Authors: Lyuye Zhang, Kaixuan Li, Kairan Sun, Daoyuan Wu, Ye Liu, Haoye Tian, Yang Liu
Published on: March 11, 2024
Impact Score: 7.8
Arxiv code: Arxiv:2403.06838
Summary
- What is new: The paper introduces ACFIX, leveraging GPT-4 for the first time to automatically repair access control vulnerabilities in smart contracts, with a significant improvement in success rate over the baseline.
- Why this is important: Access control vulnerabilities in smart contracts are critical security issues that are challenging to automatically repair due to the difficulty in identifying appropriate roles and permissions in the code.
- What the research proposes: ACFIX uses GPT-4, enhanced with a novel approach that includes mining common Role-based Access Control practices and a Chain-of-Thought pipeline to guide the generation of appropriate patch code.
- Results: ACFIX successfully repaired 94.92% of the tested real-world access control vulnerabilities, far outperforming the baseline GPT-4’s success rate of 52.54%.
Technical Details
Technological frameworks used: GPT-4
Models used: Chain-of-Thought pipeline, ACFIX
Data used: 344,251 on-chain contracts for mining RBAC practices
Potential Impact
This breakthrough could impact the blockchain industry by enhancing security measures for companies involved in deploying smart contracts, potentially affecting markets associated with DeFi, NFTs, and more broadly, any blockchain-enabled ecosystem requiring secure access control mechanisms.
Want to implement this idea in a business?
We have generated a startup concept here: ACFixPro.
Leave a Reply