205 research outputs found
DAppSCAN: Building Large-Scale Datasets for Smart Contract Weaknesses in DApp Projects
The Smart Contract Weakness Classification Registry (SWC Registry) is a
widely recognized list of smart contract weaknesses specific to the Ethereum
platform. Despite the SWC Registry not being updated with new entries since
2020, the sustained development of smart contract analysis tools for detecting
SWC-listed weaknesses highlights their ongoing significance in the field.
However, evaluating these tools has proven challenging due to the absence of a
large, unbiased, real-world dataset. To address this problem, we aim to build a
large-scale SWC weakness dataset from real-world DApp projects. We recruited 22
participants and spent 44 person-months analyzing 1,199 open source audit
reports from 29 security teams. In total, we identified 9,154 weaknesses and
developed two distinct datasets, i.e., DAPPSCAN-SOURCE and DAPPSCAN-BYTECODE.
The DAPPSCAN-SOURCE dataset comprises 39,904 Solidity files, featuring 1,618
SWC weaknesses sourced from 682 real-world DApp projects. However, the Solidity
files in this dataset may not be directly compilable for further analysis. To
facilitate automated analysis, we developed a tool capable of automatically
identifying dependency relationships within DApp projects and completing
missing public libraries. Using this tool, we created DAPPSCAN-BYTECODE
dataset, which consists of 6,665 compiled smart contract with 888 SWC
weaknesses. Based on DAPPSCAN-BYTECODE, we conducted an empirical study to
evaluate the performance of state-of-the-art smart contract weakness detection
tools. The evaluation results revealed sub-par performance for these tools in
terms of both effectiveness and success detection rate, indicating that future
development should prioritize real-world datasets over simplistic toy
contracts.Comment: Dataset available at https://github.com/InPlusLab/DAppSCA
Turn the Rudder: A Beacon of Reentrancy Detection for Smart Contracts on Ethereum
Smart contracts are programs deployed on a blockchain and are immutable once
deployed. Reentrancy, one of the most important vulnerabilities in smart
contracts, has caused millions of dollars in financial loss. Many reentrancy
detection approaches have been proposed. It is necessary to investigate the
performance of these approaches to provide useful guidelines for their
application. In this work, we conduct a large-scale empirical study on the
capability of five well-known or recent reentrancy detection tools such as
Mythril and Sailfish. We collect 230,548 verified smart contracts from
Etherscan and use detection tools to analyze 139,424 contracts after
deduplication, which results in 21,212 contracts with reentrancy issues. Then,
we manually examine the defective functions located by the tools in the
contracts. From the examination results, we obtain 34 true positive contracts
with reentrancy and 21,178 false positive contracts without reentrancy. We also
analyze the causes of the true and false positives. Finally, we evaluate the
tools based on the two kinds of contracts. The results show that more than
99.8% of the reentrant contracts detected by the tools are false positives with
eight types of causes, and the tools can only detect the reentrancy issues
caused by call.value(), 58.8% of which can be revealed by the Ethereum's
official IDE, Remix. Furthermore, we collect real-world reentrancy attacks
reported in the past two years and find that the tools fail to find any issues
in the corresponding contracts. Based on the findings, existing works on
reentrancy detection appear to have very limited capability, and researchers
should turn the rudder to discover and detect new reentrancy patterns except
those related to call.value().Comment: Accepted by ICSE 2023. Dataset available at
https://github.com/InPlusLab/ReentrancyStudy-Dat
Rodent models of postherpetic neuralgia: How far have we reached?
