EthSema – Binary translator for Ethereum 2.0

EthSema is a novel EVM-to-eWASM bytecode translator that can not only ensure the fidelity of translation but also fix commonly-seen vulnerabilities in smart contracts.

Since millions of smart contracts have been deployed and running on Ethereum 1.0, it is highly desirable to convert their EVM bytecode to eWASM bytecode automatically to foster the prosperity of Ethereum ecosystem. EthSema can translate existing EVM bytecode to eWASM smart contracts which can be executed in the Ethereum 2.0 ecosystem. To evaluate its performance, we download real-world contracts and their transactions from the Ethereum blockchain, replay them on our testnet, and compare the traces of the EVM transactions and eWASM transactions. The experimental demonstrate that EthSema can ensure the semantic correctness of the converted eWASM contracts.

Comparison with other machine code to LLVM bitcode lifters

Tool Bytecode CFG EEI ECI Hardness
SOLL no partial partial partial no
Solang no partial partial partial no
evm2wasm yse incorrect partial incorrect no
EVMJIT yes partially incorrect incorrect no
EthSema yes fully fully fully yes

Current Status

  • RQ1: Effectivess

Real-world Benchmark: We collect 1,983 real-world EVM bytecode from Etherscan. The below figure shows the profile of each smart contract, where the x-axis is the Solidity version and the y-axis is the size of source code. These contracts have 741 LOC on average, and the largest one contains over 8,500 LOC.


ETHSEMA can successfully convert EVM contracts into eWASM contracts and outperform the Solidity-based baselines.

Tool # Passed avg.Size / KB avg.Time / ms
EthSema 1,983 (100.0%) 271.6 4579.0
SOLL 18 (0.9%) 6.5 181.4
Solang 117 (5.9%) 11.5 2.8

  • RQ2: Correctness

Real-world Benchmark: we exclude some contracts because they depend on libc (standard C library, e.g., __multi3, __shrl3) that the Ethereum 2.0 runtime does not support yet. For each contract, we collect the fist 20 transactions sent to them. Eventually, we replay 12,048 transactions at our testbed for evaluation the correctness of ETHSEMA.

We instrument EVM and eWASM runtime and replay 12,048 real-world transactions to compare the difference of the transactions traces, which covers most of operations that are associated with blockchain states, including storage accesses (SLOAD, SSTORE), external calls (CALL, STATICCALL, DELEGATECALL), emitting events (LOG0-4), contract suicide (SELFDESTRUCT) and returning values (RETURN).

Tool Contracts #1,165 Transactions #12,048 Score
EthSema 1,125 (96.6%) 12,048 (100%) 0.99
SOLL 7 (0.60%) 15 (0.12%) 0.68
Solang 23 (1.97%) 42 (0.35%) 0.67

ETHSEMA can ensure the semantic correctness of the converted eWASM contracts.

Note: more experimental results will be public after this paper is accepted.


Name Version
git Latest
CC gcc-7
CXX g++-7
cmake 3.20.0
LLVM 10.0
Ubuntu 18.04, 20.04

Getting and building the code

The source code and the building document will be released after our paper is accepted.

Currently, we only public the standalone binary.

Getting Started

Here is an simple example, which can be exploited by an reentrancy attacker.

pragma solidity ^0.8.11;

contract reEntrancy {
  mapping(address => uint256) public balances;

  constructor(uint256 airtoken){
    balances[msg.sender] = airtoken;

  function depositFunds() public payable {
      balances[msg.sender] += msg.value;
  function withdrawFunds (uint256 _weiToWithdraw) public payable {
    require(balances[msg.sender] >= _weiToWithdraw);
    (bool success, ) ={value: _weiToWithdraw, gas:gasleft()}(abi.encodeWithSignature("any()") );
    unchecked { 
        balances[msg.sender] -= _weiToWithdraw;

Translate EVM bytecode to eWASM

  • EVM bytecode

    When we are going to deploy the EVM contract with uint256 airtoken = 0x10 as the constructor argument, EVM will receive the below code and execute it for deployment.

  • eWASM generation

    we save the above hex bytecode into tmp.hex and run EthSema to get eWASM code.

    cat tmp.hex | xxd -r -ps > .tmp.bin && /path/to/standalone-evmtrans /path/to/out # replace the path, pls

    Also we can fix the reentrancy vulnerability using this cmd.

    cat tmp.hex | xxd -r -ps > .tmp.bin && /path/to/standalone-evmtrans /path/to/out --check-reentrancy # replace the path, pls
  • LLVM Bitcode Generation

    cat tmp.hex | xxd -r -ps > .tmp.bin && /path/to/standalone-evmtrans /path/to/out --dump

    ./res.ll is the LLVM bitcode for the entire smart contract

    ./rt.ll is the LLVM bitcode for the runtime code of the smart contracts. See this for more details about the EVM bytecode structure.

Execute eWASM smart contract

testnet: geth + Hera

We build a testnet with a geth node, which uses Hera as the eWASM VM and maintains the compatibility to EVM. The geth equipped with dual interpreters can execute smart contracts in EVM bytecode or eWASM bytecode on our testnet via uniform interfaces. In our paper, we further extended Hera to support all Ethereum interfaces introduced from the latest “London” upgrade [62], such as CREATE2, SELFBALANCE, CHAINID, BASEFEE and COINBASE.

$ git clone && cd ethsema
$ docker build -t localhost/client-go:ewasm .
$ ./scripts/ # run the ewasm node

One step to test uses an EVM smart contract to exploit the reentrancy vulnerability in the eWASM code.

Requirement: Python3.8, Solc-x, web3py

$ python3 -m venv ./venv && source ./venv/bin/activate && python -m pip install -r requirements.txt
$ python

More tests

$ source ./venv/bin/activate # activate virtual environment
$ ./scripts/



Ethereum: 0xAde7EEC7D1EaE498C3fA5c1Af1B22768ECb103f7


  • Do you plan to release the source code? Yes. We will public it, once our acamedic paper is accepted.




View Github