ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Wednesday Jan 17th 2018
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Contact Us

The Porosity Decompiler Can Help Eliminate Costly Bugs

By

Jeremy

Nation

WriterETHNews.com

A new tool can reverse engineer the code behind executable distributed code contracts that are already written to the EVM.

On July 27, 2017, at the DEF CON 25 hackathon conference, Comae Technologies founder, Matt Suiche revealed Porosity, a decompiler capable of deciphering the code that makes up executable distributed code contracts (EDCCs).

Porosity lends itself well to debugging, as it can revert EDCCs often programmed in languages like Solidity, to their basic code. As with any developing software, bugs often emerge in EDCCs which, if left unchecked, can result in costly hacks. The most infamous of these incidents may be the 2016 DAO hack, however more recently, an exploit in the EDCC code governing multi-signature Parity wallets resulted in millions of stolen Ether. Some of the funds were saved by a team of pro-ecosystem hackers, the White Hat Group, that preemptively quarantined Ether from affect wallets. According to Suiche, Porosity allows for the review of EDCCs for which there is "no way to provably go back and ensure that code is safe." As Suiche puts it, if any new vulnerabilities are discovered, affected EDCCs cannot be retroactively identified unless the developers previously retained the source code or publicly shared it.

Porosity effectively translates the Ethereum Virtual Machine (EVM) bytecode (by which EDCCs are written) and generates Solidity syntax. This code can be scanned to check for bugs and attack vectors, or audited to maintain integrity. According to Suiche, "Porosity removes a major roadblock to interacting with contracts of unknown origin and helps further the 'trust but verify' blockchain thinking."

Applications of the tool are likely to be a big hit with J.P. Morgan, as Porosity is being packaged and tested with Quorum, an enterprise-level Ethereum blockchain. Suiche confirms that developers can:

  • “Scan private contracts sent to your node from other network participants.
  • Incorporate into security & patching processes for private networks with formalized governance models.
  • Automate scanning and analyze risk across semi-public Quorum networks.”

Porosity and innovations like it, which are used to eliminate exploits and bolster network security, help to bring peace of mind to developers who need the proper tools to audit their software and code.

Jeremy Nation

Jeremy Nation is a writer living in Los Angeles with interests in technology, human rights, and cuisine. He is a full time staff writer for ETHNews and holds value in Ether.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Porosity, Comae Technologies or other Ethereum ecosystem news.