TY - GEN
T1 - SolSaviour: A Defending Framework for Deployed Defective Smart Contracts
AU - Li, Zecheng
AU - Zhou, Yu
AU - Guo, Songtao
AU - Xiao, Bin
N1 - Funding Information:
This paper is partially supported by HK RGC GRF PolyU 152124/19E and 15216220.
Publisher Copyright:
© 2021 Association for Computing Machinery.
PY - 2021/12/6
Y1 - 2021/12/6
N2 - A smart contract cannot be modified once deployed. Bugs in deployed smart contracts may cause devastating consequences. For example, the infamous reentrancy bug in the DAO contract allows attackers to arbitrarily withdraw ethers, which caused millions of dollars loss. Currently, the main countermeasure against contract bugs is to thoroughly detect and verify contracts before deployment, which, however, cannot defend against unknown bugs. These detection methods also suffer from possible false negative results. In this paper, we propose SolSaviour, a framework for repairing and recovering deployed defective smart contracts by redeploying patched contracts and migrating old contracts' internal states to the new ones. SolSaviour consists of a voteDestruct mechanism and a TEE cluster. The voteDestruct mechanism allows contract stake holders to decide whether to destroy the defective contract and withdraw inside assets. The TEE cluster is responsible for asset escrow, redeployment of patched contracts, and state migration. Our experiment results show that SolSaviour can successfully repair vulnerabilities, reduce asset losses, and recover all defective contracts. To the best of our knowledge, we are the first to propose a defending mechanism for repairing and recovering deployed defective smart contracts.
AB - A smart contract cannot be modified once deployed. Bugs in deployed smart contracts may cause devastating consequences. For example, the infamous reentrancy bug in the DAO contract allows attackers to arbitrarily withdraw ethers, which caused millions of dollars loss. Currently, the main countermeasure against contract bugs is to thoroughly detect and verify contracts before deployment, which, however, cannot defend against unknown bugs. These detection methods also suffer from possible false negative results. In this paper, we propose SolSaviour, a framework for repairing and recovering deployed defective smart contracts by redeploying patched contracts and migrating old contracts' internal states to the new ones. SolSaviour consists of a voteDestruct mechanism and a TEE cluster. The voteDestruct mechanism allows contract stake holders to decide whether to destroy the defective contract and withdraw inside assets. The TEE cluster is responsible for asset escrow, redeployment of patched contracts, and state migration. Our experiment results show that SolSaviour can successfully repair vulnerabilities, reduce asset losses, and recover all defective contracts. To the best of our knowledge, we are the first to propose a defending mechanism for repairing and recovering deployed defective smart contracts.
KW - Blockchain
KW - Defence mechanism
KW - Smart contract
KW - Trusted execution environment (TEE)
UR - http://www.scopus.com/inward/record.url?scp=85121641029&partnerID=8YFLogxK
U2 - 10.1145/3485832.3488015
DO - 10.1145/3485832.3488015
M3 - Conference article published in proceeding or book
AN - SCOPUS:85121641029
T3 - ACM International Conference Proceeding Series
SP - 748
EP - 760
BT - Proceedings - 37th Annual Computer Security Applications Conference, ACSAC 2021
PB - Association for Computing Machinery
T2 - 37th Annual Computer Security Applications Conference, ACSAC 2021
Y2 - 6 December 2021 through 10 December 2021
ER -