This work addresses the critical challenge that smart contracts, once deployed, are immutable and existing vulnerability repair tools often yield limited efficacy, potentially leading to severe financial losses. To overcome this limitation, the authors propose SCPatcher, a novel framework that uniquely integrates knowledge graphs with Retrieval-Augmented Generation (RAG). SCPatcher constructs a function-level semantic knowledge graph from 5,000 verified Ethereum contracts, serving as an external knowledge source for large language models. It employs a two-stage strategy—knowledge-guided initial repair followed by chain-of-thought reasoning—to enable precise and automated fixing of complex vulnerabilities. Experimental results demonstrate that SCPatcher achieves an overall repair rate of 81.5% and a compilation success rate of 91.0% on diverse test sets, significantly outperforming state-of-the-art methods.

Smart contract vulnerabilities can cause substantial financial losses due to the immutability of code after deployment. While existing tools detect vulnerabilities, they cannot effectively repair them. In this paper, we propose SCPatcher, a framework that combines retrieval-augmented generation with a knowledge graph for automated smart contract repair. We construct a knowledge graph from 5,000 verified Ethereum contracts, extracting function-level relationships to build a semantic network. This graph serves as an external knowledge base that enhances Large Language Model reasoning and enables precise vulnerability patching. We introduce a two-stage repair strategy, initial knowledge-guided repair followed by Chain-of-Thought reasoning for complex vulnerabilities. Evaluated on a diverse set of vulnerable contracts, SCPatcher achieves 81.5\% overall repair rate and 91.0\% compilation pass rate, substantially outperforming existing methods.