SCPatcher: Automated Smart Contract Code Repair via Retrieval-Augmented Generation and Knowledge Graph

TL;DR

SCPatcher is an automated smart contract repair framework that leverages retrieval-augmented generation and a knowledge graph to improve vulnerability fixing accuracy.

Contribution

It introduces a novel two-stage repair strategy using a knowledge graph and Chain-of-Thought reasoning to enhance smart contract vulnerability repair.

Findings

Achieves 81.5% overall repair rate on vulnerable contracts.

Attains 91.0% compilation pass rate, outperforming existing methods.

Constructs a knowledge graph from 5,000 verified Ethereum contracts.

Abstract

Smart contract vulnerabilities can cause substantial financial losses due to the immutability of code after deployment. While existing tools detect vulnerabilities, they cannot effectively repair them. In this paper, we propose SCPatcher, a framework that combines retrieval-augmented generation with a knowledge graph for automated smart contract repair. We construct a knowledge graph from 5,000 verified Ethereum contracts, extracting function-level relationships to build a semantic network. This graph serves as an external knowledge base that enhances Large Language Model reasoning and enables precise vulnerability patching. We introduce a two-stage repair strategy, initial knowledge-guided repair followed by Chain-of-Thought reasoning for complex vulnerabilities. Evaluated on a diverse set of vulnerable contracts, SCPatcher achieves 81.5\% overall repair rate and 91.0\% compilation pass rate, substantially outperforming existing methods.