CollisionRepair: First-Aid and Automated Patching for Storage Collision Vulnerabilities in Smart Contracts

Storage collision vulnerabilities, a significant security risk in upgradeable smart contracts, often arise when a user-facing proxy contract and a backend logic contract share storage space. While static analysis techniques can detect such issues, they often over-approximate program states, leading to false positives and requiring developers to manually verify each issue, giving attackers time to exploit any overlooked vulnerabilities. To address this, we propose CollisionRepair, an automated patching technique for mitigating storage collision risks. CollisionRepair monitors storage access sequences between proxy and logic contracts by defining an "ownership" property for storage locations. It then replays historical transactions to recover existing storage ownership, ensuring the patched code aligns with the current state. A gas impact-aware differential analysis is applied to verify the patch, distinguishing genuine behavioral changes from variations caused by gas usage. Our evaluation on 12,526 real-world vulnerable upgradeable contracts shows that CollisionRepair effectively detects and mitigates storage collision attacks without interfering with normal contract operations.