Decompiling Smart Contracts with a Large Language Model - arxiv.org/pdf/2506.19624 The widespread lack of broad source code verification on blockchain explorers such as Etherscan, where despite 78, 047, 845 smart contracts deployed on Ethereum (as of May 26, 2025), a mere 767, 520 (< 1 %) are open source, presents a severe impediment to blockchain security. This opacity necessitates the automated semantic analysis of on-chain smart contract bytecode, a fundamental research challenge with direct implications for identifying vulnerabilities and understanding malicious behavior. Adversarial actors deliberately exploit this lack of transparency by deploying closedsource contracts, particularly in MEV and DeFi exploitation, thereby concealing their malicious logic and leaving security researchers with only inscrutable low-level bytecode. Prevailing decompilers struggle to reverse bytecode in a readable manner, often yielding convoluted code that critically hampers vulnerability analysis and thwarts efforts to dissect contract functionalities for security auditing. Authors: Isaac David, Liyi Zhou, Dawn Song, @HatforceSec, @KaihuaQIN #SmartContractDecompilation #LLMDecompilation #BytecodeAnalysis #BlockchainSecurity #SmartContractSecurity #DeFiRisks #MEVExploitation #ClosedSourceContracts #OnChainAnalysis #ContractReverseEngineering #AI4Blockchain #LLMSecurity #CodeTransparency #EthereumSecurity #AIReverseEngineering #SemanticAnalysis #SecurityAuditing #ContractBytecode #LLMDeFi #SmartContractAudit

7. Signature Replay Across Chains permits unauthorized execution on different chains. 8. Lack of 'contractBytecode' validation results in wasted gas and resources.

4. Compiler Unawareness in 'contractBytecode' may lead to zkSync deployment issues. 5. Withdrawal Signature Replay enables unauthorized spending. 6. 'Arbitrary from' in 'transferFrom' poses a threat of unauthorized access.

If you aren't sure about the bytecode, just go to the bottom of your contract Code tab on etherscan (see attached), and copy pasta into the contractBytecode field. Just preface with 0x if needed.

const { txHash, address, receipt } = await deployContract({ salt, contractBytecode, constructorTypes, constructorArgs, signer, })