An empirical study on real bug fixes from solidity smart contract projects

Abstract

Smart contracts are pieces of code that reside inside the blockchains and can be triggered to execute any transaction when specifically predefined conditions are satisfied. Being commonly used for commercial transactions in blockchain makes the security of smart contracts particularly important. Over the last few years, we have seen a great deal of academic and practical interest in detecting and fixing the bugs in smart contracts written by Solidity. But little is known about the real bug fixes in Solidity smart contract projects. To understand the bug fixes and enrich the knowledge of bug fixes in real-world projects, we conduct an empirical study on historical bug fixes from 46 real-world Solidity smart contract projects in this paper. We provide a multi-faceted discussion and mainly explore the following four questions: File Type and Amount, Fix Complexity, Bug distribution, and Fix Patches. We distill four findings during the process to explore these four questions. Finally, based on these findings, we provide actionable implications to improve the current approaches to fixing bugs in Solidity smart contracts from three aspects: Automatic repair techniques, Analysis tools, and Solidity developers.