Automatic Patching of Smart Contract Vulnerabilities Based on Comprehensive Bytecode Rewriting

Smart contracts are the latest extension of decentralized cryptocurrencies, how to patch vulnerable smart contracts in an automated way to combat the intensifying attacks has become an extremely critical task in recent years. However, the optimization of code size and gas overhead by existing patching tools is not enough, and vulnerability types supported by these tools are relatively single. This paper presents EtherEditor, a framework that can directly rewrite the bytecode without the need for high-level language source code. The main goal is to minimize the code size and gas overhead. Meanwhile, EtherEditor can detect and patch 7 vulnerability types in an automated way. To evaluate the effectiveness of EtherEditor, this paper applies EtherEditor to patch contracts in a CVE dataset and a large-scale dataset containing 14107 contracts. Experiment results demonstrate that EtherEditor can effectively fix insecure bytecode. Furthermore, this paper compares EtherEditor with other automatic patching tools, and results show that EtherEditor has better performance, compared with existing tools.