ACFix：利用挖掘的常见RBAC实践指导法学硕士在智能合约中基于上下文感知的访问控制漏洞修复

IF 5.6 1区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

IEEE Transactions on Software Engineering Pub Date : 2025-07-22 DOI:10.1109/TSE.2025.3590108

Lyuye Zhang;Kaixuan Li;Kairan Sun;Daoyuan Wu;Ye Liu;Haoye Tian;Yang Liu

{"title":"ACFix：利用挖掘的常见RBAC实践指导法学硕士在智能合约中基于上下文感知的访问控制漏洞修复","authors":"Lyuye Zhang;Kaixuan Li;Kairan Sun;Daoyuan Wu;Ye Liu;Haoye Tian;Yang Liu","doi":"10.1109/TSE.2025.3590108","DOIUrl":null,"url":null,"abstract":"Smart contracts are susceptible to various security issues, among which access control (AC) vulnerabilities are particularly critical. While existing research has proposed multiple detection tools, automatic and appropriate repair of AC vulnerabilities in smart contracts remains a challenge. Unlike commonly supported vulnerability types by existing repair tools, such as reentrancy, which are usually fixed by template-based approaches, the main obstacle of repairing AC vulnerabilities lies in identifying the appropriate roles or permissions amid a long list of non-AC-related source code to generate proper patch code, a task that demands human-level intelligence. In this paper, we employ the state-of-the-art GPT-4 model and enhance it with a novel approach called <sc>ACFix. The key insight is that we can mine common AC practices for major categories of code functionality and use them to guide LLMs in fixing code with similar functionality. To this end, <sc>ACFix involves offline and online phases. In the offline phase, <sc>ACFix mines a taxonomy of common Role-based Access Control practices from 344,251 on-chain contracts, categorizing 49 role-permission pairs from the top 1,000 unique samples. In the online phase, <sc>ACFix tracks AC-related elements across the contract and uses this context information along with a Chain-of-Thought pipeline to guide LLMs in identifying the most appropriate role-permission pair for the subject contract and subsequently generating a suitable patch. To evaluate <sc>ACFix, we built the first benchmark dataset of 118 real-world AC vulnerabilities, and our evaluation revealed that <sc>ACFix successfully repaired 94.92% of them, a major improvement compared to the baseline GPT-4 at only 52.54%. We also conducted a human study to understand the value of <sc>ACFix’s repairs and their differences from human repairs.","PeriodicalId":13324,"journal":{"name":"IEEE Transactions on Software Engineering","volume":"51 9","pages":"2512-2532"},"PeriodicalIF":5.6000,"publicationDate":"2025-07-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"ACFix: Guiding LLMs With Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts\",\"authors\":\"Lyuye Zhang;Kaixuan Li;Kairan Sun;Daoyuan Wu;Ye Liu;Haoye Tian;Yang Liu\",\"doi\":\"10.1109/TSE.2025.3590108\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Smart contracts are susceptible to various security issues, among which access control (AC) vulnerabilities are particularly critical. While existing research has proposed multiple detection tools, automatic and appropriate repair of AC vulnerabilities in smart contracts remains a challenge. Unlike commonly supported vulnerability types by existing repair tools, such as reentrancy, which are usually fixed by template-based approaches, the main obstacle of repairing AC vulnerabilities lies in identifying the appropriate roles or permissions amid a long list of non-AC-related source code to generate proper patch code, a task that demands human-level intelligence. In this paper, we employ the state-of-the-art GPT-4 model and enhance it with a novel approach called <sc>ACFix. The key insight is that we can mine common AC practices for major categories of code functionality and use them to guide LLMs in fixing code with similar functionality. To this end, <sc>ACFix involves offline and online phases. In the offline phase, <sc>ACFix mines a taxonomy of common Role-based Access Control practices from 344,251 on-chain contracts, categorizing 49 role-permission pairs from the top 1,000 unique samples. In the online phase, <sc>ACFix tracks AC-related elements across the contract and uses this context information along with a Chain-of-Thought pipeline to guide LLMs in identifying the most appropriate role-permission pair for the subject contract and subsequently generating a suitable patch. To evaluate <sc>ACFix, we built the first benchmark dataset of 118 real-world AC vulnerabilities, and our evaluation revealed that <sc>ACFix successfully repaired 94.92% of them, a major improvement compared to the baseline GPT-4 at only 52.54%. We also conducted a human study to understand the value of <sc>ACFix’s repairs and their differences from human repairs.\",\"PeriodicalId\":13324,\"journal\":{\"name\":\"IEEE Transactions on Software Engineering\",\"volume\":\"51 9\",\"pages\":\"2512-2532\"},\"PeriodicalIF\":5.6000,\"publicationDate\":\"2025-07-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Software Engineering\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/11086587/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Software Engineering","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11086587/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

