Authors: Lyuye Zhang, Kaixuan Li, Kairan Sun, Daoyuan Wu, Ye Liu, Haoye Tian, Yang Liu

Published on: March 11, 2024

Impact Score: 7.8

Arxiv code: Arxiv:2403.06838

Summary

• What is new: The paper introduces ACFIX, leveraging GPT-4 for the first time to automatically repair access control vulnerabilities in smart contracts, with a significant improvement in success rate over the baseline.
• Why this is important: Access control vulnerabilities in smart contracts are critical security issues that are challenging to automatically repair due to the difficulty in identifying appropriate roles and permissions in the code.
• What the research proposes: ACFIX uses GPT-4, enhanced with a novel approach that includes mining common Role-based Access Control practices and a Chain-of-Thought pipeline to guide the generation of appropriate patch code.
• Results: ACFIX successfully repaired 94.92% of the tested real-world access control vulnerabilities, far outperforming the baseline GPT-4’s success rate of 52.54%.

Technical Details

Technological frameworks used: GPT-4

Models used: Chain-of-Thought pipeline, ACFIX

Data used: 344,251 on-chain contracts for mining RBAC practices

Potential Impact

This breakthrough could impact the blockchain industry by enhancing security measures for companies involved in deploying smart contracts, potentially affecting markets associated with DeFi, NFTs, and more broadly, any blockchain-enabled ecosystem requiring secure access control mechanisms.

Want to implement this idea in a business?

We have generated a startup concept here: ACFixPro.