Smart Contract Code Repair Recommendation based on Reinforcement Learning and Multi-metric Optimization-Reference-Cited by-同舟云学术

Smart Contract Code Repair Recommendation based on Reinforcement Learning and Multi-metric Optimization

Published:2023-12-11 Issue: Volume: Page:
ISSN:1049-331X
Container-title:ACM Transactions on Software Engineering and Methodology
language:en
Short-container-title:ACM Trans. Softw. Eng. Methodol.

Author:

Guo Hanyang¹,Chen Yingye²,Chen Xiangping³,Huang Yuan¹,Zheng Zibin¹

Affiliation:

1. School of Software Engineering, Sun Yat-Sen University, China

2. School of Computer Science and Engineering, Sun Yat-Sen University, China

3. School of Communication and Design, Sun Yat-Sen University, China

Abstract

A smart contract is a kind of code deployed on the blockchain that executes automatically once an event triggers a clause in the contract. Since smart contracts involve businesses such as asset transfer, they are more vulnerable to attacks, so it is crucial to ensure the security of smart contracts. Because a smart contract cannot be tampered with once deployed on the blockchain, for smart contract developers, it is necessary to fix vulnerabilities before deployment. Compared with many vulnerability detection tools for smart contracts, the amount of automatic fix approaches for smart contracts is relatively limited. These approaches mainly use defined pattern-based methods or heuristic search algorithms for vulnerability repairs. In this paper, we propose RLRep , a reinforcement learning-based approach to provide smart contract repair recommendations for smart contract developers automatically. This approach adopts an agent to provide repair action suggestions based on the vulnerable smart contract without any supervision, which can solve the problem of missing labeled data in machine learning-based repair methods. We evaluate our approach on a dataset containing 853 smart contract programs (programming language: Solidity) with different kinds of vulnerabilities. We split them into training and test set. The result shows that our approach can provide 54.97% correct repair recommendations for smart contracts.

Publisher

Association for Computing Machinery (ACM)

Subject

Software

Link

https://dl.acm.org/doi/pdf/10.1145/3637229

Reference82 articles.

1. Oxford Analytica . 2021. Poly Network attack underlines growing DeFi risks. Emerald Expert Briefingsoxan-es ( 2021 ). Oxford Analytica. 2021. Poly Network attack underlines growing DeFi risks. Emerald Expert Briefingsoxan-es (2021).

2. A survey of robot learning from demonstration

3. Johannes Bader , Andrew Scott , Michael Pradel , and Satish Chandra . 2019 . Getafix: Learning to Fix Bugs Automatically . Proc. ACM Program. Lang. 3, OOPSLA, Article 159 (oct 2019), 27 pages. https://doi.org/10.1145/3360585 10.1145/3360585 Johannes Bader, Andrew Scott, Michael Pradel, and Satish Chandra. 2019. Getafix: Learning to Fix Bugs Automatically. Proc. ACM Program. Lang. 3, OOPSLA, Article 159 (oct 2019), 27 pages. https://doi.org/10.1145/3360585

4. Dzmitry Bahdanau , Kyunghyun Cho , and Yoshua Bengio . 2015 . Neural Machine Translation by Jointly Learning to Align and Translate . In 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7-9, 2015, Conference Track Proceedings, Yoshua Bengio and Yann LeCun (Eds.). http://arxiv.org/abs/1409 .0473 Dzmitry Bahdanau, Kyunghyun Cho, and Yoshua Bengio. 2015. Neural Machine Translation by Jointly Learning to Align and Translate. In 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7-9, 2015, Conference Track Proceedings, Yoshua Bengio and Yann LeCun (Eds.). http://arxiv.org/abs/1409.0473

5. Karthikeyan Bhargavan , Antoine Delignat-Lavaud , Cédric Fournet , Anitha Gollamudi , Georges Gonthier , Nadim Kobeissi , Natalia Kulatova , Aseem Rastogi , Thomas Sibut-Pinote , Nikhil Swamy , and Santiago Zanella Béguelin . 2016 . Formal Verification of Smart Contracts: Short Paper . In Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, PLAS@CCS 2016 , Vienna, Austria , October 24, 2016, Toby C. Murray and Deian Stefan (Eds.). ACM, 91–96. https://doi.org/10.1145/2993600.2993611 10.1145/2993600.2993611 Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Anitha Gollamudi, Georges Gonthier, Nadim Kobeissi, Natalia Kulatova, Aseem Rastogi, Thomas Sibut-Pinote, Nikhil Swamy, and Santiago Zanella Béguelin. 2016. Formal Verification of Smart Contracts: Short Paper. In Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security, PLAS@CCS 2016, Vienna, Austria, October 24, 2016, Toby C. Murray and Deian Stefan (Eds.). ACM, 91–96. https://doi.org/10.1145/2993600.2993611