BackgroundInduced by varicella zoster virus (VZV), postherpetic neuralgia (PHN) is one of the common complications of herpes zoster (HZ) with refractory pain. Animal models play pivotal roles in disclosing the pain mechanisms and developing effective treatments. However, only a few rodent models focus on the VZV-associated pain and PHN.ObjectiveTo summarize the establishment and characteristics of popular PHN rodent models, thus offer bases for the selection and improvement of PHN models.DesignIn this review, we retrospect two promising PHN rodent models, VZV-induced PHN model and HSV1-induced PHN model in terms of pain-related evaluations, their contributions to PHN pathogenesis and pharmacology.ResultsSignificant difference of two PHN models is the probability of virus proliferation; 2) Most commonly used pain evaluation of PHN model is mechanical allodynia, but pain-induced anxiety and other behaviours are worth noting; 3) From current PHN models, pain mechanisms involve changes in virus gene and host gene expression, neuroimmune–glia interactions and ion channels; 4) antiviral drugs and classical analgesics serve more on the acute stage of herpetic pain.ConclusionsDifferent PHN models assessed by various pain evaluations combine to fulfil more comprehensive understanding of PHN
Quantification and scenario analysis of CO2 emissions from the central heating supply system in China from 2006 to 2025
Policies associated with the central heating supply system affect the livelihoods of people in China. With the extensive consumption of energy for central heating, large quantities of CO2 emissions are produced each year. Coal-fired heating boiler plants are the primary source of emissions; however, thermal power plants are becoming much more prevalent, and gas-fired heating boiler plants remain uncommon. This study quantified the amount of CO2 emitted from the central heating supply system in China using a mass balance method with updated emission factors from the IPCC. Emissions increased from 189.04 Tg to 319.39 Tg between 2006 and 2015. From a spatial perspective, regions with larger central heating areas, durations and coverages produced more CO2 emissions. The central heating method depends on the level of electric power consumption, policies and regulations, and resource reserves at the local scale. Compared with the use of only coal-fired heating boiler plants to provide central heating, using thermal power plants and gas-fired heating boiler plants reduced CO2 emissions by 98.19 Tg in 2015 in China. A comparison of the CO2 emissions under various central heating scenarios showed that emissions will be 520.97 Tg, 308.79 Tg and 191.86 Tg for business as usual, positive and optimal scenarios through 2025, respectively. China has acknowledged the considerable potential for reducing central heating and will make efforts to pursue improved heating strategies in the future
A Survey of Large Language Models for Code: Evolution, Benchmarking, and Future Trends
General large language models (LLMs), represented by ChatGPT, have
demonstrated significant potential in tasks such as code generation in software
engineering. This has led to the development of specialized LLMs for software
engineering, known as Code LLMs. A considerable portion of Code LLMs is derived
from general LLMs through model fine-tuning. As a result, Code LLMs are often
updated frequently and their performance can be influenced by the base LLMs.
However, there is currently a lack of systematic investigation into Code LLMs
and their performance. In this study, we conduct a comprehensive survey and
analysis of the types of Code LLMs and their differences in performance
compared to general LLMs. We aim to address three questions: (1) What LLMs are
specifically designed for software engineering tasks, and what is the
relationship between these Code LLMs? (2) Do Code LLMs really outperform
general LLMs in software engineering tasks? (3) Which LLMs are more proficient
in different software engineering tasks? To answer these questions, we first
collect relevant literature and work from five major databases and open-source
communities, resulting in 134 works for analysis. Next, we categorize the Code
LLMs based on their publishers and examine their relationships with general
LLMs and among themselves. Furthermore, we investigate the performance
differences between general LLMs and Code LLMs in various software engineering
tasks to demonstrate the impact of base models and Code LLMs. Finally, we
comprehensively maintained the performance of LLMs across multiple mainstream
benchmarks to identify the best-performing LLMs for each software engineering
task. Our research not only assists developers of Code LLMs in choosing base
models for the development of more advanced LLMs but also provides insights for
practitioners to better understand key improvement directions for Code LLMs
Discovering Malicious Signatures in Software from Structural Interactions
Malware represents a significant security concern in today's digital
landscape, as it can destroy or disable operating systems, steal sensitive user
information, and occupy valuable disk space. However, current malware detection
methods, such as static-based and dynamic-based approaches, struggle to
identify newly developed (``zero-day") malware and are limited by customized
virtual machine (VM) environments. To overcome these limitations, we propose a
novel malware detection approach that leverages deep learning, mathematical
techniques, and network science. Our approach focuses on static and dynamic
analysis and utilizes the Low-Level Virtual Machine (LLVM) to profile
