Security Code Recommendations for Smart Contract

Abstract

A smart contract is a self-executing program that is stored on the blockchain and runs when predetermined conditions are satisfied. Many frequent transactions involving asset transfers rely on smart contracts deployed on the blockchain, making them highly vulnerable to attack, thus it is essential to ensure the security of smart contracts. Since the smart contract is immutable once deployed, developers must try their best to fix existing vulnerabilities in advance to ensure security. Current approaches for automatic program repair on the smart contracts have mainly adopted the heuristic search algorithms or defined patterns to fix several well-defined types of vulnerabilities. They can only provide security code recommendations for developers in specific scenarios. We explore more general automated program repair of smart contracts in software history.To pave the way for studying code changes related to bug fix of smart contracts in software history, we present a labeled public dataset for method-level program repair task, containing over 12 typical insecure code patterns. Unlike bugs in traditional software, the vulnerabilities of smart contracts are more associated with access control and conditional statements as smart contracts pertain to financial assets. For this problem, we devise a novel double-encoder network and use a code representation designed for the smart contract based on syntax information to repair program. By implementing and evaluating our approach on new dataset comprised of over 10,000 program pairs, we demonstrate the superiority of our approach in both qualitative and quantitative aspects.