ContractTinker: LLM-Empowered Vulnerability Repair for Real-World Smart Contracts

TL;DR

ContractTinker leverages large language models and static analysis to effectively repair real-world smart contract vulnerabilities, addressing limitations of pattern-based tools with high semantic understanding.

Contribution

The paper introduces ContractTinker, a novel LLM-powered tool that uses Chain-of-Thought reasoning and static analysis to improve vulnerability repair in smart contracts.

Findings

48% of generated patches are valid fixes

21% of patches need minor modifications

Effective on 48 high-risk vulnerabilities

Abstract

Smart contracts are susceptible to being exploited by attackers, especially when facing real-world vulnerabilities. To mitigate this risk, developers often rely on third-party audit services to identify potential vulnerabilities before project deployment. Nevertheless, repairing the identified vulnerabilities is still complex and labor-intensive, particularly for developers lacking security expertise. Moreover, existing pattern-based repair tools mostly fail to address real-world vulnerabilities due to their lack of high-level semantic understanding. To fill this gap, we propose ContractTinker, a Large Language Models (LLMs)-empowered tool for real-world vulnerability repair. The key insight is our adoption of the Chain-of-Thought approach to break down the entire generation task into sub-tasks. Additionally, to reduce hallucination, we integrate program static analysis to guide the LLM. We evaluate ContractTinker on 48 high-risk vulnerabilities. The experimental results show that among the patches generated by ContractTinker, 23 (48%) are valid patches that fix the vulnerabilities, while 10 (21%) require only minor modifications. A video of ContractTinker is available at https://youtu.be/HWFVi-YHcPE.