智能合约漏洞检测与修复研究综述

doi:10.3778/j.issn.1673-9418.2405019

摘要/Abstract

摘要： 智能合约是区块链的关键技术之一，它不依赖第三方权威机构，能够直接为用户双方提供可信的定制化服务，是区块链2.0的重要标志。随着智能合约应用范围的不断扩大，保障其安全可靠运行成为区块链安全领域的迫切问题。提出智能合约漏洞检测与修复研究框架，分别从漏洞数据集、机器学习方法、漏洞修复技术和补丁部署策略这4个方面分析总结现有智能合约漏洞检测与修复研究进展。对基于机器学习的智能合约漏洞检测方法进行研究，对比总结了8种智能合约漏洞类型、15个开源数据集现状以及传统机器学习方法、深度学习方法和大模型方法等现有模型方法优缺点，并提出使用符号执行、模糊测试、污点分析、形式化验证和集成框架5类漏洞检测工具与置信学习相结合的智能合约高质量数据集制作思路；分类介绍了自动化修复技术、机器学习修复技术和以太坊增强技术3类智能合约漏洞修复方案，全面比较了不同方案的优缺点，并总结了未来可以用于智能合约漏洞修复领域的相关技术；分析了智能合约安全现存问题并展望了未来研究方向。

关键词: 区块链, 智能合约安全, 漏洞检测, 漏洞修复, 机器学习

Abstract: The smart contract is a fundamental technology of blockchain, as it operates without the need for third-party authorities and can directly provide trusted customized services for users. It represents an important advancement in blockchain technology. As the application range of smart contracts continues to expand, ensuring their safe and reliable operation has become a pressing issue in the field of blockchain security. A research framework for smart contract vulnerability detection and repair is proposed, analyzing and summarizing the current research progress in four key aspects: vulnerability datasets, machine learning methods, vulnerability repair techniques, and patch deployment strategies. Firstly, this paper investigates machine learning-based smart contract vulnerability detection methods, comparing and summarizing 8 types of smart contract vulnerabilities, the current state of 15 open-source datasets, and the advantages and disadvantages of existing models, including traditional machine learning methods, deep learning approaches, and large models. Furthermore, a strategy for constructing high-quality smart contract vulnerability datasets is proposed, combining 5 types of vulnerability detection tools and confidence learning. The 5 types of vulnerability detection tools are symbolic execution, fuzz testing, taint analysis, formal verification, and integrated frameworks. Secondly, 3 categories of smart contract vulnerability repair solutions are systematically introduced: automated repair techniques, machine learning-based repair methods, and Ethereum enhancement technologies. A comprehensive comparison of different solutions is conducted, highlighting their respective advantages and limitations, along with an overview of relevant technologies that can be applied to smart contract vulnerability repair in the future. Finally, this paper analyzes existing security challenges in smart contracts and provides insights into future research directions.

Key words: blockchain, smart contract security, vulnerability detection, vulnerability repair, machine learning

刘哲旭, 李雷孝, 刘东江, 杜金泽, 林浩, 史建平. 智能合约漏洞检测与修复研究综述[J]. 计算机科学与探索, 2025, 19(4): 854-876.

LIU Zhexu, LI Leixiao, LIU Dongjiang, DU Jinze, LIN Hao, SHI Jianping. Review of Smart Contract Vulnerability Detection and Repair Research[J]. Journal of Frontiers of Computer Science and Technology, 2025, 19(4): 854-876.

参考文献

[1] 董伟良, 刘哲, 刘逵, 等. 智能合约漏洞检测技术综述[J]. 软件学报, 2024, 35(1): 38-62.
DONG W L, LIU Z, LIU K, et al. Survey on vulnerability detection technology of smart contracts[J]. Journal of Software, 2024, 35(1): 38-62.
[2] 付梦琳, 吴礼发, 洪征, 等. 智能合约安全漏洞挖掘技术研究[J]. 计算机应用, 2019, 39(7): 1959-1966.
