Bridging the Gap: A Comparative Study of Academic and Developer Approaches to Smart Contract Vulnerabilities
In this paper, we investigate the strategies adopted by Solidity developers to fix security vulnerabilities in smart contracts. Vulnerabilities are categorized using the DASP TOP 10 taxonomy, and fixing strategies are extracted from GitHub commits in open-source Solidity projects. Each commit was selected through a two-phase process: an initial filter using natural language processing techniques, followed by manual validation by the authors. We analyzed these commits to evaluate adherence to academic best practices. Our results show that developers often follow established guidelines for well-known vulnerability types such as Reentrancy and Arithmetic. However, in less-documented categories like Denial of Service, Bad Randomness, and Time Manipulation, adherence is significantly lower, suggesting gaps between academic literature and practical development. From non-aligned commits, we identified 27 novel fixing strategies not previously discussed in the literature. These emerging patterns offer actionable solutions for securing smart contracts in underexplored areas. To evaluate the quality of these new fixes, we conducted a questionnaire with academic and industry experts, who assessed each strategy based on Generalizability, Long-term Sustainability, and Effectiveness. Additionally, we performed a post-fix analysis by tracking subsequent commits to the fixed files, assessing the persistence and evolution of the fixes over time. Our findings offer an empirically grounded view of how vulnerabilities are addressed in practice, bridging theoretical knowledge and real-world solutions in the domain of smart contract security.