USCSA: Evolution-Aware Security Analysis for Proxy-Based Upgradeable Smart Contracts

In the case of upgrading smart contracts on blockchain systems, it is essential to consider the continuity of upgrade and subsequent maintenance. In practice, upgrade operations often introduce new vulnerabilities. To address this, we propose an Upgradable Smart Contract Security Analyzer, USCSA, which evaluates the risks associated with the upgrade process using the Abstract Syntax Tree (AST) differential analysis. We collected and analyzed 3,546 cases of vulnerabilities in upgradable contracts,covering common vulnerability categories such as reentrancy, access control flaws, and integer overflow. Experimental results show that USCSA achieves an accuracy of 92.3%, recall of 89.7%, and F1-score of 91.0% in detecting upgrade-induced vulnerabilities. In addition, the efficiency of mapping high-risk changes has achieved a 30% improvement over the conventional approach. As a result, USCSA provides a significant advantage to improve the security and integrity of upgradable smart contracts, providing a novel and efficient solution to secure audits on blockchain applications.