An Automated Smart Contract Repair Framework for Reentrancy, Integer Overflow, and Denial- of-Service Vulnerabilities

Year : 2026 | Volume : 17 | Issue : 01 | Page : 31 41
    By

    Lipi Begam,

  • Ranjit Haldar,

  • Devmalya Mondal,

  • Sabyasachi Chakroborty,

  1. Assistant Professor, Department of Information Technology, B.P. Poddar Institute of Management and Technology, Kolkata, West Bengal, India
  2. Assistant Professor, Department of Information Technology, B.P. Poddar Institute of Management and Technology, Kolkata, West Bengal, India
  3. Student, Department of Information Technology, B.P. Poddar Institute of Management and Technology, Kolkata, West Bengal, India
  4. Assistant Professor, Department of Information Technology, B.P. Poddar Institute of Management and Technology, Kolkata, West Bengal, India

Abstract

This paper introduces a novel static analysis framework designed to bridge a long-standing gap in Ethereum smart contract security: the disconnect between vulnerability detection and automated remediation. Although widely adopted tools such as Slither and Oyente are highly effective at identifying security weaknesses, they stop short of providing actionable fixes. As a result, developers manually patch vulnerabilities, a process that is not only time-consuming but also susceptible to human error and inconsistent implementation. Our proposed solution directly addresses this limitation by integrating vulnerability detection with lightweight, automated repair mechanisms. The framework employs a regex-based static analyzer that prioritizes efficiency and practicality over heavyweight program analysis techniques. It introduces three core innovations. First, it automatically injects noReentrant modifiers into vulnerable functions, effectively preventing reentrancy attacks without altering business logic. Second, it performs context-aware wrapping of arithmetic operations inside unchecked{} blocks, reducing the risk of integer overflow and underflow issues while maintaining Solidity compiler compatibility. Third, it systematically annotates loops containing external calls to highlight potential denial-of-service (DoS) risks, improving code readability and auditability. To evaluate effectiveness, the tool was tested on three purpose-built vulnerable contracts: ReentrancyDemo.sol, IntegerBugDemo.sol, and DoSDemo.sol. The results show 100% detection accuracy with zero false positives. In addition, the analyzer outperforms Oyente’s symbolic execution approach by a factor of three to five in execution speed, while achieving precision comparable to Slither. By avoiding abstract syntax tree construction and leveraging a modular, regex-driven design, the framework consistently analyzes 200–300 line contracts in under one second, making it both scalable and developer-friendly.

Keywords: Automated vulnerability remediation, blockchain security tools, denial-of-service protection, Ethereum, integer overflow prevention, reentrancy detection, regex-based analysis, smart contract security, Solidity, static analysis

[This article belongs to Journal of Computer Technology & Applications ]

How to cite this article:
Lipi Begam, Ranjit Haldar, Devmalya Mondal, Sabyasachi Chakroborty. An Automated Smart Contract Repair Framework for Reentrancy, Integer Overflow, and Denial- of-Service Vulnerabilities. Journal of Computer Technology & Applications. 2026; 17(01):31-41.
How to cite this URL:
Lipi Begam, Ranjit Haldar, Devmalya Mondal, Sabyasachi Chakroborty. An Automated Smart Contract Repair Framework for Reentrancy, Integer Overflow, and Denial- of-Service Vulnerabilities. Journal of Computer Technology & Applications. 2026; 17(01):31-41. Available from: https://journals.stmjournals.com/jocta/article=2026/view=237232


