research-article

Smart Contract Code Repair Recommendation based on Reinforcement Learning and Multi-metric Optimization

Authors:

Xiangping Chen,

Zibin ZhengAuthors Info & Claims

ACM Transactions on Software Engineering and Methodology, Volume 33, Issue 4

Article No.: 106, Pages 1 - 31

https://doi.org/10.1145/3637229

Published: 18 April 2024 Publication History

Abstract

A smart contract is a kind of code deployed on the blockchain that executes automatically once an event triggers a clause in the contract. Since smart contracts involve businesses such as asset transfer, they are more vulnerable to attacks, so it is crucial to ensure the security of smart contracts. Because a smart contract cannot be tampered with once deployed on the blockchain, for smart contract developers, it is necessary to fix vulnerabilities before deployment. Compared with many vulnerability detection tools for smart contracts, the amount of automatic fix approaches for smart contracts is relatively limited. These approaches mainly use defined pattern-based methods or heuristic search algorithms for vulnerability repairs. In this article, we propose RLRep, a reinforcement learning-based approach to provide smart contract repair recommendations for smart contract developers automatically. This approach adopts an agent to provide repair action suggestions based on the vulnerable smart contract without any supervision, which can solve the problem of missing labeled data in machine learning-based repair methods. We evaluate our approach on a dataset containing 853 smart contract programs (programming language: Solidity) with different kinds of vulnerabilities. We split them into training and test sets. The result shows that our approach can provide 54.97% correct repair recommendations for smart contracts.

References

[1]

Oxford Analytica. 2021. Poly network attack underlines growing DeFi risks. Emerald Expert Briefingsoxan-es (2021).

[2]

Brenna D. Argall, Sonia Chernova, Manuela Veloso, and Brett Browning. 2009. A survey of robot learning from demonstration. Robot. Auton. Syst. 57, 5 (2009), 469–483. DOI:

Digital Library

[3]

Johannes Bader, Andrew Scott, Michael Pradel, and Satish Chandra. 2019. Getafix: Learning to fix bugs automatically. Proc. ACM Program. Lang. 3, OOPSLA, Article 159 (Oct.2019), 27 pages. DOI:

Digital Library

[4]

Dzmitry Bahdanau, Kyunghyun Cho, and Yoshua Bengio. 2015. Neural machine translation by jointly learning to align and translate. In Proceedings of the 3rd International Conference on Learning Representations (ICLR’15), Yoshua Bengio and Yann LeCun (Eds.). DOI:

[5]

Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Anitha Gollamudi, Georges Gonthier, Nadim Kobeissi, Natalia Kulatova, Aseem Rastogi, Thomas Sibut-Pinote, Nikhil Swamy, and Santiago Zanella Béguelin. 2016. Formal verification of smart contracts: Short paper. In Proceedings of the ACM Workshop on Programming Languages and Analysis for Security (PLAS@CCS’16), Toby C. Murray and Deian Stefan (Eds.). ACM, 91–96. DOI:

Digital Library

[6]

Tom Britton, Lisa Jeng, Graham Carver, and Paul Cheak. 2013. Reversible Debugging Software “Quantify the Time and Cost Saved Using Reversible Debuggers.” (2013).

[7]

Jiachi Chen, Xin Xia, David Lo, John Grundy, Xiapu Luo, and Ting Chen. 2022. Defining smart contract defects on ethereum. IEEE Trans. Softw. Eng. 48, 1 (2022), 327–345. DOI:

Digital Library

[8]

Giuseppe Destefanis, Michele Marchesi, Marco Ortu, Roberto Tonelli, Andrea Bracciali, and Robert Hierons. 2018. Smart contracts vulnerabilities: A call for blockchain software engineering? In Proceedings of the International Workshop on Blockchain Oriented Software Engineering (IWBOSE’18). 19–25. DOI:

[9]

Rati Devidze, Goran Radanovic, Parameswaran Kamalaruban, and Adish Singla. 2021. Explicable reward design for reinforcement learning agents. In Advances in Neural Information Processing Systems, M. Ranzato, A. Beygelzimer, Y. Dauphin, P.S. Liang, and J. Wortman Vaughan (Eds.), Vol. 34. Curran Associates, Inc., 20118–20131. Retrieved from DOI:

[10]

Daniel Dewey. 2014. Reinforcement learning and the reward engineering principle. In Proceedings of the AAAI Spring Symposium Series.

