Litcius/Paper detail

Elysium: Context-Aware Bytecode-Level Patching to Automatically Heal Vulnerable Smart Contracts

Christof Ferreira Torres, Hugo Jonker, Radu State

202235 citationsDOIOpen Access PDF

Abstract

Fixing bugs is easiest by patching source code. However, source code is not always available: only 0.3% of the ∼ 49M smart contracts that are currently deployed on Ethereum have their source code publicly available. Moreover, since contracts may call functions from other contracts, security flaws in closed-source contracts may affect open-source contracts as well. However, current state-of-the-art approaches that operate on closed-source contracts (i.e., EVM bytecode), such as EVMPatch and SmartShield, make use of purely hard-coded templates that leverage fix patching patterns. As a result, they cannot dynamically adapt to the bytecode that is being patched, which severely limits their flexibility and scalability. For instance, when patching integer overflows using hard-coded templates, a particular patch template needs to be employed as the bounds to be checked are different for each integer size (i.e., one template for uint256, another template for uint64, etc.).

Topics & Concepts

BytecodeComputer scienceSource codeLeverage (statistics)ScalabilityTemplateOpen sourceContext (archaeology)Flexibility (engineering)Programming languageCode (set theory)Computer securityDistributed computingOperating systemJavaSoftwareArtificial intelligenceStatisticsSet (abstract data type)BiologyMathematicsPaleontologyBlockchain Technology Applications and SecurityCryptography and Data SecurityAdvanced Malware Detection Techniques
Elysium: Context-Aware Bytecode-Level Patching to Automatically Heal Vulnerable Smart Contracts | Litcius