FU M L, WU L F, HONG Z, et al. Research on vulnerability mining technique for smart contracts[J]. Journal of Computer Applications, 2019, 39(7): 1959-1966.
[3] 倪远东, 张超, 殷婷婷. 智能合约安全漏洞研究综述[J]. 信息安全学报, 2020, 5(3): 78-99.
NI Y D, ZHANG C, YIN T T. A survey of smart contract vulnerability research[J]. Journal of Cyber Security, 2020, 5(3): 78-99.
[4] 童俊成, 赵波. 区块链智能合约漏洞检测与自动化修复综述[J]. 计算机应用, 2023, 43(3): 785-793.
TONG J C, ZHAO B. Review on blockchain smart contract vulnerability detection and automatic repair[J]. Journal of Computer Applications, 2023, 43(3): 785-793.
[5] 崔展齐, 杨慧文, 陈翔, 等. 智能合约安全漏洞检测研究进展[J]. 软件学报, 2024, 35(5): 2235-2267.
CUI Z Q, YANG H W, CHEN X, et al. Research progress of security vulnerability detection of smart contracts[J]. Journal of Software, 2024, 35(5): 2235-2267.
[6] 钱鹏, 刘振广, 何钦铭, 等. 智能合约安全漏洞检测技术研究综述[J]. 软件学报, 2022, 33(8): 3059-3085.
QIAN P, LIU Z G, HE Q M, et al. Smart contract vulnerability detection technique: a survey[J]. Journal of Software, 2022, 33(8): 3059-3085.
[7] LIAO J W, TSAI T T, HE C K, et al. SoliAudit: smart contract vulnerability assessment based on machine learning and fuzz testing[C]//Proceedings of the 2019 6th International Conference on Internet of Things: Systems, Management and Security. Piscataway: IEEE, 2019: 458-465.
[8] DURIEUX T, FERREIRA J F, ABREU R, et al. Empirical review of automated analysis tools on 47, 587 Ethereum smart contracts[C]//Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. New York: ACM, 2020: 530-541.
[9] GHALEB A, PATTABIRAMAN K. How effective are smart contract analysis tools? Evaluating smart contract static analysis tools using bug injection[C]//Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis. New York: ACM, 2020: 415-427.
[10] ZHUANG Y, LIU Z G, QIAN P, et al. Smart contract vulnerability detection using graph neural networks[C]//Proceedings of the 29th International Joint Conference on Artificial Intelligence. Palo Alto: AAAI, 2021: 3283-3290.
[11] QIAN P, LIU Z G, YIN Y F, et al. Cross-modality mutual learning for enhancing smart contract vulnerability detection on bytecode[C]//Proceedings of the ACM Web Conference 2023. New York: ACM, 2023: 2220-2229.
[12] LIU Z G, QIAN P, YANG J X, et al. Rethinking smart contract fuzzing: fuzzing with invocation ordering and important branch revisiting[J]. IEEE Transactions on Information Forensics and Security, 2023, 18: 1237-1251.
[13] TORRES C F, IANNILLO A K, GERVAIS A, et al. ConFuzzius: a data dependency-aware hybrid fuzzer for smart contracts[C]//Proceedings of the 2021 IEEE European Symposium on Security and Privacy. Piscataway: IEEE, 2021: 103-119.
[14] CHOI J, KIM D, KIM S, et al. SMARTIAN: enhancing smart contract fuzzing with static and dynamic data-flow analyses[C]//Proceedings of the 2021 36th IEEE/ACM International Conference on Automated Software Engineering. Piscataway: IEEE, 2021: 227-239.
[15] SO S, HONG S, OH H. SmarTest: effectively hunting vulnerable transaction sequences in smart contracts through language model-guided symbolic execution[C]//Proceedings of the 30th USENIX Security Symposium, 2021: 1361-1378.
[16] SO S, LEE M, PARK J, et al. VERISMART: a highly precise safety verifier for ethereum smart contracts[C]//Proceedings of the 2020 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2020: 1678-1694.
