research-article

Smart Contract Repair

Authors:
Xiao Liang Yu

National University of Singapore, Singapore

National University of Singapore, Singapore
View Profile

,
Omar Al-Bataineh

National University of Singapore, Singapore

National University of Singapore, Singapore
View Profile

,
David Lo

Singapore Management University, Singapore

Singapore Management University, Singapore
View Profile

,
Abhik Roychoudhury

National University of Singapore, Singapore

National University of Singapore, Singapore

0000-0002-7127-1137
View Profile

ACM Transactions on Software Engineering and Methodology Volume 29 Issue 4Article No.: 27pp 1–32https://doi.org/10.1145/3402450

Published:26 September 2020Publication History

ACM Transactions on Software Engineering and Methodology

Abstract

Smart contracts are automated or self-enforcing contracts that can be used to exchange assets without having to place trust in third parties. Many commercial transactions use smart contracts due to their potential benefits in terms of secure peer-to-peer transactions independent of external parties. Experience shows that many commonly used smart contracts are vulnerable to serious malicious attacks, which may enable attackers to steal valuable assets of involving parties. There is, therefore, a need to apply analysis and automated repair techniques to detect and repair bugs in smart contracts before being deployed. In this work, we present the first general-purpose automated smart contract repair approach that is also gas-aware. Our repair method is search-based and searches among mutations of the buggy contract. Our method also considers the gas usage of the candidate patches by leveraging our novel notion of gas dominance relationship. We have made our smart contract repair tool SCRepair available open-source, for investigation by the wider community.

