SuiGPT MAD: Move AI Decompiler to Improve Transparency and Auditability on Non-Open-Source Blockchain Smart Contract
Eason Chen, Xinyi Tang, Zimo Xiao, Chuangji Li, Shizhuo Li, Wu Tingguan, Siyun Wang, Kostas Kryptos Chalkias
TL;DR
The paper tackles the challenge of auditing non-open-source Move contracts on Sui by introducing SuiGPT MAD, an AI-powered decompiler that translates bytecode into logically correct, readable, and re-compilable Move source code. Using a prompt-engineered, chunked decompilation pipeline, MAD achieves a recompilation success rate of up to $73.33\%$ on real-world contracts and significantly reduces auditing workload compared with existing decompilers. A user study with 12 developers shows MAD outputs are perceived as close to original source code, improving accessibility for understanding and auditing. The work demonstrates MAD’s practical value for transparency, education, and potential generalization to other domain-specific languages, while acknowledging limitations like occasional hallucinations and the need for manual verification.
Abstract
The vision of Web3 is to improve user control over data and assets, but one challenge that complicates this vision is the prevalence of non-transparent, scam-prone applications and vulnerable smart contracts that put Web3 users at risk. While code audits are one solution to this problem, the lack of smart contracts source code on many blockchain platforms, such as Sui, hinders the ease of auditing. A promising approach to this issue is the use of a decompiler to reverse-engineer smart contract bytecode. However, existing decompilers for Sui produce code that is difficult to understand and cannot be directly recompiled. To address this, we developed the SuiGPT Move AI Decompiler (MAD), a Large Language Model (LLM)-powered web application that decompiles smart contract bytecodes on Sui into logically correct, human-readable, and re-compilable source code with prompt engineering. Our evaluation shows that MAD's output successfully passes original unit tests and achieves a 73.33% recompilation success rate on real-world smart contracts. Additionally, newer models tend to deliver improved performance, suggesting that MAD's approach will become increasingly effective as LLMs continue to advance. In a user study involving 12 developers, we found that MAD significantly reduced the auditing workload compared to using traditional decompilers. Participants found MAD's outputs comparable to the original source code, improving accessibility for understanding and auditing non-open-source smart contracts. Through qualitative interviews with these developers and Web3 projects, we further discussed the strengths and concerns of MAD. MAD has practical implications for blockchain smart contract transparency, auditing, and education. It empowers users to easily and independently review and audit non-open-source smart contracts, fostering accountability and decentralization