Abstract
Smart contracts are automated or self-enforcing contracts that can be used to exchange assets without having to place trust in third parties. Many commercial transactions use smart contracts due to their potential benefits in terms of secure peer-to-peer transactions independent of external parties. Experience shows that many commonly used smart contracts are vulnerable to serious malicious attacks, which may enable attackers to steal valuable assets of involving parties. There is, therefore, a need to apply analysis and automated repair techniques to detect and repair bugs in smart contracts before being deployed. In this work, we present the first general-purpose automated smart contract repair approach that is also gas-aware. Our repair method is search-based and searches among mutations of the buggy contract. Our method also considers the gas usage of the candidate patches by leveraging our novel notion of gas dominance relationship. We have made our smart contract repair tool SCRepair available open-source, for investigation by the wider community.
- Sidney Amani, Myriam Bégel, Maksym Bortin, and Mark Staples. 2018. Towards verifying ethereum smart contract bytecode in Isabelle/HOL. In Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP’18). 66--77.Google ScholarDigital Library
- Andrea Arcuri and Lionel Briand. 2011. A practical guide for using statistical tests to assess randomized algorithms in software engineering. In Proceedings of the 33rd International Conference on Software Engineering (ICSE’11). ACM, New York, NY, 1--10. DOI:https://doi.org/10.1145/1985793.1985795Google ScholarDigital Library
- Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli. 2017. A survey of attacks on ethereum smart contracts SoK. In Proceedings of the 6th International Conference on Principles of Security and Trust—Volume 10204. 164--186.Google ScholarDigital Library
- Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Anitha Gollamudi, Georges Gonthier, Nadim Kobeissi, Natalia Kulatova, Aseem Rastogi, Thomas Sibut-Pinote, Nikhil Swamy, and Santiago Zanella-Béguelin. 2016. Formal verification of smart contracts: Short paper. In Proceedings of the ACM Workshop on Programming Languages and Analysis for Security (PLAS’16). 91--96.Google ScholarDigital Library
- Kalyanmoy Deb, Samir Agrawal, Amrit Pratap, and Tanaka Meyarivan. 2000. A fast elitist non-dominated sorting genetic algorithm for multi-objective optimization: NSGA-II. In Proceedings of the International Conference on Parallel Problem Solving from Nature. Springer, 849--858.Google ScholarCross Ref
- Kevin Delmolino, Mitchell Arnett, Ahmed Kosba, Andrew Miller, and Elaine Shi. 2016. Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab. In Proceedings of the International Workshops on Financial Cryptography and Data Security (FC’16). 79--94.Google ScholarCross Ref
- Ardit Dika. 2017. Ethereum Smart Contracts: Security Vulnerabilities and Security Tools. Master’s thesis. Norwegian University of Science and Technology, Department of Computer Science.Google Scholar
- Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: A static analysis framework for smart contracts. In Proceedings of the IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB’19). IEEE, 8--15.Google ScholarDigital Library
- Ying Fu, Meng Ren, Fuchen Ma, Heyuan Shi, Xin Yang, Yu Jiang, Huizhong Li, and Xiang Shi. 2019. EVMFuzzer: Detect EVM vulnerabilities via fuzz testing. In Proceedings of the 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE’19). ACM, New York, NY, 1110--1114. DOI:https://doi.org/10.1145/3338906.3341175Google ScholarDigital Library
- Peter Gammie and Ron van der Meyden. 2004. MCK: Model checking the logic of knowledge. In Proceedings of the 16th International Conference on Computer Aided Verification (CAV’04).Google Scholar
- Claire Le Goues, Michael Pradel, and Abhik Roychoudhury. 2019. Automated program repair. Commun. ACM 62, 12 (2019).Google Scholar
