{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T20:19:22Z","timestamp":1776889162218,"version":"3.51.2"},"reference-count":82,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2024,4,18]],"date-time":"2024-04-18T00:00:00Z","timestamp":1713398400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"crossref","award":["62032025, 61976061"],"award-info":[{"award-number":["62032025, 61976061"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Key-Area Research and Development Program of Shandong Province","award":["2021CXGC010108"],"award-info":[{"award-number":["2021CXGC010108"]}]},{"DOI":"10.13039\/501100021171","name":"Guangdong Basic and Applied Basic Research Foundation","doi-asserted-by":"crossref","award":["2023A1515010746"],"award-info":[{"award-number":["2023A1515010746"]}],"id":[{"id":"10.13039\/501100021171","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2024,5,31]]},"abstract":"\n A smart contract is a kind of code deployed on the blockchain that executes automatically once an event triggers a clause in the contract. Since smart contracts involve businesses such as asset transfer, they are more vulnerable to attacks, so it is crucial to ensure the security of smart contracts. Because a smart contract cannot be tampered with once deployed on the blockchain, for smart contract developers, it is necessary to fix vulnerabilities before deployment. Compared with many vulnerability detection tools for smart contracts, the amount of automatic fix approaches for smart contracts is relatively limited. These approaches mainly use defined pattern-based methods or heuristic search algorithms for vulnerability repairs. In this article, we propose\n RLRep<\/jats:italic>\n , a reinforcement learning-based approach to provide smart contract repair recommendations for smart contract developers automatically. This approach adopts an agent to provide repair action suggestions based on the vulnerable smart contract without any supervision, which can solve the problem of missing labeled data in machine learning-based repair methods. We evaluate our approach on a dataset containing 853 smart contract programs (programming language: Solidity) with different kinds of vulnerabilities. We split them into training and test sets. The result shows that our approach can provide 54.97% correct repair recommendations for smart contracts.\n <\/jats:p>","DOI":"10.1145\/3637229","type":"journal-article","created":{"date-parts":[[2023,12,11]],"date-time":"2023-12-11T12:27:38Z","timestamp":1702297658000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["Smart Contract Code Repair Recommendation based on Reinforcement Learning and Multi-metric Optimization"],"prefix":"10.1145","volume":"33","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5687-2655","authenticated-orcid":false,"given":"Hanyang","family":"Guo","sequence":"first","affiliation":[{"name":"School of Software Engineering, Sun Yat-Sen University, Zhuhai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-6465-7412","authenticated-orcid":false,"given":"Yingye","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Sun Yat-Sen University, Guangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8234-3186","authenticated-orcid":false,"given":"Xiangping","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Communication and Design, Sun Yat-Sen University, Guangzhou, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9548-0208","authenticated-orcid":false,"given":"Yuan","family":"Huang","sequence":"additional","affiliation":[{"name":"School of Software Engineering, Sun Yat-Sen University, Zhuhai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7878-4330","authenticated-orcid":false,"given":"Zibin","family":"Zheng","sequence":"additional","affiliation":[{"name":"School of Software Engineering, Sun Yat-Sen University, Zhuhai, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,4,18]]},"reference":[{"key":"e_1_3_2_2_2","article-title":"Poly network attack underlines growing DeFi risks","author":"Analytica Oxford","year":"2021","unstructured":"Oxford Analytica. 2021. Poly network attack underlines growing DeFi risks. Emerald Expert Briefingsoxan-es (2021).","journal-title":"Emerald Expert Briefings"},{"key":"e_1_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.robot.2008.10.024"},{"key":"e_1_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1145\/3360585"},{"key":"e_1_3_2_5_2","volume-title":"Proceedings of the 3rd International Conference on Learning Representations (ICLR\u201915)","author":"Bahdanau Dzmitry","year":"2015","unstructured":"Dzmitry Bahdanau, Kyunghyun Cho, and Yoshua Bengio. 2015. Neural machine translation by jointly learning to align and translate. In Proceedings of the 3rd International Conference on Learning Representations (ICLR\u201915), Yoshua Bengio and Yann LeCun (Eds.). DOI:http:\/\/arxiv.org\/abs\/1409.0473"},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/2993600.2993611"},{"key":"e_1_3_2_7_2","unstructured":"Tom Britton Lisa Jeng Graham Carver and Paul Cheak. 2013. Reversible Debugging Software \u201cQuantify the Time and Cost Saved Using Reversible Debuggers.\u201d (2013)."