Upgradeable smart contracts (USCs) have been widely adopted to enable modifying deployed smart contracts. While USCs bring great flexibility to developers, improper usage might introduce new security issues, potentially allowing attackers to hijack USCs and their users. In this paper, we conduct a large-scale measurement study to characterize USCs and their security implications in the wild. We summarize six commonly used USC patterns and develop a tool, USCDetector, to identify USCs without needing source code. Particularly, USCDetector collects various information such as bytecode and transaction information to construct upgrade chains for USCs and disclose potentially vulnerable ones. We evaluate USCDetector using verified smart contracts (i.e., with source code) as ground truth and show that USCDetector can achieve high accuracy with a precision of 96.26%. We then use USCDetector to conduct a large-scale study on Ethereum, covering a total of 60,251,064 smart contracts. USCDetecor constructs 10,218 upgrade chains and discloses multiple real-world USCs with potential security issues.

翻译：可升级智能合约（USC）已被广泛采用以实现对已部署智能合约的修改。尽管USC为开发者带来了极大的灵活性，但不当使用可能引入新的安全问题，使攻击者有机可乘劫持USC及其用户。本文开展大规模测量研究，对实际环境中的USC及其安全影响进行系统表征。我们归纳了六种常用USC模式，并开发了无需源代码即可识别USC的工具USCDetector。特别地，USCDetector通过收集字节码、交易信息等多维数据构建USC升级链，进而揭示存在潜在漏洞的合约。我们以经过验证的智能合约（即包含源代码）作为基准进行评估，结果表明USCDetector可达到96.26%的高精度。基于此，我们利用USCDetector对以太坊上总计60,251,064个智能合约开展大规模研究，成功构建10,218条升级链，并揭露了多个存在潜在安全问题的真实USC实例。