Fixing bugs is easiest by patching source code. However, source code is not always available: only 0.3% of the ~49M smart contracts that are currently deployed on Ethereum have their source code publicly available. Moreover, since contracts may call functions from other contracts, security flaws in closed-source contracts may affect open-source contracts as well. However, current state-of-the-art approaches that operate on closed-source contracts (i.e., EVM bytecode), such as EVMPatch and SmartShield, make use of purely hard-coded templates that leverage fix patching patterns. As a result, they cannot dynamically adapt to the bytecode that is being patched, which severely limits their flexibility and scalability. For instance, when patching integer overflows using hard-coded templates, a particular patch template needs to be employed as the bounds to be checked are different for each integer size. In this paper, we propose Elysium, a scalable approach towards automatic smart contract repair at the bytecode level. Elysium combines template-based and semantic-based patching by inferring context information from bytecode. Elysium is currently able to patch 7 different types of vulnerabilities in smart contracts automatically and can easily be extended with new templates and new bug-finding tools. We evaluate its effectiveness and correctness using 3 different datasets by replaying more than 500K transactions on patched contracts. We find that Elysium outperforms existing tools by patching at least 30% more contracts correctly. Finally, we also compare the overhead of Elysium in terms of deployment and transaction cost. In comparison to other tools, we find that generally Elysium minimizes the runtime cost (i.e., transaction cost) up to a factor of 1.7, for only a marginally higher deployment cost, where deployment cost is a one-time cost as compared to the runtime cost.
翻译:修补错误最容易的方法是修补源代码。 然而, 源代码并非总能提供: 目前部署在 Etheyum 的 ~ 49M 智能合同中,只有0.3%的 ~ 49M 智能合同可以公开使用源代码。 此外, 由于合同可能调用其他合同的功能, 封闭源合同中的安全缺陷也可能影响开源合同。 但是, 目前运行封闭源合同( e. EVM 字码) 的最先进的方法, 例如 EVMPatch 和 SmartShield, 使用纯粹硬码的模板模板来修复补补补模式。 结果, 他们无法动态地调整正在补补补的版本代码, 严重限制其灵活性和可缩缩缩缩缩。 例如, 当使用硬码模板补补全整整整整整整件时, 需要使用特定的补丁模板, 因为每个整数大小都不同。 在本文中, 我们建议使用一种可缩放的方法来自动修补全合同, 在多码级别一级找到一个比自动平整补全的模板和智能工具。 。 在目前基于模板和智能的交易中, 3级的易变缩格式中, 能够用新的易变换电子格式, 。 使用新的电子格式进行成本, 。