Publikationen

Publikationen

Art der Publikation: Beitrag in Sammelwerk

HCC: A Language-Independent Hardening Contract Compiler for Smart Contracts

Autor(en):
Giesen, Jens-Rene; Andreina, Sebastien; Rodler, Michael; Karame, Ghassan; Davi, Lucas
Titel des Sammelbands:
Proc. of 23rd International Conference on Applied Cryptography and Network Security (ACNS)
Verlag:
Springer
Ort(e):
Munich, Germany
Veröffentlichung:
2025
Zitation:
Download BibTeX

Kurzfassung

Developing secure smart contracts remains a challenging task. Existing approaches are either impractical or leave the burden to developers for fixing bugs. In this paper, we propose the first practical smart contract compiler, called HCC, which automatically inserts security hardening checks at the source-code level based on a novel and language-independent code property graph (CPG) notation. The high expressiveness of our developed CPG allows us to mitigate all of the most common smart contract vulnerabilities, namely reentrancy, integer bugs, suicidal smart contracts, improper use of tx.origin, untrusted delegate-calls, and unchecked low-level call bugs. Our large-scale evaluation on 10k real-world contracts and several sets of vulnerable contracts from related work demonstrates that HCC is highly practical, outperforms state-of-the-art contract hardening techniques, and effectively prevents all verified attack transactions without hampering functional correctness.