SolSaviour: A Defending Framework for Deployed Defective Smart Contracts

Zecheng Li, Yu Zhou, Songtao Guo, Bin Xiao

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

Abstract

A smart contract cannot be modified once deployed. Bugs in deployed smart contracts may cause devastating consequences. For example, the infamous reentrancy bug in the DAO contract allows attackers to arbitrarily withdraw ethers, which caused millions of dollars loss. Currently, the main countermeasure against contract bugs is to thoroughly detect and verify contracts before deployment, which, however, cannot defend against unknown bugs. These detection methods also suffer from possible false negative results. In this paper, we propose SolSaviour, a framework for repairing and recovering deployed defective smart contracts by redeploying patched contracts and migrating old contracts' internal states to the new ones. SolSaviour consists of a voteDestruct mechanism and a TEE cluster. The voteDestruct mechanism allows contract stake holders to decide whether to destroy the defective contract and withdraw inside assets. The TEE cluster is responsible for asset escrow, redeployment of patched contracts, and state migration. Our experiment results show that SolSaviour can successfully repair vulnerabilities, reduce asset losses, and recover all defective contracts. To the best of our knowledge, we are the first to propose a defending mechanism for repairing and recovering deployed defective smart contracts.

Original languageEnglish
Title of host publicationProceedings - 37th Annual Computer Security Applications Conference, ACSAC 2021
PublisherAssociation for Computing Machinery
Pages748-760
Number of pages13
ISBN (Electronic)9781450385794
DOIs
Publication statusPublished - 6 Dec 2021
Event37th Annual Computer Security Applications Conference, ACSAC 2021 - Virtual, Online, United States
Duration: 6 Dec 202110 Dec 2021

Publication series

NameACM International Conference Proceeding Series

Conference

Conference37th Annual Computer Security Applications Conference, ACSAC 2021
Country/TerritoryUnited States
CityVirtual, Online
Period6/12/2110/12/21

Keywords

  • Blockchain
  • Defence mechanism
  • Smart contract
  • Trusted execution environment (TEE)

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Cite this