ASE 2024
Sun 27 October - Fri 1 November 2024 Sacramento, California, United States
Thu 31 Oct 2024 16:00 - 16:10 at Camellia - Smart contract and block chain 2 Chair(s): Vladimir Filkov

Smart contracts are susceptible to being exploited by attackers, especially when facing real-world vulnerabilities. To mitigate this risk, developers often rely on third-party audit services to identify potential vulnerabilities before project deployment. Nevertheless, repairing the identified vulnerabilities is still complex and labor-intensive, particularly for developers lacking security expertise. Moreover, existing pattern-based repair tools mostly fail to address real-world vulnerabilities due to their lack of high-level semantic understanding. To fill this gap, we propose ContractTinker, a Large Language Models (LLMs)-empowered tool for real-world vulnerability repair. The key insight is our adoption of the Chain-of-Thought approach to break down the entire generation task into sub-tasks. Additionally, to reduce hallucination, we integrate program static analysis to guide the LLM. We evaluate ContractTinker on 48 high-risk vulnerabilities. The experimental results show that among the patches generated by ContractTinker, 23 (48%) are valid patches that fix the vulnerabilities, while 10 (21%) require only minor modifications. A video of ContractTinker is available at https://youtu.be/HWFVi-YHcPE.

Thu 31 Oct

Displayed time zone: Pacific Time (US & Canada) change

15:30 - 16:30
Smart contract and block chain 2NIER Track / Research Papers / Tool Demonstrations at Camellia
Chair(s): Vladimir Filkov University of California at Davis, USA
15:30
15m
Talk
Semantic Sleuth: Identifying Ponzi Contracts via Large Language Models
Research Papers
Cong Wu The University of Hong Kong, Jing Chen Wuhan University, Ziwei Wang Wuhan University, Ruichao Liang Wuhan University, Ruiying Du Wuhan University
15:45
15m
Talk
AdvSCanner: Generating Adversarial Smart Contracts to Exploit Reentrancy Vulnerabilities Using LLM and Static Analysis
Research Papers
Yin Wu Xi'an Jiaotong University, Xiaofei Xie Singapore Management University, Chenyang Peng Xi'an Jiaotong University, Dijun Liu Ant Group, Hao Wu Xi'an JiaoTong University, Ming Fan Xi'an Jiaotong University, Ting Liu Xi'an Jiaotong University, Haijun Wang Xi’an Jiaotong University
16:00
10m
Talk
ContractTinker: LLM-Empowered Vulnerability Repair for Real-World Smart Contracts
Tool Demonstrations
Che Wang Peking University, China, Jiashuo Zhang Peking University, China, Jianbo Gao Beijing Jiaotong University, Libin Xia Peking University, Zhi Guan Peking University, Zhong Chen
16:10
10m
Talk
HighGuard: Cross-Chain Business Logic Monitoring of Smart Contracts
Tool Demonstrations
Mojtaba Eshghie KTH Royal Institute of Technology, Cyrille Artho KTH Royal Institute of Technology, Sweden, Hans Stammler KTH Royal Institute of Technology, Wolfgang Ahrendt Chalmers University of Technology, Thomas T. Hildebrandt University of Copenhagen, Gerardo Schneider University of Gothenburg
16:20
10m
Talk
Oracle-Guided Vulnerability Diversity and Exploit Synthesis of Smart Contracts Using LLMs
NIER Track
Mojtaba Eshghie KTH Royal Institute of Technology, Cyrille Artho KTH Royal Institute of Technology, Sweden