Diving into Decompilation: EVMDecompiler.com vs Dedaub, Panoramix, and Heimdall-rs
Smart contracts secure billions of dollars, yet most deployed Ethereum contracts never publish source. If you want to audit or even just understand what they do, you reach for a decompiler. These tools translate raw bytecode into something a human can scan without getting lost in opcodes.
In this post, we're comparing four decompilers side by side, each with its own philosophy:
- • Dedaub (Gigahorse core)
- • Panoramix (Eveem)
- • Heimdall-rs
- • EVMDecompiler.com
Dedaub (Gigahorse Core)
Dedaub sits on top of the Gigahorse toolchain (ICSE '19). Gigahorse lifts bytecode into a structured three-address IR with declarative Datalog rules, which gives it scary-good control flow and data tracking.
Key features:
- Coverage: decompiles virtually all deployed contracts (>99.9%).
- Precision: reconstructs private and public functions with accurate call/return patterns.
- Analysis support: integrates with client analyses like gas vulnerability detection (e.g., MadMax).
That declarative setup is why Gigahorse — and by extension Dedaub — is so good at reassembling tidy program semantics from low-level bytecode.
Panoramix (Eveem)
Panoramix takes a very different tack: lots of hand-crafted pattern matching in Python. When it spots a familiar opcode sequence, it swaps it out for a high-level Solidity-style construct.
Key features:
- Readable pseudocode: produces Solidity-like output, easy for auditors to skim.
- Pattern-based control flow recovery: recognizes common EVM idioms to lift them into structured code.
That pattern-first approach means coverage is hit-or-miss, but when it lands, the output reads like something a Solidity dev would actually write.
Heimdall-rs
Heimdall-rs lives on the other end of the spectrum. It ships a custom Rust EVM that symbolically steps through bytecode, forking whenever it hits a conditional jump and building expression trees along the way.
Key features:
- Symbolic execution engine: executes bytecode with symbolic values, forking on JUMPI to build a complete control flow graph (CFG).
- Trace-to-code lifting: solidifies symbolic traces into Yul/Solidity-like statements.
- Function signature resolution: integrates signature databases to annotate selectors.
The payoff is solid: Heimdall lifts logic straight from those traces, which helps it spit out readable pseudocode and solid ABI guesses.
EVMDecompiler.com
EVMDecompiler.com leans on large language models trained on bytecode/Solidity pairs. The goal isn't just analysis — it's to hand you output that reads like a developer actually typed it.
Key features:
- Readable Solidity output: structured control flow, variable names, and high-level abstractions.
- Function signature inference: combines ABI heuristics with LLM inference for strong recovery.
Clarity is the north star. We want bytecode to feel approachable whether you're an auditor, a builder, or just curious.
Side-by-Side Overview
| Tool | Core Technology | Notable Capabilities |
|---|---|---|
| Dedaub | Datalog-based static analysis | High coverage; deep IR; structured control/data recovery |
| Panoramix | Pattern matching in Python | Solidity-like pseudocode; pattern-based control flow lifting |
| Heimdall-rs | Symbolic execution in Rust | Symbolic CFG building; expression trees; signature recovery |
| EVMDecompiler.com | LLM-driven | Human-like Solidity output; signature inference; vuln flags |
Conclusion
Quick cheat sheet before you dive in yourself:
- Dedaub excels at completeness and structured static analysis.
- Panoramix delivers approachable Solidity-like pseudocode when its patterns line up.
- Heimdall-rs leans on symbolic execution to rebuild CFGs and expressions.
- EVMDecompiler.com chases human readability, layering in signature recovery and vuln hints.
Decompilers aren't only about "lifting bytecode" anymore. They're about bridging the gap between machine-level precision and what a person can absorb in a few minutes. The next wave will make complex contracts feel as clear as the source they never published.