CKG-LLM: LLM-Assisted Detection of Smart Contract Access Control Vulnerabilities Based on Knowledge Graphs

TL;DR

This paper introduces CKG-LLM, a novel framework that uses knowledge graphs and large language models to automatically detect access-control vulnerabilities in smart contracts, surpassing existing tools in performance.

Contribution

The paper presents a new approach combining knowledge graphs and LLMs for smart contract vulnerability detection, enabling semantic understanding and automated query generation.

Findings

CKG-LLM outperforms existing tools in vulnerability detection accuracy.

Knowledge graphs provide richer semantic representations of contract code.

LLMs facilitate translating natural language patterns into executable graph queries.

Abstract

Traditional approaches for smart contract analysis often rely on intermediate representations such as abstract syntax trees, control-flow graphs, or static single assignment form. However, these methods face limitations in capturing both semantic structures and control logic. Knowledge graphs, by contrast, offer a structured representation of entities and relations, enabling richer intermediate abstractions of contract code and supporting the use of graph query languages to identify rule-violating elements. This paper presents CKG-LLM, a framework for detecting access-control vulnerabilities in smart contracts. Leveraging the reasoning and code generation capabilities of large language models, CKG-LLM translates natural-language vulnerability patterns into executable queries over contract knowledge graphs to automatically locate vulnerable code elements. Experimental evaluation demonstrates that CKG-LLM achieves superior performance in detecting access-control vulnerabilities compared to existing tools. Finally, we discuss potential extensions of CKG-LLM as part of future research directions.