[11]

ConsenSys Diligence. 2018. Ethereum smart contract security best practices. Retrieved from DOI:

[12]

Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: A static analysis framework for smart contracts. In Proceedings of the IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB’19). 8–15. DOI:

Digital Library

[13]

Christof Ferreira Torres, Antonio Ken Iannillo, Arthur Gervais, and Radu State. 2021. The eye of Horus: Spotting and analyzing attacks on ethereum smart contracts. In Financial Cryptography and Data Security, Nikita Borisov and Claudia Diaz (Eds.). Springer Berlin, 33–52.

Digital Library

[14]

Dr Catherine Flick. 2022. A critical professional ethical analysis of Non-Fungible Tokens (NFTs). J. Respons. Technol. 12 (2022), 100054. DOI:

[15]

Zhipeng Gao, Lingxiao Jiang, Xin Xia, David Lo, and John Grundy. 2021. Checking smart contracts with structural code embedding. IEEE Trans. Softw. Eng. 47, 12 (2021), 2874–2891. DOI:

[16]

Luca Gazzola, Daniela Micucci, and Leonardo Mariani. 2019. Automatic software repair: A survey. IEEE Trans. Softw. Eng. 45, 1 (2019), 34–67. DOI:

Digital Library

[17]

Asem Ghaleb and Karthik Pattabiraman. 2020. How effective are smart contract analysis tools? Evaluating smart contract static analysis tools using bug injection. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’20). Association for Computing Machinery, New York, NY, 415–427. DOI:

Digital Library

[18]

Ali Ghanbari, Samuel Benton, and Lingming Zhang. 2019. Practical Program Repair via Bytecode Mutation. Association for Computing Machinery, New York, NY, 19–30. DOI:

Digital Library

[19]

Claire Le Goues, Michael Pradel, and Abhik Roychoudhury. 2019. Automated program repair. Commun. ACM 62, 12 (Nov.2019), 56–65. DOI:

Digital Library

[20]

Jingxuan He, Mislav Balunović, Nodar Ambroladze, Petar Tsankov, and Martin Vechev. 2019. Learning to fuzz from symbolic execution with application to smart contracts. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’19). Association for Computing Machinery, New York, NY, 531–548. DOI:

Digital Library

[21]

Gang Huang, Chaoran Luo, Kaidong Wu, Yun Ma, Ying Zhang, and Xuanzhe Liu. 2019. Software-defined infrastructure for decentralized data lifecycle governance: Principled design and open challenges. In Proceedings of the 39th IEEE International Conference on Distributed Computing Systems (ICDCS’19). IEEE, 1674–1683.

[22]

Yue Jia and Mark Harman. 2011. An analysis and survey of the development of mutation testing. IEEE Trans. Softw. Eng. 37, 5 (2011), 649–678. DOI:

Digital Library

[23]

Bo Jiang, Ye Liu, and W. K. Chan. 2018. ContractFuzzer: Fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE’18). 259–269. DOI:

Digital Library

[24]

Jiajun Jiang, Luyao Ren, Yingfei Xiong, and Lingming Zhang. 2019. Inferring program transformations from singular examples via big code. In Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE’19). 255–266. DOI:

Digital Library

[25]

Jiajun Jiang, Yingfei Xiong, Hongyu Zhang, Qing Gao, and Xiangqun Chen. 2018. Shaping program repair space with existing patches and similar code. In Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’18). Association for Computing Machinery, New York, NY, 298–309. DOI:

Digital Library

[26]

Nan Jiang, Thibaud Lutellier, and Lin Tan. 2021. CURE: Code-aware neural machine translation for automatic program repair. In Proceedings of the IEEE/ACM 43rd International Conference on Software Engineering (ICSE’21). 1161–1173. DOI:

Digital Library

[27]

Hai Jin, Zeli Wang, Ming Wen, Weiqi Dai, Yu Zhu, and Deqing Zou. 2021. Aroc: An automatic repair framework for on-chain smart contracts. IEEE Trans. Softw. Eng. (2021), 1–1. DOI:

[28]

J. D. Kalbfleisch and J. F. Lawless. 1985. The analysis of panel data under a Markov assumption. J. Amer. Statist. Assoc. 80, 392 (1985), 863–871. DOI:

[29]