[17] CHEN W M, SUN Z H, WANG H Y, et al. WASAI: uncovering vulnerabilities in Wasm smart contracts[C]//Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis. New York: ACM, 2022: 703-715.
[18] ZHENG Z B, ZHANG N, SU J Z, et al. Turn the rudder: a beacon of reentrancy detection for smart contracts on ethereum[C]//Proceedings of the 45th International Conference on Software Engineering. New York: ACM, 2023: 295-306.
[19] RODLER M, LI W, KARAME G O, et al. EVMPatch: timely and automated patching of ethereum smart contracts[C]//Proceedings of the 30th USENIX Security Symposium, 2021: 1289-1306.
[20] TORRES C F, SCHüTTE J, STATE R. Osiris: hunting for integer bugs in ethereum smart contracts[C]//Proceedings of the 34th Annual Computer Security Applications Conference. New York: ACM, 2018: 664-676.
[21] QIAN C, HU T Y, LI B X. A BiLSTM-attention model for detecting smart contract defects more accurately[C]//Proceedings of the 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security. Piscataway: IEEE, 2022: 53-62.
[22] YUAN Y, XIE T Y. SVChecker: a deep learning-based system for smart contract vulnerability detection[C]//Proceedings of the 2022 International Conference on Computer Application and Information Security, 2022: 226-231.
[23] HUANG Y H, JIANG B, CHAN W K, et al. EOSFuzzer: fuzzing EOSIO smart contracts for vulnerability detection[C]//Proceedings of the 12th Asia-Pacific Symposium on Internetware. New York: ACM, 2021: 99-109.
[24] LUU L, CHU D H, OLICKEL H, et al. Making smart contracts smarter[C]//Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2016: 254-269.
[25] TSANKOV P, DAN A, DRACHSLER-COHEN D, et al. Securify: practical security analysis of smart contracts[C]//Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2018: 67-82.
[26] CHEN J C, XIA X, LO D, et al. DefectChecker: automated smart contract defect detection by analyzing EVM bytecode[J]. IEEE Transactions on Software Engineering, 2022, 48(7): 2189-2207.
[27] KRUPP J, ROSSOW C, KRUPP J, et al. teEther: gnawing at ethereum to automatically exploit smart contracts[C]//Proceedings of the 27th USENIX Conference on Security Symposium, 2018: 1317-1333.
[28] CHEN T, LI X Q, LUO X P, et al. Under-optimized smart contracts devour your money[C]//Proceedings of the 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering. Piscataway: IEEE, 2017: 442- 446.
[29] MOSSBERG M, MANZANO F, HENNENFENT E, et al. Manticore: a user-friendly symbolic execution framework for binaries and smart contracts[C]//Proceedings of the 2019 34th IEEE/ACM International Conference on Automated Software Engineering. Piscataway: IEEE, 2019: 1186-1189.
[30] TORRES C F, STEICHEN M, STATE R, et al. The art of the scam[C]//Proceedings of the 28th USENIX Conference on Security Symposium, 2019: 1591-1607.
[31] NIKOLI? I, KOLLURI A, SERGEY I, et al. Finding the greedy, prodigal, and suicidal contracts at scale[C]//Proceedings of the 34th Annual Computer Security Applications Conference. New York: ACM, 2018: 653-663.
[32] CONTRO F, CROSARA M, CECCATO M, et al. EtherSolve: computing an accurate control-flow graph from ethereum bytecode[C]//Proceedings of the 2021 IEEE/ACM 29th International Conference on Program Comprehension. Piscataway: IEEE, 2021: 127-137.
[33] JIANG B, LIU Y, CHAN W K. ContractFuzzer: fuzzing smart contracts for vulnerability detection[C]//Proceedings of the 2018 33rd IEEE/ACM International Conference on Automated Software Engineering. Piscataway: IEEE, 2018: 259-269.