摘要

智能合约容易受到各种安全问题的影响，其中访问控制（AC）漏洞尤为严重。虽然现有的研究已经提出了多种检测工具，但智能合约中AC漏洞的自动和适当修复仍然是一个挑战。与现有修复工具（如重入性）通常支持的漏洞类型（通常通过基于模板的方法修复）不同，修复AC漏洞的主要障碍在于在一长串与AC无关的源代码中识别适当的角色或权限，以生成适当的补丁代码，这是一项需要人类智力水平的任务。在本文中，我们采用了最先进的GPT-4模型，并通过一种称为ACFix的新方法对其进行了增强。关键的洞察力是，我们可以为代码功能的主要类别挖掘常见的AC实践，并使用它们来指导llm修复具有类似功能的代码。为此，ACFix分为离线和在线两个阶段。在离线阶段，ACFix从344,251个链上合约中挖掘了基于角色的常见访问控制实践的分类，从前1,000个唯一样本中对49个角色权限对进行了分类。在在线阶段，ACFix跟踪整个合同中的交流相关元素，并使用此上下文信息以及思想链管道来指导法学硕士为主题合同确定最合适的角色-权限对，并随后生成合适的补丁。为了评估ACFix，我们构建了118个真实AC漏洞的第一个基准数据集，我们的评估显示，ACFix成功修复了94.92%的漏洞，与基线GPT-4相比，这是一个重大改进，仅为52.54%。我们还进行了一项人体研究，以了解ACFix修复的价值及其与人类修复的区别。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

ACFix: Guiding LLMs With Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts

Smart contracts are susceptible to various security issues, among which access control (AC) vulnerabilities are particularly critical. While existing research has proposed multiple detection tools, automatic and appropriate repair of AC vulnerabilities in smart contracts remains a challenge. Unlike commonly supported vulnerability types by existing repair tools, such as reentrancy, which are usually fixed by template-based approaches, the main obstacle of repairing AC vulnerabilities lies in identifying the appropriate roles or permissions amid a long list of non-AC-related source code to generate proper patch code, a task that demands human-level intelligence. In this paper, we employ the state-of-the-art GPT-4 model and enhance it with a novel approach called ACFix. The key insight is that we can mine common AC practices for major categories of code functionality and use them to guide LLMs in fixing code with similar functionality. To this end, ACFix involves offline and online phases. In the offline phase, ACFix mines a taxonomy of common Role-based Access Control practices from 344,251 on-chain contracts, categorizing 49 role-permission pairs from the top 1,000 unique samples. In the online phase, ACFix tracks AC-related elements across the contract and uses this context information along with a Chain-of-Thought pipeline to guide LLMs in identifying the most appropriate role-permission pair for the subject contract and subsequently generating a suitable patch. To evaluate ACFix, we built the first benchmark dataset of 118 real-world AC vulnerabilities, and our evaluation revealed that ACFix successfully repaired 94.92% of them, a major improvement compared to the baseline GPT-4 at only 52.54%. We also conducted a human study to understand the value of ACFix’s repairs and their differences from human repairs.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Software Engineering 工程技术-工程：电子与电气

CiteScore

9.70

自引率

10.80%

发文量

724

审稿时长

6 months

期刊介绍： IEEE Transactions on Software Engineering seeks contributions comprising well-defined theoretical results and empirical studies with potential impacts on software construction, analysis, or management. The scope of this Transactions extends from fundamental mechanisms to the development of principles and their application in specific environments. Specific topic areas include: a) Development and maintenance methods and models: Techniques and principles for specifying, designing, and implementing software systems, encompassing notations and process models. b) Assessment methods: Software tests, validation, reliability models, test and diagnosis procedures, software redundancy, design for error control, and measurements and evaluation of process and product aspects. c) Software project management: Productivity factors, cost models, schedule and organizational issues, and standards. d) Tools and environments: Specific tools, integrated tool environments, associated architectures, databases, and parallel and distributed processing issues. e) System issues: Hardware-software trade-offs. f) State-of-the-art surveys: Syntheses and comprehensive reviews of the historical development within specific areas of interest.