Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

CKG-LLM: LLM-Assisted Detection of Smart Contract Access Control Vulnerabilities Based on Knowledge Graphs

Xiaoqi Li, Hailu Kuang, Wenkai Li, Zongwei Li, Shipeng Ye

TL;DR

The paper tackles the detection of access-control vulnerabilities in smart contracts by overcoming AST-era limitations through a contract knowledge graph built from Slither IR. It leverages large language models to translate natural-language vulnerability patterns into executable graph queries (NL2GQL) and introduces RLAF to iteratively refine query generation. Key contributions include the first LLM-driven NL2GQL pipeline over a contract KG, a Slither-based KG construction with a two-layer ontology, and a domain-adaptive RL framework that improves detection accuracy (F1 = 74.9%) and efficiency. Results on the FORGE dataset show that CKG-LLM outperforms existing tools in both effectiveness and speed, suggesting a promising direction for scalable, semantically rich contract security analysis.

Abstract

Traditional approaches for smart contract analysis often rely on intermediate representations such as abstract syntax trees, control-flow graphs, or static single assignment form. However, these methods face limitations in capturing both semantic structures and control logic. Knowledge graphs, by contrast, offer a structured representation of entities and relations, enabling richer intermediate abstractions of contract code and supporting the use of graph query languages to identify rule-violating elements. This paper presents CKG-LLM, a framework for detecting access-control vulnerabilities in smart contracts. Leveraging the reasoning and code generation capabilities of large language models, CKG-LLM translates natural-language vulnerability patterns into executable queries over contract knowledge graphs to automatically locate vulnerable code elements. Experimental evaluation demonstrates that CKG-LLM achieves superior performance in detecting access-control vulnerabilities compared to existing tools. Finally, we discuss potential extensions of CKG-LLM as part of future research directions.

CKG-LLM: LLM-Assisted Detection of Smart Contract Access Control Vulnerabilities Based on Knowledge Graphs

TL;DR

The paper tackles the detection of access-control vulnerabilities in smart contracts by overcoming AST-era limitations through a contract knowledge graph built from Slither IR. It leverages large language models to translate natural-language vulnerability patterns into executable graph queries (NL2GQL) and introduces RLAF to iteratively refine query generation. Key contributions include the first LLM-driven NL2GQL pipeline over a contract KG, a Slither-based KG construction with a two-layer ontology, and a domain-adaptive RL framework that improves detection accuracy (F1 = 74.9%) and efficiency. Results on the FORGE dataset show that CKG-LLM outperforms existing tools in both effectiveness and speed, suggesting a promising direction for scalable, semantically rich contract security analysis.

Abstract

Traditional approaches for smart contract analysis often rely on intermediate representations such as abstract syntax trees, control-flow graphs, or static single assignment form. However, these methods face limitations in capturing both semantic structures and control logic. Knowledge graphs, by contrast, offer a structured representation of entities and relations, enabling richer intermediate abstractions of contract code and supporting the use of graph query languages to identify rule-violating elements. This paper presents CKG-LLM, a framework for detecting access-control vulnerabilities in smart contracts. Leveraging the reasoning and code generation capabilities of large language models, CKG-LLM translates natural-language vulnerability patterns into executable queries over contract knowledge graphs to automatically locate vulnerable code elements. Experimental evaluation demonstrates that CKG-LLM achieves superior performance in detecting access-control vulnerabilities compared to existing tools. Finally, we discuss potential extensions of CKG-LLM as part of future research directions.

Paper Structure

This paper contains 14 sections, 2 equations, 4 figures, 2 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Background
  3. CKG-LLM
  4. CKG Building
  5. Ontology
  6. Instance
  7. Prompt Construction
  8. Input
  9. Instructions
  10. Fine-Tuning
  11. DPO Training
  12. Application
  13. Experimental Evaluation
  14. Future Plans

Figures (4)

  • Figure 1: A simplified example of the CKG ontology layer, where nodes represent classes and their attributes, while edges denote object and instance properties.
  • Figure 2: The overall workflow of CKG-LLM, consists of four stages: (1) construction of the contract knowledge graph and the prompt design; (2) supervised fine-tuning for guiding LLMs in NL2GQL tasks; (3) DPO-based training to enhance the effectiveness of generated GQL in detecting vulnerabilities; and (4) LLM-assisted query generation for real-world applications.
  • Figure 3: An overview of the two-round prompt template. The first round requires intermediate reasoning, and the second round requires queries based on the reasoning results.
  • Figure 4: The SLM score distribution of the SFT and SFT+DPO trained model over 553 contracts in NL2GQL tasks.