},{"key":"e_1_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.2989002"},{"key":"e_1_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1109\/IWBOSE.2018.8327567"},{"key":"e_1_3_2_10_2","first-page":"20118","volume-title":"Advances in Neural Information Processing Systems","author":"Devidze Rati","year":"2021","unstructured":"Rati Devidze, Goran Radanovic, Parameswaran Kamalaruban, and Adish Singla. 2021. Explicable reward design for reinforcement learning agents. In Advances in Neural Information Processing Systems, M. Ranzato, A. Beygelzimer, Y. Dauphin, P.S. Liang, and J. Wortman Vaughan (Eds.), Vol. 34. Curran Associates, Inc., 20118\u201320131. Retrieved from DOI:https:\/\/proceedings.neurips.cc\/paper\/2021\/file\/a7f0d2b95c60161b3f3c82f764b1d1c9-Paper.pdf"},{"key":"e_1_3_2_11_2","volume-title":"Proceedings of the AAAI Spring Symposium Series","author":"Dewey Daniel","year":"2014","unstructured":"Daniel Dewey. 2014. Reinforcement learning and the reward engineering principle. In Proceedings of the AAAI Spring Symposium Series."},{"key":"e_1_3_2_12_2","unstructured":"ConsenSys Diligence. 2018. Ethereum smart contract security best practices. Retrieved from DOI:https:\/\/consensys.github.io\/smart-contract-best-practices\/"},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1109\/WETSEB.2019.00008"},{"key":"e_1_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-64322-8_2"},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jrt.2022.100054"},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.2971482"},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2017.2755013"},{"key":"e_1_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3397385"},{"key":"e_1_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3330559"},{"key":"e_1_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1145\/3318162"},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363230"},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2019.00166"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2010.62"},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238177"},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00033"},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213871"},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00107"},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2021.3123170"},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.1985.10478195"},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1145\/3384544.3384577"},{"key":"e_1_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3039990"},{"key":"e_1_3_2_32_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30194-3_13"},{"key":"e_1_3_2_33_2","first-page":"1317","volume-title":"Proceedings of the 27th USENIX Security Symposium (USENIX Security\u201918)","author":"Krupp Johannes","year":"2018","unstructured":"Johannes Krupp and Christian Rossow. 2018. teEther: Gnawing at ethereum to automatically exploit smart contracts. In Proceedings of the 27th USENIX Security Symposium (USENIX Security\u201918). USENIX Association, Baltimore, MD, 1317\u20131333. Retrieved from DOI:https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/krupp"},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3140091"},{"key":"e_1_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106309"},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2012.6227211"},{"key":"e_1_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2011.104"},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.011.2000263"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2019.00136"},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1145\/3505247"},{"key":"e_1_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1145\/3183440.3183495"},{"key":"e_1_3_2_42_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2018.00037"},{"key":"e_1_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/3293882.3330577"},{"key":"e_1_3_2_44_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11432-013-4782-0"},{"key":"e_1_3_2_45_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978309"},{"issue":"10","key":"e_1_3_2_46_2","article-title":"Solidity security: Comprehensive list of known attack vectors and common anti-patterns","volume":"20","author":"Manning Adrian","year":"2018","unstructured":"Adrian Manning. 2018. Solidity security: Comprehensive list of known attack vectors and common anti-patterns. Sigma Prime 20, 10 (2018). Retrieved from DOI:https:\/\/github.com\/sigp\/solidity-security-blog","journal-title":"Sigma Prime"},{"key":"e_1_3_2_47_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-56991-8_32"},{"key":"e_1_3_2_48_2","first-page":"54","article-title":"Smashing ethereum smart contracts for fun and real profit","volume":"9","author":"Mueller Bernhard","year":"2018","unstructured":"Bernhard Mueller. 2018. Smashing ethereum smart contracts for fun and real profit. HITB SECCONF Amsterd. 9 (2018), 54.","journal-title":"HITB SECCONF Amsterd."