References

  1. Atzei N, Bartoletti M, Cimoli T. A survey of attacks on Ethereum smart contracts (SoK). In: Maffei M, Ryan M, editors. Principles of Security and Trust. Lecture Notes in Computer Science. Vol. 10204. Berlin (DE): Springer; 2017. p. 164–186. doi:10.1007/978-3-662-54455-6_8.
  2. Luu L, Chu DH, Olickel H, Saxena P, Hobor A. Making smart contracts smarter. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS ’16); 2016 Oct 24–28; Vienna, Austria. New York (NY): Association for Computing Machinery; 2016. p. 254–269. doi:10.1145/2976749.2978309.
  3. Tsankov P, Dan A, Drachsler-Cohen D, Gervais A, Bünzli F, Vechev M. Securify: Practical security analysis of smart contracts. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS ’18); 2018 Oct 15–19; Toronto, Canada. New York (NY): Association for Computing Machinery; 2018. p. 67–82. doi:10.1145/3243734.3243780.
  4. Feist J, Grieco G, Groce A. (2019). Slither: Static analyzer for Solidity and Vyper. [Online] GitHub. Available from: https://github.com/crytic/slither
  5. Kolluri A, Nikolic I, Sergey I, Hobor A, Saxena P. Exploiting the laws of order in smart contracts. In: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2019); 2019 Jul 15–19; Beijing, China. New York (NY): Association for Computing Machinery; 2019. p. 363–373. doi:10.1145/3293882.3330560.
  6. GitHub. (2026). GitHub – protofire/solhint: Solhint is an open-source project to provide a linting utility for Solidity code. [online] GitHub. Available from: https://github.com/protofire/solhint
  7. Solidity Authors. (2025). Security considerations. [online]. Solidity. Available from: https://docs.soliditylang.org/en/latest/security-considerations.html
  8. Jaffar J, Murali V, Navas JA, Santosa AE. Tracer: A symbolic execution tool for verification. In: Madhusudan P, Seshia SA, editors. Computer Aided Verification. Berlin: Springer; 2012. p. 758– 766. doi:10.1007/978-3-642-31424-7_61.
  9. Griggs B. Node Cookbook: Discover Solutions, Techniques, and Best Practices for Server-Side Web Development with Node.js 14. Birmingham (UK): Packt Publishing; 2020.
  10. Pierro GA, Tonelli R. PASO: A web-based parser for Solidity language analysis. 2020 IEEE International Workshop on Blockchain Oriented Software Engineering (IWBOSE), London, ON, Canada. 2020. p. 16–21. doi:10.1109/IWBOSE50093.2020.9050263.
  11. Boi B, Esposito C, Lee S. Smart contract vulnerability detection: The role of large language model (LLM). ACM SIGAPP Appl Comput Rev. 2024;24:19–29. doi:10.1145/3687251.3687253.
  12. Grech N, Kong M, Jurisevic A, Brent L, Scholz B, Smaragdakis Y. MadMax: Analyzing the out-of- gas world of smart contracts. Commun ACM. 2020;63(10):87–95. doi:10.1145/3416262.
  13.  Rameder H, Di Angelo M, Salzer G. Review of automated vulnerability analysis of smart contracts on Ethereum. Front Blockchain. 2022;5:814977. doi:10.3389/fbloc.2022.814977.
  14. Sharma N, Sharma S. A survey of Mythril, a smart contract security analysis tool for EVM bytecode. Indian J Nat Sci. 2022;13(75):51003–51010.
  15. Badruddoja S, Dantu R, He Y, Upadhayay K, Thompson M. Making smart contracts smarter. 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), Sydney, Australia. 2021. p. 1–3. doi:10.1109/ICBC51069.2021.9461148.
  16. He Y, Fan J, Wu H. A systematic review and performance evaluation of open-source tools for smart contract vulnerability detection. Comput Mater Contin. 2024;80(1):995–1032. doi:10.32604/cmc.2024.052887.
  17. Mitropoulos C, Kechagia M, Maschas C, Ioannidis S, Sarro F, Mitropoulos D. Broken agreement: The evolution of Solidity error handling. In: Proceedings of the 18th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM ’24); 2024 Oct 24–25; Barcelona, Spain. New York (NY): Association for Computing Machinery; 2024. p. 257–268. doi:10.1145/3674805.3686686.
  18. Zhou H, Milani Fard A, Makanju A. The state of Ethereum smart contracts security: Vulnerabilities, countermeasures, and tool support. J Cybersecur Priv. 2022;2(2):358–378. doi:10.3390/jcp2020019.
  19. Huang R, Shen Q, Wang Y, Wu Y, Wu Z, Luo X, et al. ReenRepair: Automatic and semantic equivalent repair of reentrancy in smart contracts. J Syst Softw. 2024;216:112107. doi:10.1016/j.jss.2024.112107.
Regular Issue Subscription Original Research
Volume 17
Issue 01
Received 14/10/2025
Accepted 02/01/2026
Published 20/02/2026
Publication Time 129 Days
124

Login


My IP

PlumX Metrics