TY - GEN
T1 - POSTER
T2 - 20th ACM ASIA Conference on Computer and Communications Security, ASIA CCS 2025
AU - Kim, Taeyoung
AU - Lee, Gilhee
AU - Kim, Hyoungshick
N1 - Publisher Copyright:
© 2025 Copyright held by the owner/author(s).
PY - 2025/8/24
Y1 - 2025/8/24
N2 - Smart contract vulnerabilities pose significant financial risks, making their detection and remediation critical before deployment. While numerous vulnerability detection tools exist, limited empirical research examines how smart contract vulnerabilities are patched and maintained in practice. To address this gap, we conducted a comprehensive analysis of patch management practices across smart contract ecosystems. Our study examined 4,345,088 smart contracts and identified 8,727 vulnerable contracts via an automated detection tool and 4,399 through user reports. Smart contract development practices widely acknowledge that vulnerable contracts should be destroyed and redeployed with appropriate fixes. However, we found that only 248 user-reported vulnerable contracts were self-destructed and only 6.85% of them were redeployed following destruction. Furthermore, these redeployed contracts still contained vulnerabilities, indicating ineffective patch implementation. These findings reveal significant shortcomings in current smart contract maintenance practices and highlight the need for improved security patch management protocols.
AB - Smart contract vulnerabilities pose significant financial risks, making their detection and remediation critical before deployment. While numerous vulnerability detection tools exist, limited empirical research examines how smart contract vulnerabilities are patched and maintained in practice. To address this gap, we conducted a comprehensive analysis of patch management practices across smart contract ecosystems. Our study examined 4,345,088 smart contracts and identified 8,727 vulnerable contracts via an automated detection tool and 4,399 through user reports. Smart contract development practices widely acknowledge that vulnerable contracts should be destroyed and redeployed with appropriate fixes. However, we found that only 248 user-reported vulnerable contracts were self-destructed and only 6.85% of them were redeployed following destruction. Furthermore, these redeployed contracts still contained vulnerabilities, indicating ineffective patch implementation. These findings reveal significant shortcomings in current smart contract maintenance practices and highlight the need for improved security patch management protocols.
KW - Blockchain security
KW - Smart contract
KW - Vulnerability management
UR - https://www.scopus.com/pages/publications/105015998741
U2 - 10.1145/3708821.3735344
DO - 10.1145/3708821.3735344
M3 - Conference contribution
AN - SCOPUS:105015998741
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 1803
EP - 1805
BT - ACM ASIA CCS 2025 - Proceedings of the 20th ACM ASIA Conference on Computer and Communications Security
PB - Association for Computing Machinery
Y2 - 25 August 2025 through 29 August 2025
ER -