DAppSCAN: Building Large-Scale Datasets for Smart Contract Weaknesses in DApp Projects

The Smart Contract Weakness Classification Registry (SWC Registry) is a widely recognized list of smart contract weaknesses specific to the Ethereum platform. Despite the SWC Registry not being updated with new entries since 2020, the sustained development of smart contract analysis tools for detecting SWC-listed weaknesses highlights their ongoing significance in the field. However, evaluating these tools has proven challenging due to the absence of a large, unbiased, real-world dataset. To address this problem, we aim to build a large-scale SWC weakness dataset from real-world DApp projects. We recruited 22 participants and spent 44 person-months analyzing 1,199 open source audit reports from 29 security teams. In total, we identified 9,154 weaknesses and developed two distinct datasets, i.e., DAPPSCAN-SOURCE and DAPPSCAN-BYTECODE. The DAPPSCAN-SOURCE dataset comprises 39,904 Solidity files, featuring 1,618 SWC weaknesses sourced from 682 real-world DApp projects. However, the Solidity files in this dataset may not be directly compilable for further analysis. To facilitate automated analysis, we developed a tool capable of automatically identifying dependency relationships within DApp projects and completing missing public libraries. Using this tool, we created DAPPSCAN-BYTECODE dataset, which consists of 6,665 compiled smart contract with 888 SWC weaknesses. Based on DAPPSCAN-BYTECODE, we conducted an empirical study to evaluate the performance of state-of-the-art smart contract weakness detection tools. The evaluation results revealed sub-par performance for these tools in terms of both effectiveness and success detection rate, indicating that future development should prioritize real-world datasets over simplistic toy contracts.Comment: Dataset available at https://github.com/InPlusLab/DAppSCA

Turn the Rudder: A Beacon of Reentrancy Detection for Smart Contracts on Ethereum

Smart contracts are programs deployed on a blockchain and are immutable once deployed. Reentrancy, one of the most important vulnerabilities in smart contracts, has caused millions of dollars in financial loss. Many reentrancy detection approaches have been proposed. It is necessary to investigate the performance of these approaches to provide useful guidelines for their application. In this work, we conduct a large-scale empirical study on the capability of five well-known or recent reentrancy detection tools such as Mythril and Sailfish. We collect 230,548 verified smart contracts from Etherscan and use detection tools to analyze 139,424 contracts after deduplication, which results in 21,212 contracts with reentrancy issues. Then, we manually examine the defective functions located by the tools in the contracts. From the examination results, we obtain 34 true positive contracts with reentrancy and 21,178 false positive contracts without reentrancy. We also analyze the causes of the true and false positives. Finally, we evaluate the tools based on the two kinds of contracts. The results show that more than 99.8% of the reentrant contracts detected by the tools are false positives with eight types of causes, and the tools can only detect the reentrancy issues caused by call.value(), 58.8% of which can be revealed by the Ethereum's official IDE, Remix. Furthermore, we collect real-world reentrancy attacks reported in the past two years and find that the tools fail to find any issues in the corresponding contracts. Based on the findings, existing works on reentrancy detection appear to have very limited capability, and researchers should turn the rudder to discover and detect new reentrancy patterns except those related to call.value().Comment: Accepted by ICSE 2023. Dataset available at https://github.com/InPlusLab/ReentrancyStudy-Dat

Rodent models of postherpetic neuralgia: How far have we reached?

BackgroundInduced by varicella zoster virus (VZV), postherpetic neuralgia (PHN) is one of the common complications of herpes zoster (HZ) with refractory pain. Animal models play pivotal roles in disclosing the pain mechanisms and developing effective treatments. However, only a few rodent models focus on the VZV-associated pain and PHN.ObjectiveTo summarize the establishment and characteristics of popular PHN rodent models, thus offer bases for the selection and improvement of PHN models.DesignIn this review, we retrospect two promising PHN rodent models, VZV-induced PHN model and HSV1-induced PHN model in terms of pain-related evaluations, their contributions to PHN pathogenesis and pharmacology.ResultsSignificant difference of two PHN models is the probability of virus proliferation; 2) Most commonly used pain evaluation of PHN model is mechanical allodynia, but pain-induced anxiety and other behaviours are worth noting; 3) From current PHN models, pain mechanisms involve changes in virus gene and host gene expression, neuroimmune–glia interactions and ion channels; 4) antiviral drugs and classical analgesics serve more on the acute stage of herpetic pain.ConclusionsDifferent PHN models assessed by various pain evaluations combine to fulfil more comprehensive understanding of PHN