},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00057"},{"key":"e_1_3_2_50_2","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380334"},{"key":"e_1_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.1631\/FITEE.1601232"},{"key":"e_1_3_2_52_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2021.03.091"},{"key":"e_1_3_2_53_2","doi-asserted-by":"publisher","DOI":"10.1002\/stvr.1509"},{"key":"e_1_3_2_54_2","doi-asserted-by":"publisher","DOI":"10.1287\/moor.12.3.441"},{"key":"e_1_3_2_55_2","article-title":"Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey","volume":"1908","author":"Praitheeshan Purathani","year":"2019","unstructured":"Purathani Praitheeshan, Lei Pan, Jiangshan Yu, Joseph K. Liu, and Robin Doss. 2019. Security Analysis Methods on Ethereum Smart Contract Vulnerabilities: A Survey. CoRR abs\/1908.08605 (2019).","journal-title":"CoRR"},{"key":"e_1_3_2_56_2","doi-asserted-by":"publisher","DOI":"10.1145\/2771783.2771791"},{"key":"e_1_3_2_57_2","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884848"},{"key":"e_1_3_2_58_2","first-page":"1289","volume-title":"Proceedings of the 30th USENIX Security Symposium (USENIX Security\u201921)","author":"Rodler Michael","year":"2021","unstructured":"Michael Rodler, Wenting Li, Ghassan O. Karame, and Lucas Davi. 2021. EVMPatch: Timely and automated patching of ethereum smart contracts. In Proceedings of the 30th USENIX Security Symposium (USENIX Security\u201921). USENIX Association, 1289\u20131306. Retrieved from DOI:https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/rodler"},{"key":"e_1_3_2_59_2","doi-asserted-by":"publisher","DOI":"10.1145\/1595696.1595750"},{"key":"e_1_3_2_60_2","doi-asserted-by":"publisher","unstructured":"Christof Ferreira Torres Hugo Jonker and Radu State. 2021. Elysium: Context-aware Bytecode-Level Patching to Automatically Heal Vulnerable Smart Contracts. DOI:10.48550\/ARXIV.2108.10071","DOI":"10.48550\/ARXIV.2108.10071"},{"key":"e_1_3_2_61_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243780"},{"key":"e_1_3_2_62_2","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635875"},{"key":"e_1_3_2_63_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00021"},{"key":"e_1_3_2_64_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jclinepi.2004.02.021"},{"key":"e_1_3_2_65_2","volume-title":"Advances in Neural Information Processing Systems","author":"Vaswani Ashish","year":"2017","unstructured":"Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N. Gomez, \u0141ukasz Kaiser, and Illia Polosukhin. 2017. Attention is all you need. In Advances in Neural Information Processing Systems, I. Guyon, U. Von Luxburg, S. Bengio, H. Wallach, R. Fergus, S. Vishwanathan, and R. Garnett (Eds.), Vol. 30. Curran Associates, Inc. Retrieved from DOI:https:\/\/proceedings.neurips.cc\/paper\/2017\/file\/3f5ee243547dee91fbd053c1c4a845aa-Paper.pdf"},{"key":"e_1_3_2_66_2","unstructured":"M. Vladimirov and D. Khovratovich. 2018. ERC20 API: An Attack Vector on Approve\/Transfer from Methods. (2018)."},{"key":"e_1_3_2_67_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE-Companion52605.2021.00025"},{"key":"e_1_3_2_68_2","doi-asserted-by":"publisher","DOI":"10.1145\/3324884.3416590"},{"key":"e_1_3_2_69_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2019.8668020"},{"key":"e_1_3_2_70_2","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180233"},{"key":"e_1_3_2_71_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2016.2560811"},{"key":"e_1_3_2_72_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSC.2018.2876532"},{"key":"e_1_3_2_73_2","first-page":"11941","volume-title":"Proceedings of the 38th International Conference on Machine Learning (Proceedings of Machine Learning Research)","volume":"139","author":"Yasunaga Michihiro","year":"2021","unstructured":"Michihiro Yasunaga and Percy Liang. 2021. Break-it-fix-it: Unsupervised learning for program repair. In Proceedings of the 38th International Conference on Machine Learning (Proceedings of Machine Learning Research), Marina Meila and Tong Zhang (Eds.), Vol. 139. PMLR, 11941\u201311952. Retrieved from DOI:https:\/\/proceedings.mlr.press\/v139\/yasunaga21a.html"},{"key":"e_1_3_2_74_2","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3556926"},{"key":"e_1_3_2_75_2","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510222"},{"key":"e_1_3_2_76_2","doi-asserted-by":"publisher","DOI":"10.1145\/3402450"},{"key":"e_1_3_2_77_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2809496"},{"key":"e_1_3_2_78_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER48275.2020.9054825"},{"key":"e_1_3_2_79_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSAI.2017.8248566"},{"key":"e_1_3_2_80_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSC.2020.2995571"},{"key":"e_1_3_2_81_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2872971"},{"key":"e_1_3_2_82_2","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468544"},{"key":"e_1_3_2_83_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2942301"}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3637229","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3637229","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T23:43:42Z","timestamp":1750290222000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3637229"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,18]]},"references-count":82,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2024,5,31]]}},"alternative-id":["10.1145\/3637229"],"URL":"https:\/\/doi.org\/10.1145\/3637229","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,4,18]]},"assertion":[{"value":"2023-03-06","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-12-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-04-18","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}