Saved in:
Bibliographic Details
Main Authors: Bobadilla, Sofia, Jin, Monica, Monperrus, Martin
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2501.04600
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909874284134400
author Bobadilla, Sofia
Jin, Monica
Monperrus, Martin
author_facet Bobadilla, Sofia
Jin, Monica
Monperrus, Martin
contents Automated Program Repair (APR) for smart contract security promises to automatically mitigate smart contract vulnerabilities responsible for billions in financial losses. However, the true effectiveness of this research in addressing smart contract exploits remains uncharted territory. This paper bridges this critical gap by introducing a novel and systematic experimental framework for evaluating exploit mitigation of program repair tools for smart contracts. We qualitatively and quantitatively analyze 20 state-of-the-art APR tools using a dataset of 143 vulnerable smart contracts, for which we manually craft 91 executable exploits. We are the very first to define and measure the essential "exploit mitigation rate" , giving researchers and practitioners a real sense of effectiveness of cutting edge techniques. Our findings reveal substantial disparities in the state of the art, with an exploit mitigation rate ranging from a low of 29% to a high of 74%. Our study identifies systemic limitations, such as inconsistent functionality preservation, that must be addressed in future research on program repair for smart contracts.
format Preprint
id arxiv_https___arxiv_org_abs_2501_04600
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Do Automated Fixes Truly Mitigate Smart Contract Exploits?
Bobadilla, Sofia
Jin, Monica
Monperrus, Martin
Software Engineering
Automated Program Repair (APR) for smart contract security promises to automatically mitigate smart contract vulnerabilities responsible for billions in financial losses. However, the true effectiveness of this research in addressing smart contract exploits remains uncharted territory. This paper bridges this critical gap by introducing a novel and systematic experimental framework for evaluating exploit mitigation of program repair tools for smart contracts. We qualitatively and quantitatively analyze 20 state-of-the-art APR tools using a dataset of 143 vulnerable smart contracts, for which we manually craft 91 executable exploits. We are the very first to define and measure the essential "exploit mitigation rate" , giving researchers and practitioners a real sense of effectiveness of cutting edge techniques. Our findings reveal substantial disparities in the state of the art, with an exploit mitigation rate ranging from a low of 29% to a high of 74%. Our study identifies systemic limitations, such as inconsistent functionality preservation, that must be addressed in future research on program repair for smart contracts.
title Do Automated Fixes Truly Mitigate Smart Contract Exploits?
topic Software Engineering
url https://arxiv.org/abs/2501.04600