":"e_1_3_1_36_1","doi-asserted-by":"publisher","unstructured":"Yichuan Li Wei Song and Jeff Huang. 2024. Reproduction Package of \u2018VARLIFTER: Recovering Variables and Types from Bytecode of Solidity Smart Contracts'. https:\/\/doi.org\/10.5281\/zenodo.12671461 10.5281\/zenodo.12671461","DOI":"10.5281\/zenodo.12671461"},{"key":"e_1_3_1_37_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium, NDSS'10, 28th February - 3rd March","author":"Lin Zhiqiang","year":"2010","unstructured":"Zhiqiang Lin, Xiangyu Zhang, and Dongyan Xu. 2010. Automatic Reverse Engineering of Data Structures from Binary Execution. In Proceedings of the Network and Distributed System Security Symposium, NDSS'10, 28th February - 3rd March. The Internet Society, San Diego, California, USA, 18 pages. https:\/\/www.ndss-symposium.org\/ndss2010\/automatic-reverse-engineering-data-structures-binary-execution"},{"key":"e_1_3_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/3650212.3652146"},{"key":"e_1_3_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3611643.3616281"},{"key":"e_1_3_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00121"},{"key":"e_1_3_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/APSEC.2013.132"},{"key":"e_1_3_1_42_1","unstructured":"NSA's Research Directorate. 2019. Ghidra. https:\/\/ghidra-sre.org"},{"key":"e_1_3_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468607"},{"key":"e_1_3_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-47754-6_20"},{"key":"e_1_3_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464837"},{"key":"e_1_3_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2002.1173063"},{"key":"e_1_3_1_47_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium, NDSS'11, February 6-9","author":"Slowinska Asia","year":"2011","unstructured":"Asia Slowinska, Traian Stancescu, and Herbert Bos. 2011. Howard: A Dynamic Excavator for Reverse Engineering Data Structures. In Proceedings of the Network and Distributed System Security Symposium, NDSS'11, February 6-9. The Internet Society, San Diego, California, USA, 20 pages. https:\/\/www.ndss-symposium.org\/ndss2011\/howard-a-dynamic-excavator-for-reverse-engineering-data-structures"},{"key":"e_1_3_1_48_1","first-page":"1013","volume-title":"Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications, PDPTA'00, June 24-29","author":"De Sutter Bjorn","year":"2000","unstructured":"Bjorn De Sutter, Bruno De Bus, Koenraad De Bosschere, P. Keyngnaert, and Bart Demoen. 2000. On the Static Analysis of Indirect Control Transfers in Binaries. In Proceedings of the International Conference on Parallel and Distributed Processing Techniques and Applications, PDPTA'00, June 24-29. CSREA Press, Las Vegas, Nevada, USA, 1013\u20131019. http:\/\/hdl.handle.net\/1854\/LU-129668"},{"key":"e_1_3_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3498665"},{"key":"e_1_3_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/RTCSA.2000.896367"},{"key":"e_1_3_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00018"},{"key":"e_1_3_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950343"},{"key":"e_1_3_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00051"},{"key":"e_1_3_1_54_1","first-page":"1371","volume-title":"Proceedings of the 27th USENIX Security Symposium, USENIX Security'18, August 15-17","author":"Zhou Yi","year":"2018","unstructured":"Yi Zhou, Deepak Kumar, Surya Bakshi, Joshua Mason, Andrew Miller, and Michael D. Bailey. 2018. Erays: Reverse Engineering Ethereum's Opaque Smart Contracts. In Proceedings of the 27th USENIX Security Symposium, USENIX Security'18, August 15-17. USENIX Association, Baltimore, MD, USA, 1371\u20131385. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/"}],"container-title":["Proceedings of the ACM on Programming Languages"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689711","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3689711","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T09:13:07Z","timestamp":1770196387000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689711"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,8]]},"references-count":53,"journal-issue":{"issue":"OOPSLA2","published-print":{"date-parts":[[2024,10,8]]}},"alternative-id":["10.1145\/3689711"],"URL":"https:\/\/doi.org\/10.1145\/3689711","relation":{},"ISSN":["2475-1421"],"issn-type":[{"value":"2475-1421","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,10,8]]},"assertion":[{"value":"2024-04-05","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-08-18","order":2,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-10-08","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}