计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (4): 362-368.doi: 10.11896/jsjkx.240800039

• 信息安全 • 上一篇    下一篇

基于T5模型的智能合约漏洞修复研究

焦健1,2, 陈瑞翔1, 贺强3, 渠开洋3, 张子怡1   

  1. 1 北京信息科技大学计算机学院 北京 102206
    2 北京信息科技大学未来区块链与隐私计算高精尖创新中心 北京 102206
    3 中国信息安全测评中心 北京 100193
  • 收稿日期:2024-08-06 修回日期:2024-09-26 出版日期:2025-04-15 发布日期:2025-04-14
  • 通讯作者: 焦健(jiaojian@bistu.edu.cn)
  • 基金资助:
    北京未来区块链与隐私计算高级创新中心(GJJ-23);促进高校分类发展-大学生创新创业训练计划项目——计算机学院(5112410852)

Study on Smart Contract Vulnerability Repair Based on T5 Model

JIAO Jian1,2, CHEN Ruixiang1, HE Qiang3, QU Kaiyang3, ZHANG Ziyi1   

  1. 1 School of Computer Science,Beijing University of Information Technology,Beijing 102206,China
    2 Beijing University of Information Technology Future Blockchain and Privacy Computing High Precision and Advanced Innovation Center,Beijing 102206,China
    3 China Information Security Assessment Center,Beijing 100193,China
  • Received:2024-08-06 Revised:2024-09-26 Online:2025-04-15 Published:2025-04-14
  • About author:JIAO Jian,born in 1978,Ph.D,professor,is a member of CCF(No.28495M).His main research interests include network security and blockchain.
  • Supported by:
    Beijing Advanced Innovation Center for Future Blockchain and Privacy Computing(GJJ-23) and Computer School of the College Student Innovation and Entrepreneurship Training Program,which Promotes the Development of Classified Universities(5112410852).

PDF (PC)

111

摘要: 针对以太坊智能合约漏洞修复问题,目前的研究主要集中在人工定义模板的方法上。此方法需要开发者具备丰富的专业知识,面对复杂漏洞时修复效果较差。在Solidity智能合约源代码层面,围绕智能合约的漏洞修复技术开展研究。引入机器学习的漏洞修复方式,设计并实现一个T5模型智能合约漏洞修复系统,解决人工依赖的问题。利用数据爬虫技术和数据增强技术,构建相应T5模型训练数据集。利用机器学习技术,训练智能合约漏洞修复T5模型。通过网络爬虫构建了一个测试数据集,对所提系统进行多角度的性能评估。在合约修复准确率、gas消耗和引入代码量等方面,与TIPS,SGUARD和Elysium等合约漏洞修复工具进行对比。实验结果表明,所提系统修复效果良好,整体性能优于其他漏洞修复工具。

关键词: 智能合约, 区块链, T5模型, 机器学习, 漏洞修复

Abstract: The current research on addressing vulnerabilities in Ethereum smart contracts primarily focuses on manually defined templates.This method requires developers to have extensive expertise,and its effectiveness is poor when dealing with complex vulnerabilities.This paper explores vulnerability repair techniques for smart contracts at the source code level in Solidity.By introducing a machine learning approach to vulnerability repair,we designe and implement a T5 model-based smart contract vulnerability repair system to tackle the problem of depending on manual intervention.Using data crawling and data augmentation techniques,we compile a training dataset specifically for the T5 model.The T5 model for repairing smart contract vulnerabilities is trained using machine learning techniques.A test dataset is constructed through web crawling to evaluate the system’s perfor-mance from various perspectives.The system’s accuracy in contract repair,gas consumption,and introduced code volume is compared with other contract vulnerability repair tools such as TIPS,SGUARD,and Elysium.Experimental results show that our system achieves good repair outcomes and overall performance superior to other vulnerability repair tools.

