4 research outputs found
PrAIoritize: Learning to Prioritize Smart Contract Bugs and Vulnerabilities
Smart contract vulnerabilities and bugs have become a key concern for
software engineers, as they can lead to significant financial losses,
reputational damage, and legal issues. Therefore, prioritizing bug fixing for
smart contracts is critical to maintaining trust. Due to the lack of tracking
tools, prioritizing smart contract-reported bugs is done manually, which is a
tedious task, limits bug triaging, and needs specialized knowledge. Towards
this end, we propose PrAIoritize; an automated approach for predicting smart
contract bug priorities that assist software engineers in prioritizing highly
urgent bug reports. PrAIoritize consists of two main phases: 1) automatic
labeling, which involves the automatic construction of a smart contract keyword
lexicon and the automatic assignment of priority levels to unlabeled bug
reports; 2) model construction, which involves feature engineering and designs
layers of feed-forward neural networks (FFNNs) and bidirectional long
short-term memory (BiLSTM) with multi-class classification to better capture
the features of the textual descriptions of bugs and predict their priority
levels. The model then is trained using smart contract bug reports collected
from two data sources: open-source software (OSS) projects available on GitHub
and NVD vulnerability database. Our evaluation demonstrates significant
improvement over state-of-the-art baselines and commonly used pre-trained
models (e.g. BERT) for similar classification tasks, with 5.75%-35.29% increase
in F-measure, precision, and recall
Dissecting Smart Contract Languages: A Survey
Blockchain is a distributed ledger technology that gained popularity for
enabling the transformation of cryptocurrency among peers without mediation by
a centralized third-party authority. Smart contracts expand the applications of
blockchain technology and have played a role in its widespread adoption. Smart
contracts are immutable digital programs that are deployed on blockchains to
codify agreements between parties. Existing smart contract implementations have
faced challenges, including security vulnerabilities, leading to significant
losses and concerns. This has stimulated a wave of attempts to improve Smart
Contract Languages (SCLs) to overcome implementation challenges and ensure code
quality, producing many languages with diverse features. Scholars have made
some attempts to classify SCLs and clarify the process of selecting an SCL, but
to the best of our knowledge, no comprehensive survey of existing SCLs has been
published. Our work surpasses earlier efforts by evaluating a significantly
larger set of SCLs, in greater depth, to ease the process of SCL selection for
blockchain research and implementation. In this paper, we (1) propose a robust
framework for comparing existing SCLs, (2) analyze and discuss 36 SCLs,
addressing issues beyond those used to construct the comparison framework, and
(3) define new parameters for future research and development of SCLs. The
survey provides a guide for those who intend to select or use an SCL to
implement smart contracts, develop new SCLs, or add new extensions to the
existing SCLs