Tips: towards automating patch suggestion for vulnerable smart contracts

IF 2 2区 计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING Automated Software Engineering Pub Date : 2023-09-13 DOI:10.1007/s10515-023-00392-y
Qianguo Chen, Teng Zhou, Kui Liu, Li Li, Chunpeng Ge, Zhe Liu, Jacques Klein, Tegawendé F. Bissyandé
{"title":"Tips: towards automating patch suggestion for vulnerable smart contracts","authors":"Qianguo Chen,&nbsp;Teng Zhou,&nbsp;Kui Liu,&nbsp;Li Li,&nbsp;Chunpeng Ge,&nbsp;Zhe Liu,&nbsp;Jacques Klein,&nbsp;Tegawendé F. Bissyandé","doi":"10.1007/s10515-023-00392-y","DOIUrl":null,"url":null,"abstract":"<div><p>Smart contracts are slowly penetrating our society where they are leveraged to support critical business transactions of which financial stakes are high. Smart contract programming is, however, in its infancy, and many failures due to programming defects exploited by malicious attackers and have made the headlines. In recent years, there has been an increasing effort in the literature to identify such vulnerabilities early in smart contracts to reduce the threats to the security of the accounts. Automatically patching smart contracts, however, is a much less investigated research topic. Yet, it can provide tools to help developers in fixing known vulnerabilities more rapidly. In this paper, we propose to review smart contract vulnerabilities and specify templates that will serve to automate patch generation. We implement the TIPS pipeline with 12 fix templates and assess its effectiveness on established smart contract datasets such as SmartBugs and ContractDefects. In particular, we show that TIPS is competitive against the state-of-the-art automated repair approach (SCRepair) in the literature. Finally, we evaluate the impact of the code changes suggested by TIPS in terms of gas usage.</p></div>","PeriodicalId":55414,"journal":{"name":"Automated Software Engineering","volume":"30 2","pages":""},"PeriodicalIF":2.0000,"publicationDate":"2023-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Automated Software Engineering","FirstCategoryId":"94","ListUrlMain":"https://link.springer.com/article/10.1007/s10515-023-00392-y","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0

Abstract

Smart contracts are slowly penetrating our society where they are leveraged to support critical business transactions of which financial stakes are high. Smart contract programming is, however, in its infancy, and many failures due to programming defects exploited by malicious attackers and have made the headlines. In recent years, there has been an increasing effort in the literature to identify such vulnerabilities early in smart contracts to reduce the threats to the security of the accounts. Automatically patching smart contracts, however, is a much less investigated research topic. Yet, it can provide tools to help developers in fixing known vulnerabilities more rapidly. In this paper, we propose to review smart contract vulnerabilities and specify templates that will serve to automate patch generation. We implement the TIPS pipeline with 12 fix templates and assess its effectiveness on established smart contract datasets such as SmartBugs and ContractDefects. In particular, we show that TIPS is competitive against the state-of-the-art automated repair approach (SCRepair) in the literature. Finally, we evaluate the impact of the code changes suggested by TIPS in terms of gas usage.

Abstract Image

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
提示:为易受攻击的智能合约自动提供补丁建议
智能合约正在慢慢渗透到我们的社会中,它们被用来支持金融风险很高的关键商业交易。然而,智能合约编程还处于起步阶段,许多失败都是由于恶意攻击者利用编程缺陷造成的,并成为头条新闻。近年来,文献中越来越多地致力于在智能合约中尽早识别此类漏洞,以减少对账户安全的威胁。然而,自动修补智能合约是一个研究较少的课题。然而,它可以提供工具来帮助开发人员更快地修复已知的漏洞。在本文中,我们建议审查智能合约漏洞,并指定用于自动生成补丁的模板。我们用12个修复模板实现了TIPS管道,并在已建立的智能合约数据集(如SmartBugs和ContractDefects)上评估其有效性。特别是,我们发现TIPS与文献中最先进的自动修复方法(SCRepair)相比具有竞争力。最后,我们评估了TIPS建议的代码更改对天然气使用的影响。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Automated Software Engineering
Automated Software Engineering 工程技术-计算机:软件工程
CiteScore
4.80
自引率
11.80%
发文量
51
审稿时长
>12 weeks
期刊介绍: This journal details research, tutorial papers, survey and accounts of significant industrial experience in the foundations, techniques, tools and applications of automated software engineering technology. This includes the study of techniques for constructing, understanding, adapting, and modeling software artifacts and processes. Coverage in Automated Software Engineering examines both automatic systems and collaborative systems as well as computational models of human software engineering activities. In addition, it presents knowledge representations and artificial intelligence techniques applicable to automated software engineering, and formal techniques that support or provide theoretical foundations. The journal also includes reviews of books, software, conferences and workshops.
期刊最新文献
MP: motion program synthesis with machine learning interpretability and knowledge graph analogy LLM-enhanced evolutionary test generation for untyped languages Context-aware code summarization with multi-relational graph neural network Enhancing multi-objective test case selection through the mutation operator BadCodePrompt: backdoor attacks against prompt engineering of large language models for code generation
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1