Tips: towards automating patch suggestion for vulnerable smart contracts
Smart contracts are slowly penetrating our society where they are leveraged to support critical business transactions of which financial stakes are high. Smart contract programming is, however, in its infancy, and many failures due to programming defects exploited by malicious attackers and have mad...
Saved in:
Published in | Automated software engineering Vol. 30; no. 2; p. 31 |
---|---|
Main Authors | , , , , , , , |
Format | Journal Article |
Language | English |
Published |
New York
Springer US
01.11.2023
Springer Nature B.V |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Smart contracts are slowly penetrating our society where they are leveraged to support critical business transactions of which financial stakes are high. Smart contract programming is, however, in its infancy, and many failures due to programming defects exploited by malicious attackers and have made the headlines. In recent years, there has been an increasing effort in the literature to identify such vulnerabilities early in smart contracts to reduce the threats to the security of the accounts. Automatically patching smart contracts, however, is a much less investigated research topic. Yet, it can provide tools to help developers in fixing known vulnerabilities more rapidly. In this paper, we propose to review smart contract vulnerabilities and specify templates that will serve to automate patch generation. We implement the TIPS pipeline with 12 fix templates and assess its effectiveness on established smart contract datasets such as SmartBugs and ContractDefects. In particular, we show that TIPS is competitive against the state-of-the-art automated repair approach (SCRepair) in the literature. Finally, we evaluate the impact of the code changes suggested by TIPS in terms of gas usage. |
---|---|
ISSN: | 0928-8910 1573-7535 |
DOI: | 10.1007/s10515-023-00392-y |