applications within a complex network. The generated network topologies are
input into the GraphSAGE architecture to efficiently distinguish between benign
and malicious software applications, with the operation names denoted as node
features. Importantly, the GraphSAGE models analyze the network's topological
geometry to make predictions, enabling them to detect state-of-the-art malware
and prevent potential damage during execution in a VM. To evaluate our
approach, we conduct a study on a dataset comprising source code from 24,376
applications, specifically written in C/C++, sourced directly from
widely-recognized malware and various types of benign software. The results
show a high detection performance with an Area Under the Receiver Operating
Characteristic Curve (AUROC) of 99.85%. Our approach marks a substantial
improvement in malware detection, providing a notably more accurate and
efficient solution when compared to current state-of-the-art malware detection
methods.Comment: ICASSP 2024, Accepte
Co-delivery of resveratrol and docetaxel via polymeric micelles to improve the treatment of drug-resistant tumors
Co-delivery of anti-cancer drugs is promising to improve the efficacy of cancer treatment. This study was aiming to investigate the potential of concurrent delivery of resveratrol (RES) and docetaxel (DTX) via polymeric nanocarriers to treat breast cancer. To this end, methoxyl poly(ethylene glycol)-poly(d,l-lactide) copolymer (mPEG-PDLA) was prepared and characterized using FTIR and 1H NMR, and their molecular weights were determined by GPC. Isobologram analysis and combination index calculation were performed to find the optimal ratio between RES and DTX to against human breast adenocarcinoma cell line (MCF-7 cells). Subsequently, RES and DTX were loaded in the mPEG-PDLA micelles simultaneously, and the morphology, particle size distribution, in vitro release, pharmacokinetic profiles, as well as cytotoxicity to the MCF-7 cells were characterized. IC50 of RES and DTX in MCF-7 cells were determined to be 23.0 µg/ml and 10.4 µg/ml, respectively, while a lower IC50 of 4.8 µg/ml of the combination of RES and DTX was obtained. The combination of RES and DTX at a ratio of 1:1 (w/w) generated stronger synergistic effect than other ratios in the MCF-7 cells. RES and DTX loaded mPEG-PDLA micelles exhibited prolonged release profiles, and enhanced cytotoxicity in vitro against MCF-7 cells. The AUC(0→t) of DTX and RES in mPEG-PDLA micelles after i.v. administration to rats were 3.0-fold and 1.6-fold higher than that of i.v. injections of the individual drugs. These findings indicated that the co-delivery of RES and DTX using mPEG-PDLA micelles could have better treatment of tumors. Keywords: Resveratrol, Docetaxel, Methoxyl poly(ethylene glycol)-poly(d,l-lactide) copolymer (mPEG-PDLA), Micelles, Drug resistance tumo
Twenty-first-century glacio-hydrological changes in the Himalayan headwater Beas River basin
The Himalayan Mountains are the source region of one of the world's largest
supplies of freshwater. The changes in glacier melt may lead to droughts as
well as floods in the Himalayan basins, which are vulnerable to hydrological
changes. This study used an integrated glacio-hydrological model, the Glacier
and Snow Melt – WASMOD model (GSM-WASMOD), for hydrological projections
under 21st century climate change by two ensembles of four global climate models (GCMs) under two Representative Concentration
Pathways (RCP4.5 and RCP8.5) and
two bias-correction methods (i.e., the daily bias correction (DBC) and the
local intensity scaling (LOCI)) in
order to assess the future hydrological changes in the Himalayan Beas basin
up to Pandoh Dam (upper Beas basin). Besides, the glacier extent loss during
the 21st century was also investigated as part of the glacio-hydrological
modeling as an ensemble simulation. In addition, a high-resolution WRF
precipitation dataset suggested much heavier winter precipitation over the
high-altitude ungauged area, which was used for precipitation correction in
the study. The glacio-hydrological modeling shows that the glacier ablation
accounted for about 5 % of the annual total runoff during 1986–2004 in
this area. Under climate change, the temperature will increase by
1.8–2.8 ∘C at the middle of the century (2046–2065), and by
2.3–5.4 ∘C until the end of the century (2080–2099). It is very
likely that the upper Beas basin will get warmer and wetter compared to the
historical period. In this study, the glacier extent in the upper Beas basin
is projected to decrease over the range of 63 %–87 % by the middle
of the century and 89 %–100 % at the end of the century compared to
the glacier extent in 2005. This loss in glacier area will in general result
in a reduction in glacier discharge in the future, while the future
streamflow is most likely to have a slight increase because of the increase
in both precipitation and temperature under all the scenarios. However, there
is widespread uncertainty regarding the changes in total discharge in the
future, including the seasonality and magnitude. In general, the largest
increase in river total discharge also has the largest spread. The
uncertainty in future hydrological change is not only from GCMs, but also
from the bias-correction methods and hydrological modeling. A decrease in
discharge is found in July from DBC, while it is opposite for LOCI. Besides,
there is a decrease in evaporation in September from DBC, which cannot be
seen from LOCI. The study helps to understand the hydrological impacts of
climate change in northern India and contributes to stakeholder and
policymaker engagement in the management of future water resources in
northern India.</p
- …