Assembly Analysis

EVM low Detector April 6, 2026 1 min read

Assembly Analysis

Analyzes inline assembly usage for memory safety violations, missing overflow checks, and incorrect return data handling.

evmlowstatic-analysisdetectorcontrol-flowdata-flow

Assembly Analysis

Overview

The assembly analysis detector examines inline assembly blocks (Yul/assembly) for common pitfalls: memory safety violations (writing to the free memory pointer region), missing overflow checks in arithmetic, incorrect return data handling, and use of deprecated opcodes. Assembly bypasses Solidity’s safety features, making manual review essential.

Detection Methodology

Memory safety: Verifies that assembly blocks either declare memory-safe or do not write to memory below the free memory pointer.
Arithmetic safety: Checks for add/mul/sub without overflow guards in unchecked contexts.
Return data: Verifies that returndatacopy uses returndatasize for bounds checking.
Deprecated opcodes: Flags selfdestruct, callcode, and other deprecated opcodes.

Examples

Sample Sigvex Output

{
  "detector_id": "assembly-analysis",
  "severity": "low",
  "confidence": 0.72,
  "description": "Assembly block at offset 0x92 writes to memory at offset 0x00-0x40 (scratch space) but does not restore the free memory pointer. Subsequent Solidity code may read corrupted memory.",
  "location": { "function": "optimizedTransfer()", "offset": 146 }
}

Gas Optimization — assembly for gas savings
Integer Overflow — arithmetic safety