This study investigates the gap between industrial Solidity developers’ practices and academic best practices in patching smart contract vulnerabilities (DASP TOP 10). Using NLP-based filtering, manual annotation of GitHub commits, expert surveys, and longitudinal temporal analysis, we systematically compare real-world and research-recommended remediation strategies. Our work makes three key contributions: (1) the first identification of 27 novel repair patterns not documented in prior literature; (2) a three-dimensional expert evaluation framework assessing generality, sustainability, and effectiveness of patches; and (3) the first longitudinal study tracking post-patch evolution over extended time periods. Results show high compliance in addressing reentrancy and arithmetic overflow, but significantly lower adherence for denial-of-service and randomness flaws. The 27 newly identified patterns received strong expert validation, with several demonstrating immediate engineering applicability.

In this paper, we investigate the strategies adopted by Solidity developers to fix security vulnerabilities in smart contracts. Vulnerabilities are categorized using the DASP TOP 10 taxonomy, and fixing strategies are extracted from GitHub commits in open-source Solidity projects. Each commit was selected through a two-phase process: an initial filter using natural language processing techniques, followed by manual validation by the authors. We analyzed these commits to evaluate adherence to academic best practices. Our results show that developers often follow established guidelines for well-known vulnerability types such as Reentrancy and Arithmetic. However, in less-documented categories like Denial of Service, Bad Randomness, and Time Manipulation, adherence is significantly lower, suggesting gaps between academic literature and practical development. From non-aligned commits, we identified 27 novel fixing strategies not previously discussed in the literature. These emerging patterns offer actionable solutions for securing smart contracts in underexplored areas. To evaluate the quality of these new fixes, we conducted a questionnaire with academic and industry experts, who assessed each strategy based on Generalizability, Long-term Sustainability, and Effectiveness. Additionally, we performed a post-fix analysis by tracking subsequent commits to the fixed files, assessing the persistence and evolution of the fixes over time. Our findings offer an empirically grounded view of how vulnerabilities are addressed in practice, bridging theoretical knowledge and real-world solutions in the domain of smart contract security.