MAD: Move AI Decompiler to Improve Transparency and Auditability on Non-Open-Source Blockchain Smart Contract

Download PDF

Eason Chen, Xinyi Tang, Zimo Xiao, Chuangji Li, Shizhuo Li, Wu Tingguan, Siyun Wang, Kostas Kryptos Chalkias

Published: 29 Jan 2025, Last Modified: 29 Jan 2025WWW 2025 OralEveryoneRevisionsBibTeXCC BY 4.0
Track: Responsible Web
Keywords: Web3, Smart Contract, Auditing Tools, Large Language Models
TL;DR: Move AI Decompiler (MAD) is a Large Language Model-powered web application that converts Move smart contract bytecode into easily readable and re-compilable source code, enpowering web3 users to audit non-open-source smart contracts easily.
Abstract: The vision of Web3 is to improve user control over data and assets, but one challenge that complicates this vision is the prevalence of non-transparent, scam-prone applications and vulnerable smart contracts that put web3 users at risk. While code audits are one solution to this problem, the lack of smart contracts source code on many blockchain platforms, such as Sui, hinders the ease of auditing. A promising approach to this issue is the use of a decompiler to reverse-engineer smart contract bytecode. However, existing decompilers for Sui produce code that is difficult to understand and cannot be directly recompiled. To address this, we developed the Move AI Decompiler (MAD), a Large Language Model (LLM)-powered web application that decompiles smart contract bytecodes on Sui into logically correct, human-readable, and re-compilable source code. MAD empowers developers to understand and audit contracts easily and independently. Our evaluation shows that MAD produces logically correct code that successfully passes original unit tests and achieves a 66.7\% recompilation success rate on real-world smart contracts. Additionally, in a user study involving 12 developers, MAD significantly reduced the auditing workload compared to using traditional decompilers. Participants found MAD’s outputs comparable to the original source code, simplifying the process of smart contract logic comprehension and auditing. Despite some limitations, such as occasional hallucinations and compile errors, MAD still provides significant improvements over traditional decompilers. MAD has practical implications for blockchain smart contract transparency, auditing, and education. It empowers users to review and audit non-open-source smart contracts, fostering trust and accountability. Additionally, MAD's approach could potentially extend to other smart contract languages, like Solidity, promoting transparency across various blockchains.
Submission Number: 32