Quantification and scenario analysis of CO2 emissions from the central heating supply system in China from 2006 to 2025

Policies associated with the central heating supply system affect the livelihoods of people in China. With the extensive consumption of energy for central heating, large quantities of CO2 emissions are produced each year. Coal-fired heating boiler plants are the primary source of emissions; however, thermal power plants are becoming much more prevalent, and gas-fired heating boiler plants remain uncommon. This study quantified the amount of CO2 emitted from the central heating supply system in China using a mass balance method with updated emission factors from the IPCC. Emissions increased from 189.04 Tg to 319.39 Tg between 2006 and 2015. From a spatial perspective, regions with larger central heating areas, durations and coverages produced more CO2 emissions. The central heating method depends on the level of electric power consumption, policies and regulations, and resource reserves at the local scale. Compared with the use of only coal-fired heating boiler plants to provide central heating, using thermal power plants and gas-fired heating boiler plants reduced CO2 emissions by 98.19 Tg in 2015 in China. A comparison of the CO2 emissions under various central heating scenarios showed that emissions will be 520.97 Tg, 308.79 Tg and 191.86 Tg for business as usual, positive and optimal scenarios through 2025, respectively. China has acknowledged the considerable potential for reducing central heating and will make efforts to pursue improved heating strategies in the future

A Survey of Large Language Models for Code: Evolution, Benchmarking, and Future Trends

General large language models (LLMs), represented by ChatGPT, have demonstrated significant potential in tasks such as code generation in software engineering. This has led to the development of specialized LLMs for software engineering, known as Code LLMs. A considerable portion of Code LLMs is derived from general LLMs through model fine-tuning. As a result, Code LLMs are often updated frequently and their performance can be influenced by the base LLMs. However, there is currently a lack of systematic investigation into Code LLMs and their performance. In this study, we conduct a comprehensive survey and analysis of the types of Code LLMs and their differences in performance compared to general LLMs. We aim to address three questions: (1) What LLMs are specifically designed for software engineering tasks, and what is the relationship between these Code LLMs? (2) Do Code LLMs really outperform general LLMs in software engineering tasks? (3) Which LLMs are more proficient in different software engineering tasks? To answer these questions, we first collect relevant literature and work from five major databases and open-source communities, resulting in 134 works for analysis. Next, we categorize the Code LLMs based on their publishers and examine their relationships with general LLMs and among themselves. Furthermore, we investigate the performance differences between general LLMs and Code LLMs in various software engineering tasks to demonstrate the impact of base models and Code LLMs. Finally, we comprehensively maintained the performance of LLMs across multiple mainstream benchmarks to identify the best-performing LLMs for each software engineering task. Our research not only assists developers of Code LLMs in choosing base models for the development of more advanced LLMs but also provides insights for practitioners to better understand key improvement directions for Code LLMs

Discovering Malicious Signatures in Software from Structural Interactions

Malware represents a significant security concern in today's digital landscape, as it can destroy or disable operating systems, steal sensitive user information, and occupy valuable disk space. However, current malware detection methods, such as static-based and dynamic-based approaches, struggle to identify newly developed (``zero-day") malware and are limited by customized virtual machine (VM) environments. To overcome these limitations, we propose a novel malware detection approach that leverages deep learning, mathematical techniques, and network science. Our approach focuses on static and dynamic analysis and utilizes the Low-Level Virtual Machine (LLVM) to profile applications within a complex network. The generated network topologies are input into the GraphSAGE architecture to efficiently distinguish between benign and malicious software applications, with the operation names denoted as node features. Importantly, the GraphSAGE models analyze the network's topological geometry to make predictions, enabling them to detect state-of-the-art malware and prevent potential damage during execution in a VM. To evaluate our approach, we conduct a study on a dataset comprising source code from 24,376 applications, specifically written in C/C++, sourced directly from widely-recognized malware and various types of benign software. The results show a high detection performance with an Area Under the Receiver Operating Characteristic Curve (AUROC) of 99.85%. Our approach marks a substantial improvement in malware detection, providing a notably more accurate and efficient solution when compared to current state-of-the-art malware detection methods.Comment: ICASSP 2024, Accepte

