Introducing Revela Decompiler: Enhancing security for on-chain Move bytecode
By Verichains and Aptos Labs
The Move language is transforming how we build secure blockchains like Aptos. As smart contracts become more intricate and safeguard valuable digital assets, it is essential to empower users with the means to verify the safety of the underlying code. Unfortunately, it is common practice in blockchains to deploy code solely in low-level bytecode form, without accompanying source code. This lack of transparency creates a fertile ground for malicious actors to insert malicious code without detection. Moreover, without the source code, the community cannot audit or review the contracts effectively, stifling collaborative efforts to identify and fix security issues.
Introducing Revela Decompiler, a groundbreaking open-source tool developed by Verichains in collaboration with Aptos Labs. Revela is the first-ever decompiler designed specifically for the Move language. It bridges the gap by translating complex Move bytecode back into its original human-readable source code. This decompiled code can even be re-run through the Move compiler, allowing for in-depth analysis. By empowering users to independently verify and analyze code, Revela establishes a new industry standard for fostering a secure, open, and collaborative development environment.
WHY DECOMPILATION?
Move bytecode – as it is stored on-chain and processed by the Move VM – provides all essential information needed to reconstruct the original source program. There may in fact exist proprietary tools which mine Move bytecode for desired information. Privacy of information contained in Move bytecode could therefore never be guaranteed.
The Revela decompiler intends to level the field here and gives everybody access to a tool which can visualize Move bytecode as a Move program. There are multiple advantages to such a tool:
Verified by Construction: We can show 100% correct source code corresponding to the bytecode on-chain. No mechanism is needed as e.g. is provided for Ethereum by Etherscan, where source code first needs to be uploaded to a service which then performs a (non-decentralized) verification step.
Enhanced Trust: By making the decompiler public, we are prioritizing transparency within the Aptos ecosystem. This increased transparency not only allows builders and users to fully understand how smart contracts function, but also helps in identifying any hidden malicious code or vulnerabilities. This ultimately strengthens trust and security within the ecosystem, giving users peace of mind.
Independent Verification: With the ability to independently verify and analyze smart contract code, users and developers have the power to ensure the integrity of protocols and apps. By empowering users, we are fostering a more secure, open, and trusted environment for everyone involved.
Knowledge Sharing: The decompilation tool serves as an invaluable educational resource for emerging developers. By analyzing secure smart contracts and understanding their inner workings, developers can apply these insights to create more robust and secure applications.
Setting Industry Standards: Exposure to a variety of smart contract codes through the decompiler aids in establishing industry-wide best practices and security standards. By observing and learning from a diverse range of secure contracts, developers can benchmark their own work and implement robust security measures.
REACTION TO REVELA
The unveiling of the Revela has garnered enthusiastic responses from the industry experts, highlighting its potential to tackle critical security challenges that arise in the development of the blockchain ecosystem.
Mo Shaikh, Co-founder and CEO at Aptos Labs, shared his insights on why and how you can use Revela to build better on Move and Aptos, “ICYMI: The Move Revela tool, developed in collaboration by Verichains and Aptos Labs, is a game changer for the security on the Aptos network. Revela enables builders to swiftly, securely, and simply convert any bytecode deployed on-chain back to source code—only possible with Move on Aptos!”
Wolfgang Grieskamp, Head of Move Language shared his thoughts on Revela, “The Move decompiler developed in collaboration by Verichains and Aptos Labs is a game changer for the security on the Aptos network. It allows to convert any bytecode deployed on the chain back to source code. Only possible with Move!”
In partnership with Aptos Labs, Verichains set out to bring transparency for the Move language. Our collaboration aimed to empower developers, security researchers, and users with the tool to comprehend, scrutinize, and secure smart contracts, thereby strengthening the integrity of the Aptos ecosystem.
Dr. Nguyen, the Chief Research and Development at Verichains further commented upon successful delivery of the tool, "Revela effectively open-sources all the smart contracts on the Aptos blockchain, enabling comprehensive security audits of on-chain code that were previously infeasible. It is really a game changer!”
Gerardo Di Giacomo, Head of Security at Aptos Labs commented, “Thanks to a collaboration between Aptos Labs and Verichains we introduce Revela, the first Move decompiler, an innovative tool set to enhance the Aptos network security.”
Access and Contributions
With the ultimate goal of increasing accessibility, Verichains also makes Revela available as a free online tool at
Verichains is committed to the long-term success of Revela. The company will continuously maintain and develop new features, ensuring the tool stays up-to-date with the needs of the Move community and the evolving Aptos ecosystem.
About Verichains
Verichains is a leading provider of blockchain security solutions, specializing in cryptanalysis, security audits, and application security solutions. Renowned for investigating and mitigating some of the largest Web3 hacks, such as Ronin and BNB Chain Bridge, we blend groundbreaking research with practical security solutions to deliver comprehensive protection for the blockchain industry.
Verichains’ world-class security and cryptography research team has successfully identified critical vulnerabilities impacting billions of dollars across the industry, uncovering flaws within the core of Multi-Party Computation (MPC) and Zero-Knowledge Proofs (ZKP) implementations by major vendors. As a trusted security partner to leading Web3 companies and Crypto Exchanges like BnB Chain, Polygon Labs, WEMIX, Aptos, Klaytn, Bullish and DWF Labs, Verichains leverages its deep roots in traditional cybersecurity to deliver cutting-edge solutions for a safer, more secure Web3 ecosystem.