ASCRec: Recommending Accurate and Secure Codes for Smart Contract Developers
摘要
Smart contracts have been increasingly created and deployed with the wide use of blockchain technology. The security and reliability issues of smart contracts draw extensive attention from academia and industry. Most of these issues are caused by developers when they are writing contract codes, such as writing non-standard codes and making unintentional mistakes. Thus, we propose a token-level code recommendation approach, ASCRec, for Solidity language to improve the efficiency of smart contract development and reduce code vulnerabilities. ASCRec first selects bug-free smart contracts via vulnerability detection tools to form a training dataset. Then a transformer-based code recommendation model with token type and text embedding is trained to predict the next token and generate a recommendation list. Finally, the token recommendation list is optimized based on a series of strategies proposed with expert knowledge. We evaluate ASCRec based on real-world smart contracts extracted from 230,548 open source sol files on Etherscan, and compare it with six state-of-the-art baselines. The results show that ASCRec is effective for token recommendation and has the ability to avoid five token-level vulnerabilities of smart contracts.