Co-delivery of resveratrol and docetaxel via polymeric micelles to improve the treatment of drug-resistant tumors

Co-delivery of anti-cancer drugs is promising to improve the efficacy of cancer treatment. This study was aiming to investigate the potential of concurrent delivery of resveratrol (RES) and docetaxel (DTX) via polymeric nanocarriers to treat breast cancer. To this end, methoxyl poly(ethylene glycol)-poly(d,l-lactide) copolymer (mPEG-PDLA) was prepared and characterized using FTIR and 1H NMR, and their molecular weights were determined by GPC. Isobologram analysis and combination index calculation were performed to find the optimal ratio between RES and DTX to against human breast adenocarcinoma cell line (MCF-7 cells). Subsequently, RES and DTX were loaded in the mPEG-PDLA micelles simultaneously, and the morphology, particle size distribution, in vitro release, pharmacokinetic profiles, as well as cytotoxicity to the MCF-7 cells were characterized. IC50 of RES and DTX in MCF-7 cells were determined to be 23.0 µg/ml and 10.4 µg/ml, respectively, while a lower IC50 of 4.8 µg/ml of the combination of RES and DTX was obtained. The combination of RES and DTX at a ratio of 1:1 (w/w) generated stronger synergistic effect than other ratios in the MCF-7 cells. RES and DTX loaded mPEG-PDLA micelles exhibited prolonged release profiles, and enhanced cytotoxicity in vitro against MCF-7 cells. The AUC(0→t) of DTX and RES in mPEG-PDLA micelles after i.v. administration to rats were 3.0-fold and 1.6-fold higher than that of i.v. injections of the individual drugs. These findings indicated that the co-delivery of RES and DTX using mPEG-PDLA micelles could have better treatment of tumors. Keywords: Resveratrol, Docetaxel, Methoxyl poly(ethylene glycol)-poly(d,l-lactide) copolymer (mPEG-PDLA), Micelles, Drug resistance tumo

Twenty-first-century glacio-hydrological changes in the Himalayan headwater Beas River basin

The Himalayan Mountains are the source region of one of the world's largest supplies of freshwater. The changes in glacier melt may lead to droughts as well as floods in the Himalayan basins, which are vulnerable to hydrological changes. This study used an integrated glacio-hydrological model, the Glacier and Snow Melt – WASMOD model (GSM-WASMOD), for hydrological projections under 21st century climate change by two ensembles of four global climate models (GCMs) under two Representative Concentration Pathways (RCP4.5 and RCP8.5) and two bias-correction methods (i.e., the daily bias correction (DBC) and the local intensity scaling (LOCI)) in order to assess the future hydrological changes in the Himalayan Beas basin up to Pandoh Dam (upper Beas basin). Besides, the glacier extent loss during the 21st century was also investigated as part of the glacio-hydrological modeling as an ensemble simulation. In addition, a high-resolution WRF precipitation dataset suggested much heavier winter precipitation over the high-altitude ungauged area, which was used for precipitation correction in the study. The glacio-hydrological modeling shows that the glacier ablation accounted for about 5&thinsp;% of the annual total runoff during 1986–2004 in this area. Under climate change, the temperature will increase by 1.8–2.8&thinsp;∘C at the middle of the century (2046–2065), and by 2.3–5.4&thinsp;∘C until the end of the century (2080–2099). It is very likely that the upper Beas basin will get warmer and wetter compared to the historical period. In this study, the glacier extent in the upper Beas basin is projected to decrease over the range of 63&thinsp;%–87&thinsp;% by the middle of the century and 89&thinsp;%–100&thinsp;% at the end of the century compared to the glacier extent in 2005. This loss in glacier area will in general result in a reduction in glacier discharge in the future, while the future streamflow is most likely to have a slight increase because of the increase in both precipitation and temperature under all the scenarios. However, there is widespread uncertainty regarding the changes in total discharge in the future, including the seasonality and magnitude. In general, the largest increase in river total discharge also has the largest spread. The uncertainty in future hydrological change is not only from GCMs, but also from the bias-correction methods and hydrological modeling. A decrease in discharge is found in July from DBC, while it is opposite for LOCI. Besides, there is a decrease in evaporation in September from DBC, which cannot be seen from LOCI. The study helps to understand the hydrological impacts of climate change in northern India and contributes to stakeholder and policymaker engagement in the management of future water resources in northern India.</p