JingHuey Khor, Mansur Aliyu Masama, Michail Sidorov, WeiChung Leong, and JiaJun Lim. 2020. An improved gas efficient library for securing iot smart contracts against arithmetic vulnerabilities. In Proceedings of the 9th International Conference on Software and Computer Applications (ICSCA’20). Association for Computing Machinery, New York, NY, 326–330. DOI:

Digital Library

[30]

Ki Byung Kim and Jonghyup Lee. 2020. Automated generation of test cases for smart contract security analyzers. IEEE Access 8 (2020), 209377–209392. DOI:

[31]

Philipp Koehn. 2004. Pharaoh: A beam search decoder for phrase-based statistical machine translation models. In Machine Translation: From Real Users to Research, Robert E. Frederking and Kathryn B. Taylor (Eds.). Springer Berlin, 115–124.

[32]

Johannes Krupp and Christian Rossow. 2018. teEther: Gnawing at ethereum to automatically exploit smart contracts. In Proceedings of the 27th USENIX Security Symposium (USENIX Security’18). USENIX Association, Baltimore, MD, 1317–1333. Retrieved from DOI:

[33]

Satpal Singh Kushwaha, Sandeep Joshi, Dilbag Singh, Manjit Kaur, and Heung-No Lee. 2022. Systematic review of security vulnerabilities in ethereum blockchain smart contract. IEEE Access 10 (2022), 6605–6621. DOI:

[34]

Xuan-Bach D. Le, Duc-Hiep Chu, David Lo, Claire Le Goues, and Willem Visser. 2017. S3: Syntax- and semantic-guided repair synthesis via programming by examples. In Proceedings of the 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE’17). Association for Computing Machinery, New York, NY, 593–604. DOI:

Digital Library

[35]

Claire Le Goues, Michael Dewey-Vogt, Stephanie Forrest, and Westley Weimer. 2012. A systematic study of automated program repair: Fixing 55 out of 105 bugs for $8 each. In Proceedings of the 34th International Conference on Software Engineering (ICSE’12). 3–13. DOI:

[36]

Claire Le Goues, ThanhVu Nguyen, Stephanie Forrest, and Westley Weimer. 2012. GenProg: A generic method for automatic software repair. IEEE Trans. Softw. Eng. 38, 1 (2012), 54–72. DOI:

Digital Library

[37]

Yuzheng Li, Chuan Chen, Nan Liu, Huawei Huang, Zibin Zheng, and Qiang Yan. 2021. A blockchain-based decentralized federated learning framework with committee consensus. IEEE Netw. 35, 1 (2021), 234–241. DOI:

Digital Library

[38]

Zixin Li, Haoran Wu, Jiehui Xu, Xingya Wang, Lingming Zhang, and Zhenyu Chen. 2019. MuSC: A tool for mutation testing of ethereum smart contract. In Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE’19). 1198–1201. DOI:

Digital Library

[39]

Bo Lin, Shangwen Wang, Ming Wen, and Xiaoguang Mao. 2022. Context-aware code change embedding for better patch correctness assessment. ACM Trans. Softw. Eng. Methodol. 31, 3, Article 51 (May2022), 29 pages. DOI:

Digital Library

[40]

Chao Liu, Han Liu, Zhao Cao, Zhong Chen, Bangdao Chen, and Bill Roscoe. 2018. ReGuard: Finding reentrancy bugs in smart contracts. In Proceedings of the IEEE/ACM 40th International Conference on Software Engineering (ICSE’18). 65–68.

Digital Library

[41]

Kui Liu, Dongsun Kim, Anil Koyuncu, Li Li, Tegawendé F. Bissyandé, and Yves Le Traon. 2018. A closer look at real-world patches. In Proceedings of the IEEE International Conference on Software Maintenance and Evolution (ICSME’18). 275–286. DOI:

[42]

Kui Liu, Anil Koyuncu, Dongsun Kim, and Tegawendé F. Bissyandé. 2019. TBar: Revisiting template-based automated program repair. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA’19). Association for Computing Machinery, New York, NY, 31–42. DOI:

Digital Library

[43]

Xuanzhe Liu, Gang Huang, Qi Zhao, Hong Mei, and M. Brian Blake. 2014. iMashup: A mashup-based framework for service composition. Sci. China Inf. Sci. 57, 1 (2014), 1–20. DOI:

[44]

Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16). Association for Computing Machinery, New York, NY, 254–269. DOI:

Digital Library

[45]

