Smart Contract Code Repair Recommendation based on Reinforcement Learning and Multi-metric Optimization

IF 6.6 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

ACM Transactions on Software Engineering and Methodology Pub Date : 2023-12-11 DOI:10.1145/3637229

Hanyang Guo, Yingye Chen, Xiangping Chen, Yuan Huang, Zibin Zheng

{"title":"Smart Contract Code Repair Recommendation based on Reinforcement Learning and Multi-metric Optimization","authors":"Hanyang Guo, Yingye Chen, Xiangping Chen, Yuan Huang, Zibin Zheng","doi":"10.1145/3637229","DOIUrl":null,"url":null,"abstract":"<p>A smart contract is a kind of code deployed on the blockchain that executes automatically once an event triggers a clause in the contract. Since smart contracts involve businesses such as asset transfer, they are more vulnerable to attacks, so it is crucial to ensure the security of smart contracts. Because a smart contract cannot be tampered with once deployed on the blockchain, for smart contract developers, it is necessary to fix vulnerabilities before deployment. Compared with many vulnerability detection tools for smart contracts, the amount of automatic fix approaches for smart contracts is relatively limited. These approaches mainly use defined pattern-based methods or heuristic search algorithms for vulnerability repairs. In this paper, we propose <i>RLRep</i>, a reinforcement learning-based approach to provide smart contract repair recommendations for smart contract developers automatically. This approach adopts an agent to provide repair action suggestions based on the vulnerable smart contract without any supervision, which can solve the problem of missing labeled data in machine learning-based repair methods. We evaluate our approach on a dataset containing 853 smart contract programs (programming language: Solidity) with different kinds of vulnerabilities. We split them into training and test set. The result shows that our approach can provide 54.97% correct repair recommendations for smart contracts.</p>","PeriodicalId":50933,"journal":{"name":"ACM Transactions on Software Engineering and Methodology","volume":"15 1","pages":""},"PeriodicalIF":6.6000,"publicationDate":"2023-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Software Engineering and Methodology","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3637229","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

A smart contract is a kind of code deployed on the blockchain that executes automatically once an event triggers a clause in the contract. Since smart contracts involve businesses such as asset transfer, they are more vulnerable to attacks, so it is crucial to ensure the security of smart contracts. Because a smart contract cannot be tampered with once deployed on the blockchain, for smart contract developers, it is necessary to fix vulnerabilities before deployment. Compared with many vulnerability detection tools for smart contracts, the amount of automatic fix approaches for smart contracts is relatively limited. These approaches mainly use defined pattern-based methods or heuristic search algorithms for vulnerability repairs. In this paper, we propose RLRep, a reinforcement learning-based approach to provide smart contract repair recommendations for smart contract developers automatically. This approach adopts an agent to provide repair action suggestions based on the vulnerable smart contract without any supervision, which can solve the problem of missing labeled data in machine learning-based repair methods. We evaluate our approach on a dataset containing 853 smart contract programs (programming language: Solidity) with different kinds of vulnerabilities. We split them into training and test set. The result shows that our approach can provide 54.97% correct repair recommendations for smart contracts.

查看原文本刊更多论文

基于强化学习和多指标优化的智能合约代码修复建议

智能合约是一种部署在区块链上的代码，一旦某个事件触发了合约中的某个条款，它就会自动执行。由于智能合约涉及资产转移等业务，更容易受到攻击，因此确保智能合约的安全性至关重要。由于智能合约一旦部署到区块链上就无法篡改，因此对于智能合约开发者来说，有必要在部署前修复漏洞。与许多智能合约漏洞检测工具相比，智能合约自动修复方法的数量相对有限。这些方法主要使用基于定义模式的方法或启发式搜索算法进行漏洞修复。在本文中，我们提出了基于强化学习的 RLRep 方法，为智能合约开发者自动提供智能合约修复建议。这种方法采用一个代理，在没有任何监督的情况下，根据有漏洞的智能合约提供修复行动建议，从而解决了基于机器学习的修复方法中标记数据缺失的问题。我们在一个包含 853 个存在不同类型漏洞的智能合约程序（编程语言：Solidity）的数据集上评估了我们的方法。我们将它们分为训练集和测试集。结果表明，我们的方法能为智能合约提供 54.97% 的正确修复建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Software Engineering and Methodology 工程技术-计算机：软件工程

CiteScore

6.30

自引率

4.50%

发文量

164

审稿时长

>12 weeks

期刊介绍： Designing and building a large, complex software system is a tremendous challenge. ACM Transactions on Software Engineering and Methodology (TOSEM) publishes papers on all aspects of that challenge: specification, design, development and maintenance. It covers tools and methodologies, languages, data structures, and algorithms. TOSEM also reports on successful efforts, noting practical lessons that can be scaled and transferred to other projects, and often looks at applications of innovative technologies. The tone is scholarly but readable; the content is worthy of study; the presentation is effective.