- Ilya Grishchenko, Matteo Maffei, and Clara Schneidewind. 2018. A semantic framework for the security analysis of ethereum smart contracts. In Proceedings of the 7th International Conference on Principles of Security and Trust (POST’18). 243--269.Google ScholarCross Ref
- Alex Groce, Josie Holmes, Darko Marinov, August Shi, and Lingming Zhang. 2018. An extensible, regular-expression-based tool for multi-language mutant generation. In Proceedings of the 40th International Conference on Software Engineering (ICSE’18). 25--28.Google ScholarDigital Library
- Shelly Grossman, Ittai Abraham, Guy Golan-Gueta, Yan Michalevsky, Noam Rinetzky, Mooly Sagiv, and Yoni Zohar. 2017. Online detection of effectively callback free objects with applications to smart contracts. Proc. ACM Program. Lang. 2 (2017), 48:1–48:28.Google Scholar
- Joran J. Honig, Maarten H. Everts, and Marieke Huisman. 2019. Practical mutation testing for smart contracts. In Proceedings of the ESORICS International Workshop on Data Privacy Management, Cryptocurrencies and Blockchain Technology. 289--303.Google ScholarDigital Library
- Bo Jiang, Ye Liu, and W. K. Chan. 2018. ContractFuzzer: Fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE’18). 259--269.Google Scholar
- René Just, Darioush Jalali, and Michael D. Ernst. 2014. Defects4J: A database of existing faults to enable controlled testing studies for Java programs. In Proceedings of the International Symposium on Software Testing and Analysis. ACM, 437--440.Google Scholar
- Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. ZEUS: Analyzing safety of smart contracts. In Proceedings of the 25th Annual Network and Distributed System Security Symposium (NDSS’18).Google ScholarCross Ref
- Xuan-Bach D. Le, Duc-Hiep Chu, David Lo, Claire Le Goues, and Willem Visser. 2017. JFIX: Semantics-based repair of Java programs via symbolic PathFinder. In Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis. 376--379.Google ScholarDigital Library
- Claire Le Goues, Michael Dewey-Vogt, Stephanie Forrest, and Westley Weimer. 2012. A systematic study of automated program repair: Fixing 55 out of 105 bugs for $8 each. In Proceedings of the 34th International Conference on Software Engineering (ICSE’12).Google ScholarDigital Library
- Claire Le Goues, ThanhVu Nguyen, Stephanie Forrest, and Westley Weimer. 2012. GenProg: A generic method for automatic software repair. IEEE Trans. Softw. Eng. 38, 1 (2012), 54--72.Google ScholarDigital Library
- Bin Liu, Xiao Liang Yu, Shiping Chen, Xiwei Xu, and Liming Zhu. 2017. Blockchain-based data integrity service framework for IoT data. In Proceedings of the IEEE International Conference on Web Services (ICWS’17). IEEE, 468--475.Google ScholarCross Ref
- Fan Long and Martin Rinard. 2015. Staged program repair with condition synthesis. In Proceedings of the 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE’15). 166--178.Google ScholarDigital Library
- Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 254--269.Google ScholarDigital Library
- Matteo Marescotti, Martin Blicha, Antti E. J. Hyvärinen, Sepideh Asadi, and Natasha Sharygina. 2018. Computing exact worst-case gas consumption for smart contracts. In Leveraging Applications of Formal Methods, Verification and Validation. Springer, 450--465.Google Scholar
- Matias Martinez and Martin Monperrus. 2015. Mining software repair models for reasoning on the search space of automated program fixing. Empir. Softw. Eng. 20, 1 (2015), 176--205.Google ScholarDigital Library
- Sergey Mechtaev, Jooyong Yi, and Abhik Roychoudhury. 2015. DirectFix: Looking for simple program repairs. In Proceedings of the 37th International Conference on Software Engineering (ICSE’15). 448--458.Google ScholarCross Ref
- Sergey Mechtaev, Jooyong Yi, and Abhik Roychoudhury. 2016. Angelix: Scalable multiline program patch synthesis via symbolic analysis. In Proceedings of the 38th International Conference on Software Engineering (ICSE’16). 691--701.Google ScholarDigital Library
- Hoang Duong Thien Nguyen, Dawei Qi, Abhik Roychoudhury, and Satish Chandra. 2013. SemFix: Program repair via semantic analysis. In Proceedings of the International Conference on Software Engineering (ICSE’13). 772--781.Google Scholar