Adrian Manning. 2018. Solidity security: Comprehensive list of known attack vectors and common anti-patterns. Sigma Prime 20, 10 (2018). Retrieved from DOI:

[46]

Seyed Sajad Mousavi, Michael Schukat, and Enda Howley. 2016. Deep reinforcement learning: An overview. In Proceedings of SAI Intelligent Systems Conference (IntelliSys’16) (Lecture Notes in Networks and Systems), Yaxin Bi, Supriya Kapoor, and Rahul Bhatia (Eds.), Vol. 16. Springer, 426–440. DOI:

[47]

Bernhard Mueller. 2018. Smashing ethereum smart contracts for fun and real profit. HITB SECCONF Amsterd. 9 (2018), 54.

[48]

Tai D. Nguyen, Long H. Pham, and Jun Sun. 2021. SGUARD: Towards fixing vulnerable smart contracts automatically. In Proceedings of the IEEE Symposium on Security and Privacy (SP’21). 1215–1229. DOI:

[49]

Tai D. Nguyen, Long H. Pham, Jun Sun, Yun Lin, and Quang Tran Minh. 2020. SFuzz: An efficient adaptive fuzzer for solidity smart contracts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE’20). Association for Computing Machinery, New York, NY, 778–788. DOI:

Digital Library

[50]

Yuanping Nie, Yi Han, Jiuming Huang, Bo Jiao, and Aiping Li. 2017. Attention-based encoder-decoder model for answer selection in question answering. Front. Inf. Technol. Electron. Eng. 18, 4 (2017), 535–544. DOI:

[51]

Zhaoyang Niu, Guoqiang Zhong, and Hui Yu. 2021. A review on the attention mechanism of deep learning. Neurocomputing 452 (2021), 48–62. DOI:

[52]

Mike Papadakis and Yves Le Traon. 2015. Metallaxis-FL: Mutation-based fault localization. Softw. Test., Verif. Reliab. 25, 5-7 (2015), 605–628. DOI: arXiv: https://onlinelibrary.wiley.com/doi/pdf/10.1002/stvr.1509

Digital Library

[53]

Christos H. Papadimitriou and John N. Tsitsiklis. 1987. The complexity of Markov decision processes. Math. Oper. Res. 12, 3 (1987), 441–450. DOI:

Digital Library

[54]

Purathani Praitheeshan, Lei Pan, Jiangshan Yu, Joseph K. Liu, and Robin Doss. 2019. Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey. CoRR abs/1908.08605 (2019).

[55]

Zichao Qi, Fan Long, Sara Achour, and Martin Rinard. 2015. An analysis of patch plausibility and correctness for generate-and-validate patch generation systems. In Proceedings of the International Symposium on Software Testing and Analysis (ISSTA’15). Association for Computing Machinery, New York, NY, 24–36. DOI:

Digital Library

[56]

Baishakhi Ray, Vincent Hellendoorn, Saheel Godhane, Zhaopeng Tu, Alberto Bacchelli, and Premkumar Devanbu. 2016. On the “Naturalness” of buggy code. In Proceedings of the IEEE/ACM 38th International Conference on Software Engineering (ICSE’16). 428–439. DOI:

Digital Library

[57]

Michael Rodler, Wenting Li, Ghassan O. Karame, and Lucas Davi. 2021. EVMPatch: Timely and automated patching of ethereum smart contracts. In Proceedings of the 30th USENIX Security Symposium (USENIX Security’21). USENIX Association, 1289–1306. Retrieved from DOI:

[58]

David Schuler and Andreas Zeller. 2009. Javalanche: Efficient Mutation Testing for Java. In Proceedings of the 7th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on The Foundations of Software Engineering (ESEC/FSE’09). Association for Computing Machinery, New York, NY, 297–298. DOI:

Digital Library

[59]

Christof Ferreira Torres, Hugo Jonker, and Radu State. 2021. Elysium: Context-aware Bytecode-Level Patching to Automatically Heal Vulnerable Smart Contracts. DOI:

[60]

Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Bünzli, and Martin Vechev. 2018. Securify: Practical security analysis of smart contracts. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’18). Association for Computing Machinery, New York, NY, 67–82. DOI:

Digital Library

[61]

Zhaopeng Tu, Zhendong Su, and Premkumar Devanbu. 2014. On the localness of software. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE’14). Association for Computing Machinery, New York, NY, 269–280. DOI:

Digital Library

[62]