References

Sidney Amani, Myriam Bégel, Maksym Bortin, and Mark Staples. 2018. Towards verifying ethereum smart contract bytecode in Isabelle/HOL. In Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs (CPP’18). 66--77.Google ScholarDigital Library
Andrea Arcuri and Lionel Briand. 2011. A practical guide for using statistical tests to assess randomized algorithms in software engineering. In Proceedings of the 33rd International Conference on Software Engineering (ICSE’11). ACM, New York, NY, 1--10. DOI:https://doi.org/10.1145/1985793.1985795Google ScholarDigital Library
Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli. 2017. A survey of attacks on ethereum smart contracts SoK. In Proceedings of the 6th International Conference on Principles of Security and Trust—Volume 10204. 164--186.Google ScholarDigital Library
Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Anitha Gollamudi, Georges Gonthier, Nadim Kobeissi, Natalia Kulatova, Aseem Rastogi, Thomas Sibut-Pinote, Nikhil Swamy, and Santiago Zanella-Béguelin. 2016. Formal verification of smart contracts: Short paper. In Proceedings of the ACM Workshop on Programming Languages and Analysis for Security (PLAS’16). 91--96.Google ScholarDigital Library
Kalyanmoy Deb, Samir Agrawal, Amrit Pratap, and Tanaka Meyarivan. 2000. A fast elitist non-dominated sorting genetic algorithm for multi-objective optimization: NSGA-II. In Proceedings of the International Conference on Parallel Problem Solving from Nature. Springer, 849--858.Google ScholarCross Ref
Kevin Delmolino, Mitchell Arnett, Ahmed Kosba, Andrew Miller, and Elaine Shi. 2016. Step by step towards creating a safe smart contract: Lessons and insights from a cryptocurrency lab. In Proceedings of the International Workshops on Financial Cryptography and Data Security (FC’16). 79--94.Google ScholarCross Ref
Ardit Dika. 2017. Ethereum Smart Contracts: Security Vulnerabilities and Security Tools. Master’s thesis. Norwegian University of Science and Technology, Department of Computer Science.Google Scholar
Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: A static analysis framework for smart contracts. In Proceedings of the IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB’19). IEEE, 8--15.Google ScholarDigital Library
Ying Fu, Meng Ren, Fuchen Ma, Heyuan Shi, Xin Yang, Yu Jiang, Huizhong Li, and Xiang Shi. 2019. EVMFuzzer: Detect EVM vulnerabilities via fuzz testing. In Proceedings of the 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE’19). ACM, New York, NY, 1110--1114. DOI:https://doi.org/10.1145/3338906.3341175Google ScholarDigital Library
Peter Gammie and Ron van der Meyden. 2004. MCK: Model checking the logic of knowledge. In Proceedings of the 16th International Conference on Computer Aided Verification (CAV’04).Google Scholar
Claire Le Goues, Michael Pradel, and Abhik Roychoudhury. 2019. Automated program repair. Commun. ACM 62, 12 (2019).Google Scholar
Ilya Grishchenko, Matteo Maffei, and Clara Schneidewind. 2018. A semantic framework for the security analysis of ethereum smart contracts. In Proceedings of the 7th International Conference on Principles of Security and Trust (POST’18). 243--269.Google ScholarCross Ref
Alex Groce, Josie Holmes, Darko Marinov, August Shi, and Lingming Zhang. 2018. An extensible, regular-expression-based tool for multi-language mutant generation. In Proceedings of the 40th International Conference on Software Engineering (ICSE’18). 25--28.Google ScholarDigital Library
Shelly Grossman, Ittai Abraham, Guy Golan-Gueta, Yan Michalevsky, Noam Rinetzky, Mooly Sagiv, and Yoni Zohar. 2017. Online detection of effectively callback free objects with applications to smart contracts. Proc. ACM Program. Lang. 2 (2017), 48:1–48:28.Google Scholar
Joran J. Honig, Maarten H. Everts, and Marieke Huisman. 2019. Practical mutation testing for smart contracts. In Proceedings of the ESORICS International Workshop on Data Privacy Management, Cryptocurrencies and Blockchain Technology. 289--303.Google ScholarDigital Library
Bo Jiang, Ye Liu, and W. K. Chan. 2018. ContractFuzzer: Fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering (ASE’18). 259--269.Google Scholar
René Just, Darioush Jalali, and Michael D. Ernst. 2014. Defects4J: A database of existing faults to enable controlled testing studies for Java programs. In Proceedings of the International Symposium on Software Testing and Analysis. ACM, 437--440.Google Scholar
Sukrit Kalra, Seep Goel, Mohan Dhawan, and Subodh Sharma. 2018. ZEUS: Analyzing safety of smart contracts. In Proceedings of the 25th Annual Network and Distributed System Security Symposium (NDSS’18).Google ScholarCross Ref
Xuan-Bach D. Le, Duc-Hiep Chu, David Lo, Claire Le Goues, and Willem Visser. 2017. JFIX: Semantics-based repair of Java programs via symbolic PathFinder. In Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis. 376--379.Google ScholarDigital Library
Claire Le Goues, Michael Dewey-Vogt, Stephanie Forrest, and Westley Weimer. 2012. A systematic study of automated program repair: Fixing 55 out of 105 bugs for $8 each. In Proceedings of the 34th International Conference on Software Engineering (ICSE’12).Google ScholarDigital Library
Claire Le Goues, ThanhVu Nguyen, Stephanie Forrest, and Westley Weimer. 2012. GenProg: A generic method for automatic software repair. IEEE Trans. Softw. Eng. 38, 1 (2012), 54--72.Google ScholarDigital Library
Bin Liu, Xiao Liang Yu, Shiping Chen, Xiwei Xu, and Liming Zhu. 2017. Blockchain-based data integrity service framework for IoT data. In Proceedings of the IEEE International Conference on Web Services (ICWS’17). IEEE, 468--475.Google ScholarCross Ref
Fan Long and Martin Rinard. 2015. Staged program repair with condition synthesis. In Proceedings of the 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE’15). 166--178.Google ScholarDigital Library
Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. 254--269.Google ScholarDigital Library
Matteo Marescotti, Martin Blicha, Antti E. J. Hyvärinen, Sepideh Asadi, and Natasha Sharygina. 2018. Computing exact worst-case gas consumption for smart contracts. In Leveraging Applications of Formal Methods, Verification and Validation. Springer, 450--465.Google Scholar
Matias Martinez and Martin Monperrus. 2015. Mining software repair models for reasoning on the search space of automated program fixing. Empir. Softw. Eng. 20, 1 (2015), 176--205.Google ScholarDigital Library
Sergey Mechtaev, Jooyong Yi, and Abhik Roychoudhury. 2015. DirectFix: Looking for simple program repairs. In Proceedings of the 37th International Conference on Software Engineering (ICSE’15). 448--458.Google ScholarCross Ref
Sergey Mechtaev, Jooyong Yi, and Abhik Roychoudhury. 2016. Angelix: Scalable multiline program patch synthesis via symbolic analysis. In Proceedings of the 38th International Conference on Software Engineering (ICSE’16). 691--701.Google ScholarDigital Library
Hoang Duong Thien Nguyen, Dawei Qi, Abhik Roychoudhury, and Satish Chandra. 2013. SemFix: Program repair via semantic analysis. In Proceedings of the International Conference on Software Engineering (ICSE’13). 772--781.Google Scholar
A. Nistor, P. Chang, C. Radoi, and S. Lu. 2015. CARAMEL: Detecting and fixing performance problems that have non-intrusive fixes. In Proceedings of the IEEE/ACM 37th IEEE International Conference on Software Engineering, Vol. 1. 902--912. DOI:https://doi.org/10.1109/ICSE.2015.100Google Scholar
A. Jefferson Offutt and Ronald H. Untch. 2001. Mutation Testing for the New Century. Springer, Berlin, 34--44.Google Scholar
Mike Papadakis, Marinos Kintis, Jie Zhang, Yue Jia, Yves Le Traon, and Mark Harman. 2019. Mutation testing advances: An analysis and survey. Adv. Comput. 112 (2019), 275--378.Google ScholarCross Ref
Y. Qi, X. Mao, Y. Lei, Z. Dai, and C. Wang. 2014. The strength of random search on automated program repair. In Proceedings of the ACM/IEEE International Conference on Software Engineering.Google Scholar
Christopher Signer. 2018. Gas Cost Analysis for Ethereum Smart Contracts. Master’s thesis. ETH Zurich, Department of Computer Science.Google Scholar
Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. 2018. SmartCheck: Static analysis of ethereum smart contracts. In Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB’18). 9--16.Google ScholarDigital Library
Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Bünzli, and Martin Vechev. 2018. Securify: Practical security analysis of smart contracts. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security.Google ScholarDigital Library
Ron van der Meyden. 2019. On the specification and verification of atomic swap smart contracts. In Proceedings of the IEEE International Conference on Blockchain and Cryptocurrency. 176--179.Google Scholar
Gavin Wood. 2019. Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper 151 (2019), 1--32.Google Scholar
Haoran Wu, Xingya Wang, Jiehui Xu, Weiqin Zou, Lingming Zhang, and Zhenyu Chen. 2019. Mutation Testing for Ethereum Smart Contract. arXiv:1908.03707 [cs.SE].Google Scholar
Jifeng Xuan, Matias Martinez, Favio DeMarco, Maxime Clement, Sebastian Lamelas Marcote, Thomas Durieux, Daniel Le Berre, and Martin Monperrus. 2017. Nopol: Automatic repair of conditional statement bugs in Java programs. IEEE Trans. Softw. Eng. 43, 1 (2017), 34--55.Google ScholarDigital Library
Jooyong Yi, Umair Z. Ahmed, Amey Karkare, Shin Hwei Tan, and Abhik Roychoudhury. 2017. A feasibility study of using automated program repair for introductory programming assignments. In Proceedings of the 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE’17). 740--751.Google ScholarDigital Library
Xiao Liang Yu, Xiwei Xu, and Bin Liu. 2017. EthDrive: A peer-to-peer data storage with provenance. In Proceedings of the Forum and Doctoral Consortium Papers Presented at the 29th International Conference on Advanced Information Systems Engineering (CAiSE’17). 25--32.Google Scholar

