Full Program »
SolSaviour: A Defending Framework for Deployed Defective Smart Contracts
A deployed smart contract cannot be modified. In this case, bugs in deployed contracts may cause devastating consequence. For example, the infamous reentrancy bug in the DAO contract caused millions of dollars loss, and the only way to mitigate it is to withdraw money following attackers' way as quick as possible. Currently, the only countermeasure is to thoroughly detect and verify contracts before deployment, which, however, cannot defend against unknown bugs, or possible false negative cases of the detection tools.
In this paper, we propose SolSaviour, a framework that can repair and recover deployed defective smart contracts by redeploying patched contracts and migrating old contract's internal state to the new one. SolSaviour consists of a voteDestruct mechanism and a TEE cluster. The voteDestruct mechanism allows contract stakeholders to decide whether to destroy the buggy contract, while the TEE cluster is responsible for asset escrow, redeployment of patched contract, and state migration. When bugs are found in a deployed contract, the contract's stakeholders can invoke SolSaviour to perform a voteDestruct while providing a patched contract for automated redeployment. We collected well-known contracts that have been attacked. Our experiments show that, when these contracts are attacked, SolSaviour can successfully repair vulnerabilities, reduce the loss caused by attacks, and recover all the contracts. To the best of our knowledge, we are the first to propose a defending mechanism for repairing and recovering deployed defective smart contracts.