Michele Tufano, Jevgenija Pantiuchina, Cody Watson, Gabriele Bavota, and Denys Poshyvanyk. 2019. On learning meaningful code changes via neural machine translation. In Proceedings of the IEEE/ACM 41st International Conference on Software Engineering (ICSE’19). 25–36. DOI:

Digital Library

[63]

Werner Vach. 2005. The dependence of Cohen’s Kappa on the prevalence does not matter. J. Clin. Epidem. 58, 7 (2005), 655–661. DOI:

[64]

Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, Łukasz Kaiser, and Illia Polosukhin. 2017. Attention is all you need. In Advances in Neural Information Processing Systems, I. Guyon, U. Von Luxburg, S. Bengio, H. Wallach, R. Fergus, S. Vishwanathan, and R. Garnett (Eds.), Vol. 30. Curran Associates, Inc. Retrieved from DOI:

Digital Library

[65]

M. Vladimirov and D. Khovratovich. 2018. ERC20 API: An Attack Vector on Approve/Transfer from Methods. (2018).

[66]

Bin Wang, Han Liu, Chao Liu, Zhiqiang Yang, Qian Ren, Huixuan Zheng, and Hong Lei. 2021. BLOCKEYE: Hunting for defi attacks on blockchain. In Proceedings of the IEEE/ACM 43rd International Conference on Software Engineering (ICSE’21). 17–20. DOI:

Digital Library

[67]

Shangwen Wang, Ming Wen, Bo Lin, Hongjun Wu, Yihao Qin, Deqing Zou, Xiaoguang Mao, and Hai Jin. 2021. Automated patch correctness assessment: How far are we? In Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering (ASE’20). Association for Computing Machinery, New York, NY, 968–980. DOI:

Digital Library

[68]

Xingya Wang, Haoran Wu, Weisong Sun, and Yuan Zhao. 2019. Towards generating cost-effective test-suite for ethereum smart contract. In Proceedings of the IEEE 26th International Conference on Software Analysis, Evolution and Reengineering (SANER’19). 549–553. DOI:

[69]

Ming Wen, Junjie Chen, Rongxin Wu, Dan Hao, and Shing-Chi Cheung. 2018. Context-aware patch generation for better automated program repair. In Proceedings of the IEEE/ACM 40th International Conference on Software Engineering (ICSE’18). 1–11. DOI:

Digital Library

[70]

Jifeng Xuan, Matias Martinez, Favio DeMarco, Maxime Clément, Sebastian Lamelas Marcote, Thomas Durieux, Daniel Le Berre, and Martin Monperrus. 2017. Nopol: Automatic repair of conditional statement bugs in Java programs. IEEE Trans. Softw. Eng. 43, 1 (2017), 34–55. DOI:

Digital Library

[71]

Yatao Yang, Zibin Zheng, Xiangdong Niu, Mingdong Tang, Yutong Lu, and Xiangke Liao. 2021. A location-based factorization machine model for web service QoS prediction. IEEE Trans. Serv. Comput. 14, 5 (2021), 1264–1277. DOI:

[72]

Michihiro Yasunaga and Percy Liang. 2021. Break-it-fix-it: Unsupervised learning for program repair. In Proceedings of the 38th International Conference on Machine Learning (Proceedings of Machine Learning Research), Marina Meila and Tong Zhang (Eds.), Vol. 139. PMLR, 11941–11952. Retrieved from DOI:

[73]

He Ye, Matias Martinez, Xiapu Luo, Tao Zhang, and Martin Monperrus. 2022. SelfAPR: Self-supervised program repair with test execution diagnostics. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering (ASE’22). DOI:

Digital Library

[74]

He Ye, Matias Martinez, and Martin Monperrus. 2022. Neural program repair with execution-based backpropagation. In Proceedings of the 44th International Conference on Software Engineering (ICSE’22). Association for Computing Machinery, New York, NY, 1506–1518. DOI:

Digital Library

[75]

Xiao Liang Yu, Omar Al-Bataineh, David Lo, and Abhik Roychoudhury. 2020. Smart contract repair. ACM Trans. Softw. Eng. Methodol. 29, 4, Article 27 (Sep.2020), 32 pages. DOI:

Digital Library

[76]

Jie Zhang, Lingming Zhang, Mark Harman, Dan Hao, Yue Jia, and Lu Zhang. 2019. Predictive mutation testing. IEEE Trans. Softw. Eng. 45, 9 (2019), 898–918. DOI:

