Static analysis of smart contracts as-deployed on the Ethereum blockchain has received much recent attention.
However, high-precision analyses currently face significant challenges when dealing with the Ethereum VM (EVM) execution model.
A major such challenge is the modeling of low-level, transient
memory'' (as opposed to persistent, on-blockchainstorage'') that smart contracts employ.
Statically understanding the usage patterns of memory is non-trivial, due to the dynamic allocation
nature of in-memory buffers.
We offer an analysis that models EVM memory, recovering high-level concepts (e.g., arrays, buffers, call arguments) via deep modeling of the flow of values.
Our analysis opens the door to Ethereum static analyses with drastically increased precision.
One such analysis detects the extraction of ERC20 tokens by unauthorized users.
For another practical vulnerability (redundant calls, possibly used as an attack vector), our memory modeling yields analysis precision of 89%, compared to 16% for a state-of-the-art tool without precise memory modeling.
Additionally, precise memory modeling enables the static computation of a contract's gas cost.
This gas-cost analysis has recently been instrumental in the evaluation of the impact of the EIP-1884 repricing (in terms of gas costs) of EVM operations, leading to a reward and
significant publicity from the Ethereum Foundation.