Smart Contract Repair

TL;DR

This paper introduces SCRepair, a novel automated, gas-aware repair approach for smart contracts that uses search-based mutations and considers gas efficiency to fix vulnerabilities before deployment.

Contribution

It presents the first general-purpose, gas-aware automated repair method for smart contracts, incorporating a novel gas dominance concept and open-source tool.

Findings

Successfully repairs vulnerable smart contracts

Reduces gas consumption of patches

Open-source tool available for community use

Abstract

Smart contracts are automated or self-enforcing contracts that can be used to exchange assets without having to place trust in third parties. Many commercial transactions use smart contracts due to their potential benefits in terms of secure peer-to-peer transactions independent of external parties. Experience shows that many commonly used smart contracts are vulnerable to serious malicious attacks which may enable attackers to steal valuable assets of involving parties. There is therefore a need to apply analysis and automated repair techniques to detect and repair bugs in smart contracts before being deployed. In this work, we present the first general-purpose automated smart contract repair approach that is also gas-aware. Our repair method is search-based and searches among mutations of the buggy contract. Our method also considers the gas usage of the candidate patches by leveraging our novel notion of gas dominance relationship. We have made our smart contract repair tool SCRepair available open-source, for investigation by the wider community.