The repair framework for on-chain vulnerable Ethereum smart contracts. Any questions with the tool, please contact [email protected]
- remove cmake-build-debug/ and .idea/ from ./TSE-Aroc/off-chain-patch-generation-system/Aroc/.
- Download and install Clion (https://www.jetbrains.com/clion/download/#section=windows).
- Open Clion: File -> New CMake Project from Sources... -> ./TSE-Aroc/off-chain-patch-generation-system/Aroc/.
cd ./TSE-Aroc/off-chain-patch-generation-system/Aroc/
mkdir build
cd build
cmake ..
make
The executable file called aroc
will be in the folder build/aroc/
cd ./TSE-Aroc/on-chain-exploit-prevention-system/
mkdir github.com/ethereum/
mv ./go-ethereum ./github.com/ethereum/
cd ./github.com/ethereum/go-ethereum/
make geth
cd ../
mkdir data
geth --datadir data init genesis.json
geth --datadir data --networkid xx --rpc --rpccorsdomain "*" --rpcaddr xx --rpcport xx --nodiscover --rpcapi "eth,net,web3,personal,miner" --allow-insecure-unlock console
- in the ./Aroc/aroc/main.cpp, set the value of `tesetDir` variable as the directory including the vulnerable contract.
- give the bug information in
0x0a0a0a0reBugInfo.csv
file: file_name contract_name target_line/bug_type .... - compile and run the Aroc to generate the patch: the patches are named as: file_name + contract_name.
- deploy the vulnerable contract to the private chain, and record the transaction nonce and the contract address.
- deploy the patch to the privte chain, and record the patch address.
- feed the patch address, the vulnerable contract address, the nonce of the vulnerable contract deployment transaction, and the vulnerable function signature to the
./TSE-Aroc/specoalTxCreator.go
. - run the specialTxCreator.go file to get the transaction payloads.
- send a transaction with the above payloads to the private chain.
Some details about the repository structure as following:
-
off-chain-patch-generation-system
includes the patch generation systemAroc
. -
on-chain-exploit-prevention-system
includes the enhanced EVMgo-ethereum
and the ethereum genesis filegenesis.json
. -
specialTxCreator.go
is used to generate the payloads of special transactions, which aims at binding the vulnerable contracts with the corresponding patches. -
dataSet
includes all experimental datasets. All evaluated contracts are given the source codes, the bug information and the corresponding patches. The vulnerability information for the contract is placed in the0x0a0a0a0reBugInfo.csv
file in the same directory as the contract. The corresponding patches named as (contractFileName+contractName) are also placed in the same directory as the vulnerable contract. Specifically,-
EVMPatch-comparison
is used to compare Aroc with EVMPatch[1]. -
EVMPatch-large scale
is used to evaluate the usability of Aroc. It is created based on the dataset provided by Osiris[2] (also used in EVMPatch):-
allSrcs4015.rar
includes all contracts with source codes in the Osiris dataSet. -
OsirisResultsOnAllSrcs4015.zip
includes the Osiris detection results onallSrcs4015.rar
. -
analyzeOsirisRes.py
is the tool to organize the Osiris detection results to extract the bug information. -
EVMPatch-Results.csv
includes the evaluation results of EVMPatch on the Osiris dataset. -
Sample500
includes the evaluation dataset on Aroc, Where contracts inorganizedoutData_repeatedDataset
contain repeated bugs.
-
-
contractGuard
is used to compare Aroc with ContractGuard[3]. -
sereum
is used to evaluate whether Aroc can repair the three new reentrancy patterns proposed by Sereum[4]. -
smartbugs
is used to evalute whether Aroc can repair diverse vulnerabilities.
-
[1] Rodler, M., Li, W., Karame, G. O., & Davi, L. (2021). EVMPatch: timely and automated patching of ethereum smart contracts. In 30th {USENIX} Security Symposium ({USENIX} Security 21).
[2] Torres, C. F., Schütte, J., & State, R. (2018, December). Osiris: Hunting for integer bugs in ethereum smart contracts. In Proceedings of the 34th Annual Computer Security Applications Conference (pp. 664-676).
[3] Wang, X., He, J., Xie, Z., Zhao, G., & Cheung, S. C. (2019). ContractGuard: Defend ethereum smart contracts with embedded intrusion detection. IEEE Transactions on Services Computing, 13(2), 314-328.
[4] Michael Rodler, Wenting Li, Ghassan O. Karame, & Lucas Davi. Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks. In Proceedings of the 26th Annual Network and Distributed System Security Symposium.