An Empirical Study on Real Bug Fixes from Solidity Smart Contract Projects

• URL: http://arxiv.org/abs/2210.11990v2
• Date: Mon, 12 Jun 2023 07:24:27 GMT
• Title: An Empirical Study on Real Bug Fixes from Solidity Smart Contract Projects
• Authors: Yilin Wang, Xiangping Chen, Yuan Huang, Hao-Nan Zhu, Jing Bian, Zibin Zheng
• Abstract summary: We conduct an empirical study on historical bug fixes from 46 real-world Solidity smart contract projects. We distill four findings during the process to explore these four questions. We provide actionable implications to improve the current approaches to fixing bugs in Solidity smart contracts.
• Score: 37.39791127265096
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Smart contracts are pieces of code that reside inside the blockchains and can be triggered to execute any transaction when specifically predefined conditions are satisfied. Being commonly used for commercial transactions in blockchain makes the security of smart contracts particularly important. Over the last few years, we have seen a great deal of academic and practical interest in detecting and fixing the bugs in smart contracts written by Solidity. But little is known about the real bug fixes in Solidity smart contract projects. To understand the bug fixes and enrich the knowledge of bug fixes in real-world projects, we conduct an empirical study on historical bug fixes from 46 real-world Solidity smart contract projects in this paper. We provide a multi-faceted discussion and mainly explore the following four questions: File Type and Amount, Fix Complexity, Bug distribution, and Fix Patches. We distill four findings during the process to explore these four questions. Finally, based on these findings, we provide actionable implications to improve the current approaches to fixing bugs in Solidity smart contracts from three aspects: Automatic repair techniques, Analysis tools, and Solidity developers.

Related papers

• Versioned Analysis of Software Quality Indicators and Self-admitted Technical Debt in Ethereum Smart Contracts with Ethstractor [2.052808596154225]
  This paper proposes Ethstractor, the first smart contract collection tool for gathering a dataset of versioned smart contracts. The collected dataset is then used to evaluate the reliability of code metrics as indicators of vulnerabilities in smart contracts.
  arXiv  Detail & Related papers  (2024-07-22T18:27:29Z)
• Vulnerabilities of smart contracts and mitigation schemes: A Comprehensive Survey [0.6554326244334866]
  This paper presents a literature review combined with an experimental report that aims to assist developers in developing secure smarts. It provides a list of frequent vulnerabilities and corresponding mitigation solutions. It evaluates the community most widely used tools by executing and testing them on sample smart contracts.
  arXiv  Detail & Related papers  (2024-03-28T19:36:53Z)
• Fixing Smart Contract Vulnerabilities: A Comparative Analysis of Literature and Developer's Practices [6.09162202256218]
  We refer to vulnerability fixing in the ways found in the literature as guidelines. It is not clear to what extent developers adhere to these guidelines, nor whether there are other viable common solutions and what they are. The goal of our research is to fill knowledge gaps related to developers' observance of existing guidelines and to propose new and viable solutions to security vulnerabilities.
  arXiv  Detail & Related papers  (2024-03-12T09:55:54Z)
• Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study [44.25093111430751]
  In 2023 alone, such vulnerabilities led to substantial financial losses exceeding a billion of US dollars. Various tools have been developed to detect and mitigate vulnerabilities in smart contracts. This study investigates the gap between the effectiveness of existing security scanners and the vulnerabilities that still persist in practice.
  arXiv  Detail & Related papers  (2023-12-27T11:26:26Z)
• Formally Verifying a Real World Smart Contract [52.30656867727018]
  We search for a tool capable of formally verifying a real-world smart contract written in a recent version of Solidity. In this article, we present our search for a tool capable of formally verifying a real-world smart contract written in a recent version of Solidity.
  arXiv  Detail & Related papers  (2023-07-05T14:30:21Z)
• SmartBugs 2.0: An Execution Framework for Weakness Detection in Ethereum Smart Contracts [0.757843972001219]
  Smart contracts are blockchain programs that often handle valuable assets. To support developers in identifying and eliminating vulnerabilities, methods and tools for the automated analysis have been proposed. We present SmartBugs 2.0, a modular execution framework for smart contract analysis.
  arXiv  Detail & Related papers  (2023-06-08T09:22:25Z)
• Using Developer Discussions to Guide Fixing Bugs in Software [51.00904399653609]
  We propose using bug report discussions, which are available before the task is performed and are also naturally occurring, avoiding the need for additional information from developers. We demonstrate that various forms of natural language context derived from such discussions can aid bug-fixing, even leading to improved performance over using commit messages corresponding to the oracle bug-fixing commits.
  arXiv  Detail & Related papers  (2022-11-11T16:37:33Z)
• Smart Contract Vulnerability Detection: From Pure Neural Network to Interpretable Graph Feature and Expert Pattern Fusion [48.744359070088166]
  Conventional smart contract vulnerability detection methods heavily rely on fixed expert rules. Recent deep learning approaches alleviate this issue but fail to encode useful expert knowledge. We develop automatic tools to extract expert patterns from the source code. We then cast the code into a semantic graph to extract deep graph features.
  arXiv  Detail & Related papers  (2021-06-17T07:12:13Z)
• ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning [80.85273827468063]
  Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable. We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts. We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
  arXiv  Detail & Related papers  (2021-03-23T15:04:44Z)
• Blockchain Enabled Smart Contract Based Applications: Deficiencies with the Software Development Life Cycle Models [0.0]
  The immutability of the blocks, where the smart contracts are stored, causes conflicts with the traditional Software Development Life Cycle (SDLC) models. This research article addresses this current problem by first exploring the six traditional SDLC models. It advocates that there is an urgent need to develop new standard model(s) to address the arising issues.
  arXiv  Detail & Related papers  (2020-01-21T03:48:46Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.