HCC: A Language-Independent Hardening Contract Compiler for Smart Contracts
Jens-Rene Giesen, Sebastien Andreina, Michael Rodler, Ghassan O. Karame, Lucas Davi
TL;DR
HCC introduces a language‑independent hardening contract compiler that operates at the source level by constructing a code‑property graph (CPG) to model control‑ and data‑flow in smart contracts. The framework performs inter‑procedural and inter‑contract analysis, discovers vulnerability patterns, and automatically inserts targeted hardening patches before code generation, thereby preventing exploits while preserving functional behavior. Evaluated on 10k Solidity contracts and adapted to Hyperledger Fabric, HCC achieves high hardness against reentrancy and integer bugs with modest gas and runtime overhead, outperforming prior source‑level repair tools and maintaining compatibility with existing workflows. The work demonstrates practical, scalable security hardening across Ethereum and Fabric, with open‑source release and broad applicability through a generic CPG representation.
Abstract
Developing secure smart contracts remains a challenging task. Existing approaches are either impractical or leave the burden to developers for fixing bugs. In this paper, we propose the first practical smart contract compiler, called HCC, which automatically inserts security hardening checks at the source-code level based on a novel and language-independent code property graph (CPG) notation. The high expressiveness of our developed CPG allows us to mitigate all of the most common smart contract vulnerabilities, namely reentrancy, integer bugs, suicidal smart contracts, improper use of tx.origin, untrusted delegate-calls, and unchecked low-level call bugs. Our large-scale evaluation on 10k real-world contracts and several sets of vulnerable contracts from related work demonstrates that HCC is highly practical, outperforms state-of-the-art contract hardening techniques, and effectively prevents all verified attack transactions without hampering functional correctness.