[34] LIU C, LIU H, CAO Z, et al. ReGuard: finding reentrancy bugs in smart contracts[C]//Proceedings of the 2018 IEEE/ACM 40th International Conference on Software Engineering: Companion. Piscataway: IEEE, 2018: 65-68.
[35] MA F C, FU Y, REN M, et al. V-gas: generating high gas consumption inputs to avoid out-of-gas vulnerability[EB/OL]. [2024-02-16]. https://arxiv.org/abs/1910.02945.
[36] ZHANG Q Z, WANG Y Z, LI J R, et al. EthPloit: from fuzzing to efficient exploit generation against smart contracts[C]//Proceedings of the 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering. Piscataway: IEEE, 2020: 116-126.
[37] NGUYEN T D, PHAM L H, SUN J, et al. sFuzz: an efficient adaptive fuzzer for solidity smart contracts[C]//Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. New York: ACM, 2020: 778-788.
[38] RODLER M, LI W T, KARAME G O, et al. Sereum: protecting existing smart contracts against re-entrancy attacks[EB/OL]. [2024-02-16]. https://arxiv.org/abs/1812.05934.
[39] ASHOURI M. Etherolic: a practical security analyzer for smart contracts[C]//Proceedings of the 35th Annual ACM Symposium on Applied Computing. New York: ACM, 2020: 353-356.
[40] BRENT L, GRECH N, LAGOUVARDOS S, et al. Ethainter: a smart contract security analyzer for composite vulnerabilities[C]//Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation. New York: ACM, 2020: 454-469.
[41] QIAN P, HE J T, LU L L, et al. Demystifying random number in ethereum smart contract: taxonomy, vulnerability identification, and attack detection[J]. IEEE Transactions on Software Engineering, 2023, 49(7): 3793-3810.
[42] BHARGAVAN K, DELIGNAT-LAVAUD A, FOURNET C, et al. Formal verification of smart contracts[C]//Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security. New York: ACM, 2016: 91-96.
[43] AMANI S, BéGEL M, BORTIN M, et al. Towards verifying ethereum smart contract bytecode in Isabelle/HOL[C]//Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs. New York: ACM, 2018: 66-77.
[44] PERMENEV A, DIMITROV D, TSANKOV P, et al. VerX: safety verification of smart contracts[C]//Proceedings of the 2020 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2020: 1661-1677.
[45] HILDENBRANDT E, SAXENA M, RODRIGUES N, et al. KEVM: a complete formal semantics of the ethereum virtual machine[C]//Proceedings of the 2018 IEEE 31st Computer Security Foundations Symposium. Piscataway: IEEE, 2018: 204-217.
[46] KALRA S, GOEL S, DHAWAN M, et al. ZEUS: analyzing safety of smart contracts[C]//Proceedings of the 2018 Network and Distributed System Security Symposium, 2018: 1-12.
[47] FERREIRA J F, CRUZ P, DURIEUX T, et al. SmartBugs: a framework to analyze solidity smart contracts[C]//Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering. Piscataway: IEEE, 2020: 1349-1352.
[48] DI ANGELO M, DURIEUX T, FERREIRA J F, et al. SmartBugs 2.0: an execution framework for weakness detection in ethereum smart contracts[C]//Proceedings of the 2023 38th IEEE/ACM International Conference on Automated Software Engineering. Piscataway: IEEE, 2023: 2102-2105.
[49] CHEN T, CAO R, LI T, et al. SODA: a generic online detection framework for smart contracts[C]//Proceedings of the 2020 Network and Distributed System Security Symposium, 2020.
[50] TIKHOMIROV S, VOSKRESENSKAYA E, IVANITSKIY I, et al. SmartCheck: static analysis of ethereum smart contracts[C]//Proceedings of the 2018 IEEE/ACM 1st International Workshop on Emerging Trends in Software Engineering for Blockchain. Piscataway: IEEE, 2018: 9-16.
[51] FEIST J, GRIECO G, GROCE A. Slither: a static analysis framework for smart contracts[C]//Proceedings of the 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain. Piscataway: IEEE, 2019: 8-15.