- A. Nistor, P. Chang, C. Radoi, and S. Lu. 2015. CARAMEL: Detecting and fixing performance problems that have non-intrusive fixes. In Proceedings of the IEEE/ACM 37th IEEE International Conference on Software Engineering, Vol. 1. 902--912. DOI:https://doi.org/10.1109/ICSE.2015.100Google Scholar
- A. Jefferson Offutt and Ronald H. Untch. 2001. Mutation Testing for the New Century. Springer, Berlin, 34--44.Google Scholar
- Mike Papadakis, Marinos Kintis, Jie Zhang, Yue Jia, Yves Le Traon, and Mark Harman. 2019. Mutation testing advances: An analysis and survey. Adv. Comput. 112 (2019), 275--378.Google ScholarCross Ref
- Y. Qi, X. Mao, Y. Lei, Z. Dai, and C. Wang. 2014. The strength of random search on automated program repair. In Proceedings of the ACM/IEEE International Conference on Software Engineering.Google Scholar
- Christopher Signer. 2018. Gas Cost Analysis for Ethereum Smart Contracts. Master’s thesis. ETH Zurich, Department of Computer Science.Google Scholar
- Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. 2018. SmartCheck: Static analysis of ethereum smart contracts. In Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB’18). 9--16.Google ScholarDigital Library
- Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Bünzli, and Martin Vechev. 2018. Securify: Practical security analysis of smart contracts. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security.Google ScholarDigital Library
- Ron van der Meyden. 2019. On the specification and verification of atomic swap smart contracts. In Proceedings of the IEEE International Conference on Blockchain and Cryptocurrency. 176--179.Google Scholar
- Gavin Wood. 2019. Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151 (2019), 1--32.Google Scholar
- Haoran Wu, Xingya Wang, Jiehui Xu, Weiqin Zou, Lingming Zhang, and Zhenyu Chen. 2019. Mutation Testing for Ethereum Smart Contract. arXiv:1908.03707 [cs.SE].Google Scholar
- Jifeng Xuan, Matias Martinez, Favio DeMarco, Maxime Clement, Sebastian Lamelas Marcote, Thomas Durieux, Daniel Le Berre, and Martin Monperrus. 2017. Nopol: Automatic repair of conditional statement bugs in Java programs. IEEE Trans. Softw. Eng. 43, 1 (2017), 34--55.Google ScholarDigital Library
- Jooyong Yi, Umair Z. Ahmed, Amey Karkare, Shin Hwei Tan, and Abhik Roychoudhury. 2017. A feasibility study of using automated program repair for introductory programming assignments. In Proceedings of the 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE’17). 740--751.Google ScholarDigital Library
- Xiao Liang Yu, Xiwei Xu, and Bin Liu. 2017. EthDrive: A peer-to-peer data storage with provenance. In Proceedings of the Forum and Doctoral Consortium Papers Presented at the 29th International Conference on Advanced Information Systems Engineering (CAiSE’17). 25--32.Google Scholar
Index Terms
- Smart Contract Repair
Recommendations
Smart Contract Code Repair Recommendation based on Reinforcement Learning and Multi-metric Optimization
A smart contract is a kind of code deployed on the blockchain that executes automatically once an event triggers a clause in the contract. Since smart contracts involve businesses such as asset transfer, they are more vulnerable to attacks, so it is ...
An overview on smart contracts: Challenges, advances and platforms
AbstractSmart contract technology is reshaping conventional industry and business processes. Being embedded in blockchains, smart contracts enable the contractual terms of an agreement to be enforced automatically without the intervention of a ...
Highlights- Opportunities of smart contracts for industrial internet of things.
- Lifecycle ...
Studying differentiated code to support smart contract update
AbstractSmart contracts have received a lot of attention. A smart contract is a program that runs on a blockchain. Some recent studies reveal that most of the smart contracts on the Ethereum blockchain are highly similar. An inexperienced smart contract ...
Comments