ContractTinker: LLM-Empowered Vulnerability Repair for Real-World Smart Contracts
Smart contracts are susceptible to being exploited by attackers, especially when facing real-world vulnerabilities. To mitigate this risk, developers often rely on third-party audit services to identify potential vulnerabilities before project deployment. Nevertheless, repairing the identified vulnerabilities is still complex and labor-intensive, particularly for developers lacking security expertise. Moreover, existing pattern-based repair tools mostly fail to address real-world vulnerabilities due to their lack of high-level semantic understanding. To fill this gap, we propose ContractTinker, a Large Language Models (LLMs)-empowered tool for real-world vulnerability repair. The key insight is our adoption of the Chain-of-Thought approach to break down the entire generation task into sub-tasks. Additionally, to reduce hallucination, we integrate program static analysis to guide the LLM. We evaluate ContractTinker on 48 high-risk vulnerabilities. The experimental results show that among the patches generated by ContractTinker, 23 (48%) are valid patches that fix the vulnerabilities, while 10 (21%) require only minor modifications. A video of ContractTinker is available at https://youtu.be/HWFVi-YHcPE.
Thu 31 OctDisplayed time zone: Pacific Time (US & Canada) change
15:30 - 16:30 | Smart contract and block chain 2NIER Track / Research Papers / Tool Demonstrations at Camellia Chair(s): Vladimir Filkov University of California at Davis, USA | ||
15:30 15mTalk | Semantic Sleuth: Identifying Ponzi Contracts via Large Language Models Research Papers Cong Wu The University of Hong Kong, Jing Chen Wuhan University, Ziwei Wang Wuhan University, Ruichao Liang Wuhan University, Ruiying Du Wuhan University | ||
15:45 15mTalk | AdvSCanner: Generating Adversarial Smart Contracts to Exploit Reentrancy Vulnerabilities Using LLM and Static Analysis Research Papers Yin Wu Xi'an Jiaotong University, Xiaofei Xie Singapore Management University, Chenyang Peng Xi'an Jiaotong University, Dijun Liu Ant Group, Hao Wu Xi'an JiaoTong University, Ming Fan Xi'an Jiaotong University, Ting Liu Xi'an Jiaotong University, Haijun Wang Xi’an Jiaotong University | ||
16:00 10mTalk | ContractTinker: LLM-Empowered Vulnerability Repair for Real-World Smart Contracts Tool Demonstrations Che Wang Peking University, China, Jiashuo Zhang Peking University, China, Jianbo Gao Beijing Jiaotong University, Libin Xia Peking University, Zhi Guan Peking University, Zhong Chen | ||
16:10 10mTalk | HighGuard: Cross-Chain Business Logic Monitoring of Smart Contracts Tool Demonstrations Mojtaba Eshghie KTH Royal Institute of Technology, Cyrille Artho KTH Royal Institute of Technology, Sweden, Hans Stammler KTH Royal Institute of Technology, Wolfgang Ahrendt Chalmers University of Technology, Thomas T. Hildebrandt University of Copenhagen, Gerardo Schneider University of Gothenburg | ||
16:20 10mTalk | Oracle-Guided Vulnerability Diversity and Exploit Synthesis of Smart Contracts Using LLMs NIER Track Mojtaba Eshghie KTH Royal Institute of Technology, Cyrille Artho KTH Royal Institute of Technology, Sweden | ||