[52] NORTHCUTT C, JIANG L, CHUANG I. Confident learning: estimating uncertainty in dataset labels[J]. Journal of Artificial Intelligence Research, 2021, 70: 1373-1411.
[53] ESHGHIE M, ARTHO C, GUROV D, et al. Dynamic vulnerability detection on smart contracts using machine learning[C]//Proceedings of the 25th International Conference on Evaluation and Assessment in Software Engineering. New York: ACM, 2021: 305-312.
[54] HAO X H, REN W, ZHENG W W, et al. SCScan: a SVM-based scanning system for vulnerabilities in blockchain smart contracts[C]//Proceedings of the 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications. Piscataway: IEEE, 2020: 1598-1605.
[55] WANG W, SONG J J, XU G Q, et al. ContractWard: automated vulnerability detection models for ethereum smart contracts[J]. IEEE Transactions on Network Science and Engineering, 2021, 8(2): 1133-1144.
[56] HUANG Y W, FANG S, LI J W, et al. SmartIntentNN: towards smart contract intent detection[EB/OL]. [2024-02-16]. https://arxiv.org/abs/2211.13670.
[57] 张红霞, 王琪, 王登岳, 等. 基于深度学习的区块链蜜罐陷阱合约检测[J]. 通信学报, 2022, 43(1): 194-202.
ZHANG H X, WANG Q, WANG D Y, et al. Honeypot contract detection of blockchain based on deep learning[J]. Journal on Communications, 2022, 43(1): 194-202.
[58] ASHIZAWA N, YANAI N, CRUZ J P, et al. Eth2Vec: learning contract-wide code representations for vulnerability detection on ethereum smart contracts[C]//Proceedings of the 3rd ACM International Symposium on Blockchain and Secure Critical Infrastructure. New York: ACM, 2021: 47-59.
[59] 刘泽润, 郑红, 邱俊杰. 基于抽象语法树裁剪的智能合约漏洞检测研究[J]. 计算机科学, 2023, 50(4): 317-322.
LIU Z R, ZHENG H, QIU J J. Smart contract vulnerability detection based on abstract syntax tree pruning[J]. Computer Science, 2023, 50(4): 317-322.
[60] 王友卫, 侯玉栋, 凤丽洲. 基于源码结构和图注意力网络的以太坊蜜罐合约检测方法[J]. 通信学报, 2023, 44(9): 161-172.
WANG Y W, HOU Y D, FENG L Z. Honeypot contract detection method for Ethereum based on source code structure and graph attention network[J]. Journal on Communications, 2023, 44(9): 161-172.
[61] CHEN D, FENG L, FAN Y Q, et al. Smart contract vulnerability detection based on semantic graph and residual graph convolutional networks with edge attention[J]. Journal of Systems and Software, 2023, 202: 111705.
[62] ZENG Q R, HE J H, ZHAO G S, et al. EtherGIS: a vulnerability detection framework for ethereum smart contracts based on graph learning features[C]//Proceedings of the 2022 IEEE 46th Annual Computers, Software, and Applications Conference. Piscataway: IEEE, 2022: 1742-1749.
[63] CAI J, LI B, ZHANG J L, et al. Combine sliced joint graph with graph neural networks for smart contract vulnerability detection[J]. Journal of Systems and Software, 2023, 195: 111550.
[64] LIU Z G, QIAN P, WANG X Y, et al. Combining graph neural networks with expert knowledge for smart contract vulnerability detection[J]. IEEE Transactions on Knowledge and Data Engineering, 2023, 35(2): 1296-1310.
[65] NGUYEN H H, NGUYEN N M, DOAN H P, et al. MANDO-GURU: vulnerability detection for smart contract source code by heterogeneous graph embeddings[C]//Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. New York: ACM, 2022: 1736-1740.
[66] LI N F, LIU Y, LI L N, et al. Smart contract vulnerability detection based on deep and cross network[C]//Proceedings of the 2022 3rd International Conference on Computer Vision, Image and Deep Learning & International Conference on Computer Engineering and Applications. Piscataway: IEEE, 2022: 533-536.
