Two Timin': Repairing Smart Contracts With A Two-Layered Approach

TL;DR

This paper introduces a two-layered framework combining classification and repair of smart contracts using machine learning models, significantly reducing vulnerabilities while maintaining contract functionality.

Contribution

It presents a novel two-layered approach integrating vulnerability classification and automated repair using LLMs and RFCs, improving smart contract security.

Findings

Reduced vulnerabilities by 97.5% with GPT-3.5-Turbo

Reduced vulnerabilities by 96.7% with Llama-2-7B

Repaired contracts retain full functionality

Abstract

Due to the modern relevance of blockchain technology, smart contracts present both substantial risks and benefits. Vulnerabilities within them can trigger a cascade of consequences, resulting in significant losses. Many current papers primarily focus on classifying smart contracts for malicious intent, often relying on limited contract characteristics, such as bytecode or opcode. This paper proposes a novel, two-layered framework: 1) classifying and 2) directly repairing malicious contracts. Slither's vulnerability report is combined with source code and passed through a pre-trained RandomForestClassifier (RFC) and Large Language Models (LLMs), classifying and repairing each suggested vulnerability. Experiments demonstrate the effectiveness of fine-tuned and prompt-engineered LLMs. The smart contract repair models, built from pre-trained GPT-3.5-Turbo and fine-tuned Llama-2-7B models, reduced the overall vulnerability count by 97.5% and 96.7% respectively. A manual inspection of repaired contracts shows that all retain functionality, indicating that the proposed method is appropriate for automatic batch classification and repair of vulnerabilities in smart contracts.