Two Timin': Repairing Smart Contracts With A Two-Layered Approach
- URL: http://arxiv.org/abs/2309.07841v1
- Date: Thu, 14 Sep 2023 16:37:23 GMT
- Title: Two Timin': Repairing Smart Contracts With A Two-Layered Approach
- Authors: Abhinav Jain, Ehan Masud, Michelle Han, Rohan Dhillon, Sumukh Rao,
Arya Joshi, Salar Cheema, Saurav Kumar
- Abstract summary: This paper proposes a novel, two-layered framework for classifying and repairing smart contracts.
Slither's vulnerability report is combined with source code and passed through a pre-trained RandomForestClassifier (RFC) and Large Language Models (LLMs)
Experiments demonstrate the effectiveness of fine-tuned and prompt-engineered LLMs.
- Score: 3.2154249558826846
- License: http://creativecommons.org/licenses/by-nc-sa/4.0/
- Abstract: Due to the modern relevance of blockchain technology, smart contracts present
both substantial risks and benefits. Vulnerabilities within them can trigger a
cascade of consequences, resulting in significant losses. Many current papers
primarily focus on classifying smart contracts for malicious intent, often
relying on limited contract characteristics, such as bytecode or opcode. This
paper proposes a novel, two-layered framework: 1) classifying and 2) directly
repairing malicious contracts. Slither's vulnerability report is combined with
source code and passed through a pre-trained RandomForestClassifier (RFC) and
Large Language Models (LLMs), classifying and repairing each suggested
vulnerability. Experiments demonstrate the effectiveness of fine-tuned and
prompt-engineered LLMs. The smart contract repair models, built from
pre-trained GPT-3.5-Turbo and fine-tuned Llama-2-7B models, reduced the overall
vulnerability count by 97.5% and 96.7% respectively. A manual inspection of
repaired contracts shows that all retain functionality, indicating that the
proposed method is appropriate for automatic batch classification and repair of
vulnerabilities in smart contracts.
Related papers
- ContractTinker: LLM-Empowered Vulnerability Repair for Real-World Smart Contracts [8.756175353426304]
Smart contracts are susceptible to being exploited by attackers, especially when facing real-world vulnerabilities.
To mitigate this risk, developers often rely on third-party audit services to identify potential vulnerabilities before project deployment.
Existing pattern-based repair tools mostly fail to address real-world vulnerabilities due to their lack of high-level semantic understanding.
arXiv Detail & Related papers (2024-09-15T08:24:01Z) - Jailbreaking as a Reward Misspecification Problem [80.52431374743998]
We propose a novel perspective that attributes this vulnerability to reward misspecification during the alignment process.
We introduce a metric ReGap to quantify the extent of reward misspecification and demonstrate its effectiveness.
We present ReMiss, a system for automated red teaming that generates adversarial prompts in a reward-misspecified space.
arXiv Detail & Related papers (2024-06-20T15:12:27Z) - Improving Smart Contract Security with Contrastive Learning-based Vulnerability Detection [8.121484960948303]
We propose Contrastive Learning Enhanced Automated Recognition Approach for Smart Contract Vulnerabilities, named Clear.
In particular, Clear employs a contrastive learning (CL) model to capture the fine-grained correlation information among contracts.
We show that Clear achieves optimal performance over all baseline methods; (2) 9.73%-39.99% higher F1-score than existing deep learning methods.
arXiv Detail & Related papers (2024-04-27T09:13:25Z) - Doubly Robust Instance-Reweighted Adversarial Training [107.40683655362285]
We propose a novel doubly-robust instance reweighted adversarial framework.
Our importance weights are obtained by optimizing the KL-divergence regularized loss function.
Our proposed approach outperforms related state-of-the-art baseline methods in terms of average robust performance.
arXiv Detail & Related papers (2023-08-01T06:16:18Z) - CONTRACTFIX: A Framework for Automatically Fixing Vulnerabilities in
Smart Contracts [12.68736241704817]
ContractFix is a framework that automatically generates security patches for vulnerable smart contracts.
Users can use it as a security fix-it tool that automatically applies patches and verifies the patched contracts.
arXiv Detail & Related papers (2023-07-18T01:14:31Z) - Enhancing Multiple Reliability Measures via Nuisance-extended
Information Bottleneck [77.37409441129995]
In practical scenarios where training data is limited, many predictive signals in the data can be rather from some biases in data acquisition.
We consider an adversarial threat model under a mutual information constraint to cover a wider class of perturbations in training.
We propose an autoencoder-based training to implement the objective, as well as practical encoder designs to facilitate the proposed hybrid discriminative-generative training.
arXiv Detail & Related papers (2023-03-24T16:03:21Z) - CRFL: Certifiably Robust Federated Learning against Backdoor Attacks [59.61565692464579]
This paper provides the first general framework, Certifiably Robust Federated Learning (CRFL), to train certifiably robust FL models against backdoors.
Our method exploits clipping and smoothing on model parameters to control the global model smoothness, which yields a sample-wise robustness certification on backdoors with limited magnitude.
arXiv Detail & Related papers (2021-06-15T16:50:54Z) - A Bytecode-based Approach for Smart Contract Classification [10.483992071557195]
The number of smart contracts deployed on blockchain platforms is growing exponentially, which makes it difficult for users to find desired services by manual screening.
Current research on smart contract classification focuses on Natural Language Processing (NLP) solutions which are based on contract source code.
This paper proposes a classification model based on features from contract bytecode instead of source code to solve these problems.
arXiv Detail & Related papers (2021-05-31T03:00:29Z) - ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep
Neural Network and Transfer Learning [80.85273827468063]
Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable.
We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts.
We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
arXiv Detail & Related papers (2021-03-23T15:04:44Z) - Robust Encodings: A Framework for Combating Adversarial Typos [85.70270979772388]
NLP systems are easily fooled by small perturbations of inputs.
Existing procedures to defend against such perturbations provide guaranteed robustness to worst-case attacks.
We introduce robust encodings (RobEn) that confer guaranteed robustness without making compromises on model architecture.
arXiv Detail & Related papers (2020-05-04T01:28:18Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.