[67] LUO F, LUO R J, CHEN T, et al. SCVHunter: smart contract vulnerability detection based on heterogeneous graph attention network[C]//Proceedings of the IEEE/ACM 46th International Conference on Software Engineering. New York: ACM, 2024: 1-13.
[68] ZHEN Z X, ZHAO X F, ZHANG J K, et al. DA-GNN: a smart contract vulnerability detection method based on dual attention graph neural network[J]. Computer Networks, 2024, 242: 110238.
[69] CAI J, LI B, ZHANG T, et al. Fine-grained smart contract vulnerability detection by heterogeneous code feature learning and automated dataset construction[J]. Journal of Systems and Software, 2024, 209: 111919.
[70] GAO Z P, JAYASUNDARA V, JIANG L X, et al. SmartEmbed: a tool for clone and bug detection in smart contracts through structural code embedding[C]//Proceedings of the 2019 IEEE International Conference on Software Maintenance and Evolution. Piscataway: IEEE, 2019: 394-397.
[71] HE J X, BALUNOVI? M, AMBROLADZE N, et al. Learning to fuzz from symbolic execution with application to smart contracts[C]//Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM, 2019: 531-548.
[72] 赵明敏, 杨秋辉, 洪玫, 等. 基于深度学习和信息反馈的智能合约模糊测试方法[J]. 计算机科学, 2023, 50(9): 117-122.
ZHAO M M, YANG Q H, HONG M, et al. Smart contract fuzzing based on deep learning and information feedback[J]. Computer Science, 2023, 50(9): 117-122.
[73] ZHANG L J, WANG J L, WANG W Z, et al. Smart contract vulnerability detection combined with multi-objective detection[J]. Computer Networks, 2022, 217: 109289.
[74] WU Z D, LI S, WANG B, et al. Detecting vulnerabilities in ethereum smart contracts with deep learning[C]//Proceedings of the 2022 4th International Conference on Data Intelligence and Security. Piscataway: IEEE, 2022: 55-60.
[75] JIE W Q, CHEN Q, WANG J Q, et al. A novel extended multimodal AI framework towards vulnerability detection in smart contracts[J]. Information Sciences, 2023, 636: 118907.
[76] SENDNER C, CHEN H L, FEREIDOONI H, et al. Smarter contracts: detecting vulnerabilities in smart contracts with deep transfer learning[C]//Proceedings of the 2023 Network and Distributed System Security Symposium, 2023.
[77] ZHOU K, HUANG J, HAN H G, et al. Smart contracts vulnerability detection model based on adversarial multi-task learning[J]. Journal of Information Security and Applications, 2023, 77: 103555.
[78] WU H J, ZHANG Z, WANG S W, et al. Peculiar: smart contract vulnerability detection based on crucial data flow graph and pre-training techniques[C]//Proceedings of the 2021 IEEE 32nd International Symposium on Software Reliability Engineering. Piscataway: IEEE, 2021: 378-389.
[79] YUAN D W, WANG X H, LI Y, et al. Optimizing smart contract vulnerability detection via multi-modality code and entropy embedding[J]. Journal of Systems and Software, 2023, 202: 111699.
[80] ZHANG Z, LEI Y, YAN M, et al. Reentrancy vulnerability detection and localization: a deep learning based two-phase approach[C]//Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering. New York: ACM, 2022: 1-13.
[81] DU M N, LIU N H, HU X. Techniques for interpretable machine learning[J]. Communications of the ACM, 2019, 63(1): 68-77.
[82] LIU Y, WANG C, MA Y. DL4SC: a novel deep learning-based vulnerability detection framework for smart contracts[J]. Automated Software Engineering, 2024, 31(1): 24.
[83] CHEN Y Z, SUN Z Y, GONG Z H, et al. Improving smart contract security with contrastive learning-based vulnerability detection[C]//Proceedings of the IEEE/ACM 46th International Conference on Software Engineering. New York: ACM, 2024: 1-11.
