EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts

TL;DR

EVMPatch is a framework that automatically and instantly patches vulnerable Ethereum smart contracts by rewriting bytecode, significantly reducing manual effort and attack success while maintaining contract functionality.

Contribution

This paper introduces EVMPatch, a novel automated bytecode rewriting framework for instant smart contract patching, addressing the delay and error-proneness of manual upgrades.

Findings

Successfully blocks attack transactions on 14,000 vulnerable contracts

Reduces contract upgrade time by 97.6%

Maintains functional equivalence after patching

Abstract

Recent attacks exploiting errors in smart contract code had devastating consequences thereby questioning the benefits of this technology. It is currently highly challenging to fix errors and deploy a patched contract in time. Instant patching is especially important since smart contracts are always online due to the distributed nature of blockchain systems. They also manage considerable amounts of assets, which are at risk and often beyond recovery after an attack. Existing solutions to upgrade smart contracts depend on manual and error-prone processes. This paper presents a framework, called EVMPatch, to instantly and automatically patch faulty smart contracts. EVMPatch features a bytecode rewriting engine for the popular Ethereum blockchain, and transparently/automatically rewrites common off-the-shelf contracts to upgradable contracts. The proof-of-concept implementation of EVMPatch automatically hardens smart contracts that are vulnerable to integer over/underflows and access control errors, but can be easily extended to cover more bug classes. Our extensive evaluation on 14,000 real-world (vulnerable) contracts demonstrate that our approach successfully blocks attack transactions launched on these contracts, while keeping the intended functionality of the contract intact. We perform a study with experienced software developers, showing that EVMPatch is practical, and reduces the time for converting a given Solidity smart contract to an upgradable contract by 97.6 %, while ensuring functional equivalence to the original contract.