Digital Library

[77]

Yuyao Zhang, Siqi Ma, Juanru Li, Kailai Li, Surya Nepal, and Dawu Gu. 2020. SMARTSHIELD: Automatic smart contract protection made easy. In Proceedings of the IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER’20). 23–34. DOI:

[78]

Xiangfu Zhao, Zhongyu Chen, Xin Chen, Yanxia Wang, and Changbing Tang. 2017. The Dao attack paradoxes in propositional logic. In Proceedings of the 4th International Conference on Systems and Informatics (ICSAI’17). 1743–1746. DOI:

[79]

Zibin Zheng, Xiaoli Li, Mingdong Tang, Fenfang Xie, and Michael R. Lyu. 2022. Web service QoS prediction via collaborative filtering: A survey. IEEE Trans. Serv. Comput. 15, 4 (2022), 2455–2472. DOI:

[80]

Yu Zhou, Changzhi Wang, Xin Yan, Taolue Chen, Sebastiano Panichella, and Harald Gall. 2020. Automatic detection and repair recommendation of directive defects in Java API documentation. IEEE Trans. Softw. Eng. 46, 9 (2020), 1004–1023. DOI:

[81]

Qihao Zhu, Zeyu Sun, Yuan-an Xiao, Wenjie Zhang, Kang Yuan, Yingfei Xiong, and Lu Zhang. 2021. A Syntax-guided Edit Decoder for Neural Program Repair. Association for Computing Machinery, New York, NY, 341–353. DOI:

Digital Library

[82]

Weiqin Zou, David Lo, Pavneet Singh Kochhar, Xuan-Bach Dinh Le, Xin Xia, Yang Feng, Zhenyu Chen, and Baowen Xu. 2021. Smart contract development: Challenges and opportunities. IEEE Trans. Softw. Eng. 47, 10 (2021), 2084–2106. DOI:

Cited By

Eshghie MArtho CFilkov VRay BZhou M(2024)Oracle-Guided Vulnerability Diversity and Exploit Synthesis of Smart Contracts Using LLMsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695292(2240-2248)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695292

Index Terms

Smart Contract Code Repair Recommendation based on Reinforcement Learning and Multi-metric Optimization
1. Security and privacy
  1. Software and application security
    1. Software security engineering
2. Software and its engineering
  1. Software creation and management
    1. Software development techniques
      1. Automatic programming

Recommendations

sGuard+: Machine Learning Guided Rule-Based Automated Vulnerability Repair on Smart Contracts
Smart contracts are becoming appealing targets for hackers because of the vast amount of cryptocurrencies under their control. Asset loss due to the exploitation of smart contract codes has increased significantly in recent years. To guarantee that smart ...
Smart Contract Repair
Continuous Special Section: AI and SE

Smart contracts are automated or self-enforcing contracts that can be used to exchange assets without having to place trust in third parties. Many commercial transactions use smart contracts due to their potential benefits in terms of secure peer-to-...
Studying differentiated code to support smart contract update
Abstract
Smart contracts have received a lot of attention. A smart contract is a program that runs on a blockchain. Some recent studies reveal that most of the smart contracts on the Ethereum blockchain are highly similar. An inexperienced smart contract ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Software Engineering and Methodology

ACM Transactions on Software Engineering and Methodology Volume 33, Issue 4

May 2024

940 pages

EISSN:1557-7392

DOI:10.1145/3613665

Editor:
Mauro Pezzè
USI Università della Svizzera italiana and SIT Schaffhausen Institute of Technology, Switzerland

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 April 2024

Online AM: 11 December 2023

Accepted: 01 December 2023

Revised: 18 July 2023

Received: 06 March 2023

Published in TOSEM Volume 33, Issue 4

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Natural Science Foundation of China
Key-Area Research and Development Program of Shandong Province
Guangdong Basic and Applied Basic Research Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
1,038
Total Downloads

Downloads (Last 12 months)854
Downloads (Last 6 weeks)89

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Eshghie MArtho CFilkov VRay BZhou M(2024)Oracle-Guided Vulnerability Diversity and Exploit Synthesis of Smart Contracts Using LLMsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695292(2240-2248)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695292

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Full Text

View this article in Full Text.

Figures

Tables

Media

View full text|Download PDF

View Issue’s Table of Contents