[84] LE GOUES C, PRADEL M, ROYCHOUDHURY A. Automated program repair[J]. Communications of the ACM, 2019, 62(12): 56-65.
[85] LIU K, LI L, KOYUNCU A, et al. A critical review on the evaluation of automated program repair systems[J]. Journal of Systems and Software, 2021, 171: 110817.
[86] CHEN Q G, ZHOU T, LIU K, et al. Tips: towards automating patch suggestion for vulnerable smart contracts[J]. Auto-mated Software Engineering, 2023, 30(2): 31.
[87] 姜佳君, 陈俊洁, 熊英飞. 软件缺陷自动修复技术综述[J]. 软件学报, 2021, 32(9): 2665-2690.
JIANG J J, CHEN J J, XIONG Y F. Survey of automatic program repair techniques[J]. Journal of Software, 2021, 32(9): 2665-2690.
[88] FERREIRA TORRES C, JONKER H, STATE R, et al. Elysium: context-aware bytecode-level patching to automatically heal vulnerable smart contracts[C]//Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses. New York: ACM, 2022: 115-128.
[89] FANG P C, GAO P, PENG Y, et al. CONTRACTFIX: a framework for automatically fixing vulnerabilities in smart contracts[EB/OL]. [2024-03-14]. https://arxiv.org/abs/2307.08912.
[90] ZHANG Y Y, MA S Q, LI J R, et al. SMARTSHIELD: automatic smart contract protection made easy[C]//Proceedings of the 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering. Piscataway: IEEE, 2020: 23-34.
[91] NGUYEN T D, PHAM L H, SUN J. SGUARD: towards fixing vulnerable smart contracts automatically[C]//Proceedings of the 2021 IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2021: 1215-1229.
[92] YU X L, AL-BATAINEH O, LO D, et al. Smart contract repair[J]. ACM Transactions on Software Engineering and Methodology, 2020, 29(4): 1-32.
[93] TOLMACH P, LI Y, LIN S W. Property-based automated repair of DeFi protocols[C]//Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering. New York: ACM, 2022: 1-5.
[94] SO S, OH H, SO S, et al. SmartFix: fixing vulnerable smart contracts by accelerating generate-and-verify repair using statistical models[C]//Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering. New York: ACM, 2023: 185-197.
[95] FENG Z J, FENG Y M, HE H, et al. A bytecode-based integrated detection and repair method for reentrancy vulnerabilities in smart contracts[J]. IET Blockchain, 2024, 4(3): 235-251.
[96] SOUD M, QASSE I, LIEBEL G, et al. AutoMESC: automatic framework for mining and classifying ethereum smart contract vulnerabilities and their fixes[C]//Proceedings of the 2023 49th Euromicro Conference on Software Engineering and Advanced Applications. Piscataway: IEEE, 2023: 410-417.
[97] HAO Z H, ZHANG B, MAO D H, et al. A novel method using LSTM-RNN to generate smart contracts code templates for improved usability[J]. Multimedia Tools and Applications, 2023, 82(27): 41669-41699.
[98] ZHANG Q J, FANG C R, MA Y X, et al. A survey of learning-based automated program repair[J]. ACM Transactions on Software Engineering and Methodology, 2023, 33(2): 1-69.
[99] LI Z C, ZHOU Y, GUO S T, et al. SolSaviour: a defending framework for deployed defective smart contracts[C]//Proceedings of the 37th Annual Computer Security Applications Conference. New York: ACM, 2021: 748-760.
[100] JIN H, WANG Z L, WEN M, et al. Aroc: an automatic repair framework for on-chain smart contracts[J]. IEEE Transactions on Software Engineering, 2022, 48(11): 4611-4629.
[101] ZOU D, HU Y, LI W, et al. mVulPreter: a multi-granularity vulnerability detection system with interpretations[J]. IEEE Transactions on Dependable and Secure Computing, 2022. DOI: 10.1109/TDSC.2022.3199769.