USCSA: Evolution-Aware Security Analysis for Proxy-Based Upgradeable Smart Contracts
This program is tentative and subject to change.
In the case of upgrading smart contracts on blockchain systems, it is essential to consider the continuity of upgrades and subsequent maintenance. In practice, upgrade operations often introduce new vulnerabilities. Existing static analysis tools usually only scan a single version and are unable to capture the correlation between code changes and emerging risks. To address this, we propose an Upgradeable Smart Contract Security Analyzer, USCSA, which uses Abstract Syntax Tree (AST) difference analysis to assess risks associated with the upgrade process and utilizes large language models (LLMs) for assisted reasoning to achieve high-confidence vulnerability attribution. We collected and analyzed 3,546 cases of vulnerabilities in upgradeable contracts, covering common vulnerability categories such as reentrancy, access control flaws, and integer overflow. Experimental results show that USCSA achieves a precision of 92.26%, a recall of 89.67%, and an F1-score of 90.95% in detecting upgrade-induced vulnerabilities. As a result, USCSA provides a significant advantage to improve the security and integrity of upgradeable smart contracts, offering a novel and efficient solution for security auditing on blockchain applications.
This program is tentative and subject to change.
Fri 17 AprDisplayed time zone: Brasilia, Distrito Federal, Brazil change
16:00 - 17:30 | Dependability and Security 11Journal-first Papers / New Ideas and Emerging Results (NIER) / Research Track at Oceania X Chair(s): Jacques Klein University of Luxembourg | ||
16:00 15mTalk | AtomGraph: Tackling Atomicity Violation in Smart Contracts using Multimodal GCNs New Ideas and Emerging Results (NIER) Xiaoqi Li Hainan University, Zongwei Li Hainan University, Wenkai Li Hainan University, Zeng Zhang Hainan University, Lei Xie Hainan University | ||
16:15 15mTalk | ACFix: Guiding LLMs with Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts Journal-first Papers Lyuye Zhang Nanyang Technological University, Kaixuan Li Nanyang Technological University, Kairan Sun Nanyang Technological University, Daoyuan Wu Lingnan University, Ye Liu Singapore Management University, Haoye Tian Aalto University, Yang Liu Nanyang Technological University | ||
16:30 15mTalk | Do Automated Fixes Truly Mitigate Smart Contract Exploits? Journal-first Papers Sofia Bobadilla KTH Royal Institute of Technology, Sweden, Mónica Jin KTH Royal Institute of Technology, Martin Monperrus KTH Royal Institute of Technology | ||
16:45 15mTalk | CKG-LLM: LLM-Assisted Detection of Smart Contract Access Control Vulnerabilities Based on Knowledge Graphs New Ideas and Emerging Results (NIER) Xiaoqi Li Hainan University, Hailu Kuang Hainan University, Wenkai Li Hainan University, Zongwei Li Hainan University, Shipeng Ye Hainan University | ||
17:00 15mTalk | One Signature, Multiple Payments: Demystifying and Detecting Signature Replay Vulnerabilities in Smart Contracts Research Track Zexu Wang Sun Yat-sen University, Jiachi Chen Sun Yat-sen University, Zewei Lin Sun Yat-sen University, Wenqing Chen Sun Yat-sen University, Kaiwen Ning Sun Yat-sen University, Jianxing Yu Sun Yat-sen University, Yuming Feng Peng Cheng Laboratory, Yu Zhang Harbin Institute of Technology, Weizhe Zhang Harbin Institute of Technology, Zibin Zheng Sun Yat-sen University Pre-print Media Attached | ||
17:15 15mTalk | USCSA: Evolution-Aware Security Analysis for Proxy-Based Upgradeable Smart Contracts New Ideas and Emerging Results (NIER) Xiaoqi Li Hainan University, Lei Xie Hainan University, Wenkai Li Hainan University, Zongwei Li Hainan University Media Attached | ||