Key words: Smart contracts, Blockchain, T5 model, Machine learning, Vulnerability repair

中图分类号: 

  • TP309
[1]FAQIR-RHAZOUI Y,ARROYO J,HASSAN S.A comparative analysis of the platforms for decentralized autonomous organizations in the Ethereum blockchain[J].Journal of Internet Services and Applications,2021,12:1-20.
[2]GUPTA B C,KUMARN,HANDA A,et al.An insecurity study of ethereum smart contracts[C]//Security,Privacy,and Applied Cryptography Engineering:10th International Conference.SPACE,2020:17-21.
[3]КОМЛЕВА Н О,ТЕРЕЩЕНКО О.Requirements for thedevelopment of smart contracts and an overview of smart contract vulnerabilities at the Solidity code level on the Ethereum platform[J].Вiсник сучасних iнформацiйних технологй,2023,6(1):54-68.
[4]CHU H,ZHANG P,DONG H,et al.A survey on smart contract vulnerabilities:Data sources,detection and repair[J].Information and Software Technology,2023,159:107221.
[5]HE D,WU R,LI X,et al.Detection of vulnerabilities of block-chain smart contracts[J].IEEE Internet of Things Journal,2023,10(14):12178-12185.
[6]GAO C,YANG W,YE J,et al.sGuard+:Machine LearningGuided Rule-based Automated Vulnerability Repair on Smart Contracts[J].ACM Transactions on Software Engineering and Methodology,2024,33(5):1-55.
[7]KUSHWAHA S S,JOSHI S,SINGH D,et al.Systematic review of security vulnerabilities in ethereum blockchain smart contract[J].IEEE Access,2022,10:6605-6621.
[8]TAŞ R.Smart contract security vulnerabilities[J].ErzincanUniversity Journal of Science and Technology,2023,16(1):196-211.
[9]NARAYANA K L,SATHIYAMURTHY K.Automation and smart materials in detecting smart contracts vulnerabilities in Blockchain using deep learning[J].Materials Today:Proceedings,2023,81:653-659.
[10]CHU H T,ZHANG P C,DONG H,et al.A survey on smart contract vulnerabilities:Data sources,detection and repair[J].Information and Software Technology,2023,159:107221.
[11]RODLER M,LI W,KARAME G O,et al.{EVMPatch}:Timely and automated patching of ethereum smart contracts[C]//30th USENIX Security Symposium(USENIX Security 21).2021:1289-1306.
[12]ZHANG Y,MA S,LI J,et al.Smartshield:Automatic smartcontract protection made easy[C]//2020 IEEE 27th International Conference on Software Analysis,Evolution and Reengineering(SANER).IEEE,2020:23-34.
[13]JIN H,WANG Z,WEN M,et al.Aroc:An automatic repair framework for on-chain smart contracts[J].IEEE Transactions on Software Engineering,2021,48(11):4611-4629.
[14]FERREIRA TORRES C,JONKER H,STATE R.Elysium:Context-Aware Bytecode-Level Patching to Automatically Heal Vulnerable Smart Contracts[C]//Proceedings of the 25th International Symposium on Research in Attacks,Intrusions and Defenses.2022:115-128.
[15]YU X L,AL-BATAINEH O,LO D,et al.Smart contract repair[J].ACM Transactions on Software Engineering and Methodo-logy(TOSEM),2020,29(4):1-32.
[16]NGUYEN T D,PHAM L H,SUN J.SGUARD:towards fixing vulnerable smart contracts automatically[C]//2021 IEEE Symposium on Security and Privacy(SP).IEEE,2021:1215-1229.
[17]TOLMACH P,LI Y,LIN S W.Property-based automated repair of defi protocols[C]//Proceedings of the37th IEEE/ACM International Conference on Automated Software Engineering.2022:1-5.
[18]CHEN Q,ZHOU T,LIU K,et al.Tips:towards automatingpatch suggestion for vulnerable smart contracts[J].Automated Software Engineering,2023,30(2):31.
[19] CHEN R X,JIAO J,WANG R H.Intelligent Contract Vulnerability Detection System Based on Ontology Reasoning[J].Computer Science,2023,50(10):336-342.
[20]FEIST J,GRIECO G,GROCE A.Slither:a static analysisframework for smart contracts[C]//2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain(WETSEB).IEEE,2019:8-15.
[21]SHARMA N,SHARMA S.A survey of Mythril,a smart contract security analysis tool forEVM bytecode[J].Indian J Natural Sci,2022,13(75):51003-51010.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发