Enhancing Smart Contract Security: Empirical Characterization, Fault Analysis, and Vulnerability Detection

The Hong Kong University of Science and Technology
Department of Computer Science and Engineering


PhD Thesis Defence


Title: "Enhancing Smart Contract Security: Empirical Characterization, Fault 
Analysis, and Vulnerability Detection"

By

Miss Lu LIU


Abstract:

Smart contracts have become the backbone of decentralized ecosystems, managing 
billions of dollars in assets across applications ranging from Decentralized 
Finance (DeFi) to digital governance. Given the immutable and autonomous 
nature of blockchains, the security of these contracts is paramount. A single 
vulnerability can lead to catastrophic and irreversible financial losses. 
However, despite these high stakes, a significant gap exists in understanding 
how developers utilize exception- handling mechanisms to enforce correctness 
and the specific types of logic flaws that arise from their misuse. This 
thesis aims to enhance smart contract security through comprehensive studies, 
beginning with an empirical characterization of defensive programming 
practices, followed by a systematic analysis of associated faults, and 
finally, the proposal of a novel vulnerability detection framework. It 
consists of the following three studies.

The first study focuses on the fundamental safeguards of contract logic: 
state- reverting statements (i.e., require, revert, and throw). While these 
statements serve as the principal mechanisms for exception handling in 
Solidity, there is a lack of empirical understanding regarding their 
prevalence and usage patterns in the wild. To address this, the study conducts 
the first empirical study across thousands of real-world contracts. The 
results reveal that these statements are pervasive, appearing even more 
frequently than general-purpose if statements. The analysis further 
demonstrates that developers primarily use these statements to perform seven 
types of authority verification and input validity checks. This study 
establishes an understanding of how developers intend to secure contract 
logic.

The second study investigates the landscape of faults arising from the 
improper use of these state-reverting statements. Although developers rely on 
these statements for security, incorrect implementation results in subtle bugs 
that traditional testing often misses. To understand these failures and 
benchmark detection capabilities, this study constructs the first 
comprehensive dataset of 320 real-world faults, curated from open- source 
project histories and security audit reports. Through manual analysis, the 
study derives a taxonomy of 17 distinct fault types and distills 12 common 
fixing strategies. A subsequent evaluation of 12 state-of-the-art security 
tools against this benchmark reveals an average detection rate of only 14.4%, 
highlighting that existing tools are ineffective at identifying these critical 
logic flaws.

The third study addresses the limitations of existing approaches in 
identifying high- level semantic vulnerabilities, specifically Price 
Manipulation. As indicated by the second study, traditional tools struggle 
with logic flaws because they often lack the ability to interpret complex 
economic context. To bridge this gap, this study proposes PMDetector, a hybrid 
framework designed to proactively detect price manipulation. The framework 
employs a three-stage pipeline to model economic semantics: (1) static taint 
analysis to identify potentially vulnerable paths, (2) a two-stage Large 
Language Model (LLM) analysis to filter effective defenses and simulate 
exploitation, and (3) a final static checker to validate findings. Evaluated 
on 73 vulnerable and 288 benign contracts, PMDetector achieves up to 100% 
precision and 88% recall, with GPT-4o achieving a state-of-the-art F1-score of 
0.91. Furthermore, in a large-scale scan of over 15,000 recently deployed 
contracts, it identified 14 previously unknown vulnerabilities, confirming its 
practical utility in securing the DeFi ecosystem.

In summary, this thesis advances the field of smart contract security by 
bridging the gap between empirical study and automated tool development. By 
characterizing defensive practices and investigating the limitations of 
existing security tools, this work paves the way for more effective detection 
methods. The proposed hybrid framework demonstrates that integrating static 
analysis with the semantic reasoning of LLMs can effectively identify complex 
semantic smart contract vulnerabilities, providing the community with insights 
and tools to safeguard decentralized applications.


Date:                   Thursday, 26 March 2026

Time:                   11:45am - 1:45pm

Venue:                  Room 2132C
                        Lift 22

Chairman:               Dr. Zhihong GUO (CHEM)

Committee Members:      Prof. Shing-Chi CHEUNG (Supervisor)
                        Dr. Yepang LIU (Co-supervisor, SUSTech)
                        Dr. Shuai WANG
                        Prof. Raymond WONG
                        Prof. Allen HUANG (ACCT)
                        Prof. Zibin ZHENG (SYSU)