Have We Solved Access Control Vulnerability Detection in Smart Contracts? A Benchmark Study
This program is tentative and subject to change.
Access control (AC) vulnerabilities are among the most critical security threats to smart contracts. Despite extensive research, they remain increasingly destructive in the Ethereum ecosystem. To understand and advance the current state-of-the-art (SOTA) in AC vulnerability detection, we first curate a diverse dataset of 180 real-world AC vulnerabilities from CVE entries, DeFiHackLabs incidents, and Code4rena audit reports.
Using this dataset, we conduct a systematic benchmark study along three dimensions. First, we develop a cause-based taxonomy and analyze the prevalence and evolution of AC vulnerabilities. Second, we evaluate six SOTA tools—two industry and four academic—revealing low recall (3–8%) and significant blind spots. To understand these failures, we examine 1.2 million deployed contracts and uncover practical gaps in AC protection mechanisms overlooked by existing tools. Finally, we assess the potential of large language models (LLMs) for AC vulnerability detection and show that LLMs detect 53–75% of vulnerabilities, outperforming traditional tools but facing challenges such as hallucinations and scalability. Our findings highlight the need for hybrid approaches that combine static analysis with LLM-based semantic reasoning to address the complexity of modern AC vulnerabilities.
This program is tentative and subject to change.
Tue 18 NovDisplayed time zone: Seoul change
14:00 - 15:30 | |||
14:00 10mTalk | Leveraging Mixture-of-Experts Framework for Smart Contract Vulnerability Repair with Large Language Model Research Papers Hang Yuan Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, China, Xizhi Hou Institute of Software, Chinese Academy of Sciences; University of Chinese Academy of Sciences, Lei Yu Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, China, Li Yang Institute of Software, Chinese Academy of Sciences, Jiayue Tang Institute of Software, CAS, Univ. of Chinese Academy of Sciences, Jiadong Xu Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, Yifei Liu Institute of Software, Chinese Academy of Sciences, University of Chinese Academy of Sciences, Fengjun Zhang Institute of Software, Chinese Academy of Sciences, China, Chun Zuo Sinosoft | ||
14:10 10mTalk | Why Is My Transaction Risky? Understanding Smart Contract Semantics and Interactions in the NFT Ecosystem Research Papers Yujing Chen Zhejiang University, Xuanming Liu Zhejiang University, Zhiyuan Wan Zhejiang University, Zuobin Wang Zhejiang University, David Lo Singapore Management University, Difan Xie Hangzhou High-Tech Zone (Binjiang) Institute of Blockchain and Data Security, Xiaohu Yang Zhejiang University | ||
14:20 10mTalk | Demystifying OpenZeppelin's Own Vulnerabilities and Analyzing Their Propagation in Smart Contracts Research Papers Han Liu The Hong Kong University of Science and Technology, Daoyuan Wu Lingnan University, Yuqiang Sun Nanyang Technological University, Shuai Wang Hong Kong University of Science and Technology, Yang Liu Nanyang Technological University, Yixiang Chen East China Normal University | ||
14:30 10mTalk | PROMFUZZ: Leveraging LLM-Driven and Bug-Oriented Composite Analysis for Detecting Functional Bugs in Smart Contracts Research Papers Xingshuang Lin Zhejiang University, Qinge Xie Georgia Institute of Technology, Binbin Zhao Zhejiang University, Yuan Tian , Saman Zonouz Georgia Institute of Technology, Na Ruan Shanghai Jiaotong University, Jiliang Li Xi'an Jiaotong University, Raheem Beyah Georgia Institute of Technology, Shouling Ji Zhejiang University | ||
14:40 10mTalk | VeriExploit: Automatic Bug Reproduction in Smart Contracts via LLMs and Formal Methods Research Papers Chenfeng Wei The University of Manchester, Shiyu Cai The University of Manchester, Yiannis Charalambous The University of Manchester, Tong Wu , Sangharatna Godboley NIT Warangal, Lucas C. Cordeiro University of Manchester, UK and Federal University of Amazonas, Brazil | ||
14:50 10mTalk | SolContractEval: A Benchmark for Evaluating Contract-Level Solidity Code Generation Research Papers Zhifan Ye Zhejiang University, Jiachi Chen Sun Yat-sen University, Zhenzhe Shao Sun Yat-sen University, Lingfeng Bao Zhejiang University, Xiaohu Yang Zhejiang University, Zhongxin Liu Zhejiang University | ||
15:00 10mTalk | PrefGen: A Preference-Driven Methodology for Secure Yet Gas-Efficient Smart Contract Generation Research Papers Zhiyuan Peng Shanghai Jiao Tong University, Xin Yin Zhejiang University, Zijie Zhou China University of Petroleum (Beijing), Chenhao Ying Shanghai Jiao Tong University, Chao Ni Zhejiang University, Yuan Luo Shanghai Jiao Tong University Pre-print | ||
15:10 10mTalk | Soleker: Uncovering Vulnerabilities in Solana Smart Contracts Research Papers Kunsong Zhao The Hong Kong Polytechnic University, Yunpeng Tian The Hong Kong Polytechnic University, Zuchao Ma The Hong Kong Polytechnic University, Xiapu Luo Hong Kong Polytechnic University | ||
15:20 10mTalk | Have We Solved Access Control Vulnerability Detection in Smart Contracts? A Benchmark Study Research Papers Han Liu The Hong Kong University of Science and Technology, Daoyuan Wu Lingnan University, Yuqiang Sun Nanyang Technological University, Shuai Wang Hong Kong University of Science and Technology, Yang Liu Nanyang Technological University | ||