USCSA: Evolution-Aware Security Analysis for Proxy-Based Upgradeable Smart Contracts

In the case of upgrading smart contracts on blockchain systems, it is essential to consider the continuity of upgrade and subsequent maintenance. In practice, upgrade operations often introduce new vulnerabilities. To address this, we propose an Upgradeable Smart Contract Security Analyzer, USCSA, which evaluates the risks associated with the upgrade process using the Abstract Syntax Tree (AST) difference analysis. We collected and analyzed 3,546 cases of vulnerabilities in upgradeable contracts, covering common vulnerability categories such as reentrancy, access control flaws, and integer overflow. Experimental results show that USCSA achieves an accuracy of 92.3%, recall of 89.7%, and F1-score of 91.0% in detecting upgrade-induced vulnerabilities. In addition, compared with traditional methods, the efficiency of mapping high-risk changes has increased by approximately 30%. As a result, USCSA provides a significant advantage to improve the security and integrity of upgradeable smart contracts, providing a novel and efficient solution to secure audits on blockchain applications.