ACTaint: Agent-Based Taint Analysis for Access Control Vulnerabilities in Smart Contracts
Smart contracts have become a foundational component of blockchain systems, enabling decentralized, transparent, and autonomous execution of application logic across various domains, including decentralized finance (DeFi), gaming, and digital identity. Due to their immutable and trustless nature, smart contracts often manage and transfer substantial amounts of assets without human intervention. However, vulnerabilities in smart contracts can lead to substantial financial losses. Among these, access control vulnerabilities are particularly critical, typically originating from inadequately designed or incorrectly implemented permission mechanisms. Most existing methods for detecting access control vulnerabilities are based on static analysis, which heavily relies on manually defined rules and pattern matching. While these methods are efficient at identifying certain classes of known vulnerabilities, they are inherently limited in scope and generalization. In particular, they often fail to capture the underlying business logic of smart contracts.
In this paper, we propose an LLM-based multi-agent system, named ACTaint, for detecting access control vulnerabilities in Solidity smart contracts. ACTaint first performs static analysis to guide the sink agent in identifying potential sinks. Then, based on the identified sinks, the taint agent conducts taint analysis to determine whether a data flow exists from untrusted sources to these sinks. We evaluate our approach on a dataset comprising known CVE cases and 624 real-world smart contracts. The results demonstrate that our method outperforms existing tools in both datasets. On the first dataset, our approach outperforms state-of-the-art tools, including AChecker and GPTLens, achieving higher recall and F1-score. On the second dataset, our method surpasses the leading static analysis tool AChecker, with a 16% improvement in precision and an 8.5% improvement in F1-score.