ContractTinker: LLM-Empowered Vulnerability Repair for Real-World Smart Contracts

doi:10.1145/3691620.3695349

科研成果详情

题名	ContractTinker: LLM-Empowered Vulnerability Repair for Real-World Smart Contracts
作者	Wang，Che 1; Zhang，Jiashuo 1; Gao，Jianbo 2; Xia，Libin 1; Guan，Zhi 3; Chen，Zhong1
发表日期	2024-10-27
会议名称	39th ACM/IEEE International Conference on Automated Software Engineering, ASE 2024
会议录名称	Proceedings - 2024 39th ACM/IEEE International Conference on Automated Software Engineering, ASE 2024
页码	2350-2353
会议日期	2024-10-28——2024-10-28
会议地点	usa,Sacramento
摘要	Smart contracts are susceptible to being exploited by attackers, especially when facing real-world vulnerabilities. To mitigate this risk, developers often rely on third-party audit services to identify potential vulnerabilities before project deployment. Nevertheless, repairing the identified vulnerabilities is still complex and laborintensive, particularly for developers lacking security expertise. Moreover, existing pattern-based repair tools mostly fail to address real-world vulnerabilities due to their lack of high-level semantic understanding. To fill this gap, we propose ContractTinker, a Large Language Models (LLMs)-empowered tool for real-world vulnerability repair. The key insight is our adoption of the Chain-of-Thought approach to break down the entire generation task into subtasks. Additionally, to reduce hallucination, we integrate program static analysis to guide the LLM. We evaluate ContractTinker on 48 high-risk vulnerabilities. The experimental results show that among the patches generated by ContractTinker, 23 (48%) are valid patches that fix the vulnerabilities, while 10 (21%) require only minor modifications. A video of ContractTinker is available at https://youtu.be/HWFVi-YHcPE.
关键词	large language model program repair smart contract
DOI	10.1145/3691620.3695349
URL	查看来源
语种	英语English
Scopus入藏号	2-s2.0-85212418898
引用统计
文献类型	会议论文
条目标识符	https://repository.uic.edu.cn/handle/39GCC9TT/13441
专题	个人在本单位外知识产出
通讯作者	Gao，Jianbo
作者单位	1.School of Computer Science,Peking University,Beijing,China 2.Beijing Key Laboratory of Security and Privacy in Intelligent Transportation,Beijing Jiaotong University,Beijing,China 3.National Engineering Research,Center for Software Engineering,Peking University,Beijing,China
推荐引用方式 GB/T 7714	Wang，Che,Zhang，Jiashuo,Gao，Jianboet al. ContractTinker: LLM-Empowered Vulnerability Repair for Real-World Smart Contracts[C], 2024: 2350-2353.