// the find
Jon-Becker/heimdall-rs
Heimdall is an advanced EVM smart contract toolkit specializing in bytecode analysis and extracting information from unverified contracts.
Heimdall is a Rust toolkit for analyzing EVM bytecode without source code — decompiling unverified contracts back to Solidity/Yul, generating CFGs, decoding calldata, and dumping storage. It's aimed at security researchers, MEV analysts, and anyone who needs to understand what a contract actually does when Etherscan doesn't have the source.
The workspace structure is genuinely well-organized — each capability (decompile, cfg, decode, disassemble, inspect, dump) lives in its own crate with its own benches and tests, so you can use just the pieces you need as a library. The decompiler goes further than most: it has separate postprocessors for arithmetic simplification, dead code elimination, memory/storage variable naming, and bitwise cleanup, which is the kind of tedious work that determines whether the output is actually readable. Academic citations in security research papers (including a 2026 IEEE Access paper on bytecode obfuscation) suggest the analysis quality is being validated against real adversarial cases, not just toy contracts. The Python and TypeScript examples show it's designed to be called as a library from other toolchains, not just used as a CLI.
The custom installer (`bifrost`) downloading and running a shell script from `get.heimdall.rs` is a supply chain risk that any security-conscious team will reject — this is an EVM security tool that can't be installed from crates.io like a normal Rust binary. Decompilation of real-world contracts is a hard problem and the output quality varies sharply; heavily optimized or obfuscated bytecode (proxy patterns, Yul assembly, inline assembly tricks) will produce garbage or fail silently. The storage dumping feature requires an RPC endpoint and can be expensive on mainnet contracts with large state, with no obvious cost controls documented. There's an OpenRouter dependency in `crates/common/src/resources/openrouter.rs` that suggests LLM-assisted analysis in some paths, but the README doesn't explain when this fires or what it costs.