Index Terms

Smart Contract Repair
1. Security and privacy
  1. Software and application security
    1. Software security engineering
2. Software and its engineering
  1. Software creation and management
    1. Software development techniques
      1. Automatic programming

Recommendations

Smart Contract Code Repair Recommendation based on Reinforcement Learning and Multi-metric Optimization
A smart contract is a kind of code deployed on the blockchain that executes automatically once an event triggers a clause in the contract. Since smart contracts involve businesses such as asset transfer, they are more vulnerable to attacks, so it is ...
Read More
An overview on smart contracts: Challenges, advances and platforms
Abstract
Smart contract technology is reshaping conventional industry and business processes. Being embedded in blockchains, smart contracts enable the contractual terms of an agreement to be enforced automatically without the intervention of a ...
Highlights
- Opportunities of smart contracts for industrial internet of things.
- Lifecycle ...
Read More
Studying differentiated code to support smart contract update
Abstract
Smart contracts have received a lot of attention. A smart contract is a program that runs on a blockchain. Some recent studies reveal that most of the smart contracts on the Ethereum blockchain are highly similar. An inexperienced smart contract ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Software Engineering and Methodology Volume 29, Issue 4
Continuous Special Section: AI and SE
October 2020
307 pages
ISSN:1049-331X
EISSN:1557-7392
DOI:10.1145/3409663
Editor:
Mauro Pezzè
Università della Svizzera italiana and Università di Milano-Bicocca, Switzerland
Issue’s Table of Contents
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 26 September 2020
- Accepted: 1 May 2020
- Revised: 1 April 2020
- Received: 1 December 2019
Published in tosem Volume 29, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Program repair
smart contract
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 34
  Total Citations
  View Citations
- 899
  Total Downloads
- Downloads (Last 12 months)167
- Downloads (Last 6 weeks)16
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Smart Contract Repair

ACM Transactions on Software Engineering and Methodology

Abstract

References

Cited By

Index Terms

Recommendations

Smart Contract Code Repair Recommendation based on Reinforcement Learning and Multi-metric Optimization

An overview on smart contracts: Challenges, advances and platforms

Studying differentiated code to support smart contract update