Developing secure smart contracts remains a challenging task. Existing approaches are either impractical or leave the burden to developers for fixing bugs. In this paper, we propose the first practical smart contract compiler, called HCC, which automatically inserts security hardening checks at the source-code level based on a novel and language-independent code property graph (CPG) notation. The high expressiveness of our developed CPG allows us to mitigate all of the most common smart contract vulnerabilities, namely reentrancy, integer bugs, suicidal smart contracts, improper use of tx.origin, untrusted delegate-calls, and unchecked low-level call bugs. Our large-scale evaluation on 10k real-world contracts and several sets of vulnerable contracts from related work demonstrates that HCC is highly practical, outperforms state-of-the-art contract hardening techniques, and effectively prevents all verified attack transactions without hampering functional correctness.

翻译：开发安全的智能合约仍然是一项具有挑战性的任务。现有方法要么不实用，要么将修复漏洞的负担留给开发者。本文提出首个实用的智能合约编译器HCC，该编译器基于一种新颖且语言无关的代码属性图表示法，在源代码级别自动插入安全强化检查。我们开发的CPG具有高表达能力，能够缓解所有最常见的智能合约漏洞，包括重入攻击、整数错误、自杀式合约、tx.origin误用、不可信委托调用以及未检查的低级调用漏洞。通过对1万个真实合约及相关工作中多组漏洞合约的大规模评估，我们证明HCC具有高度实用性，其性能优于当前最先进的合约强化技术，并能有效阻止所有已验证的攻击交易，同时不影响功能正确性。