{"id":"https://openalex.org/W4412567570","doi":"https://doi.org/10.1109/tse.2025.3590108","title":"ACFix: Guiding LLMs With Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts","display_name":"ACFix: Guiding LLMs With Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts","publication_year":2025,"publication_date":"2025-07-22","ids":{"openalex":"https://openalex.org/W4412567570","doi":"https://doi.org/10.1109/tse.2025.3590108"},"language":"en","primary_location":{"id":"doi:10.1109/tse.2025.3590108","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2025.3590108","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5047814742","display_name":"Lyuye Zhang","orcid":"https://orcid.org/0000-0003-3087-9645"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Lyuye Zhang","raw_affiliation_strings":["College of Computing and Data Science, Nanyang Technological University, Singapore","College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0003-3087-9645","affiliations":[{"raw_affiliation_string":"College of Computing and Data Science, Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]},{"raw_affiliation_string":"College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100713124","display_name":"Kaixuan Li","orcid":"https://orcid.org/0000-0002-3517-353X"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Kaixuan Li","raw_affiliation_strings":["College of Computing and Data Science, Nanyang Technological University, Singapore","College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-3517-353X","affiliations":[{"raw_affiliation_string":"College of Computing and Data Science, Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]},{"raw_affiliation_string":"College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5104386539","display_name":"Kairan Sun","orcid":"https://orcid.org/0009-0005-2510-3684"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Kairan Sun","raw_affiliation_strings":["College of Computing and Data Science, Nanyang Technological University, Singapore","College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0009-0005-2510-3684","affiliations":[{"raw_affiliation_string":"College of Computing and Data Science, Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]},{"raw_affiliation_string":"College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090738033","display_name":"Daoyuan Wu","orcid":null},"institutions":[{"id":"https://openalex.org/I200769079","display_name":"Hong Kong University of Science and Technology","ror":"https://ror.org/00q4vv597","country_code":"HK","type":"education","lineage":["https://openalex.org/I200769079"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Daoyuan Wu","raw_affiliation_strings":["Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Hong Kong, SAR, China","Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Hong Kong SAR, China"],"raw_orcid":"https://orcid.org/0000-0002-3752-0718","affiliations":[{"raw_affiliation_string":"Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Hong Kong, SAR, China","institution_ids":["https://openalex.org/I200769079"]},{"raw_affiliation_string":"Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Hong Kong SAR, China","institution_ids":["https://openalex.org/I200769079"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100346528","display_name":"Ye Liu","orcid":"https://orcid.org/0000-0001-6709-3721"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]},{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Ye Liu","raw_affiliation_strings":["College of Computing and Data Science, Nanyang Technological University, Singapore","Singapore Management University, Singapore","Singapore Management University"],"raw_orcid":"https://orcid.org/0000-0001-6709-3721","affiliations":[{"raw_affiliation_string":"College of Computing and Data Science, Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]},{"raw_affiliation_string":"Singapore Management University, Singapore","institution_ids":["https://openalex.org/I79891267"]},{"raw_affiliation_string":"Singapore Management University","institution_ids":["https://openalex.org/I79891267"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101397373","display_name":"Haoye Tian","orcid":"https://orcid.org/0000-0002-8049-3997"},"institutions":[{"id":"https://openalex.org/I186903577","display_name":"University of Luxembourg","ror":"https://ror.org/036x5ad56","country_code":"LU","type":"education","lineage":["https://openalex.org/I186903577"]}],"countries":["LU"],"is_corresponding":false,"raw_author_name":"Haoye Tian","raw_affiliation_strings":["University of Luxembourg, luxembourg, luxembourg","University of Luxembourg"],"raw_orcid":"https://orcid.org/0000-0002-8049-3997","affiliations":[{"raw_affiliation_string":"University of Luxembourg, luxembourg, luxembourg","institution_ids":["https://openalex.org/I186903577"]},{"raw_affiliation_string":"University of Luxembourg","institution_ids":["https://openalex.org/I186903577"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100355692","display_name":"Yang Liu","orcid":"https://orcid.org/0000-0001-7300-9215"},"institutions":[{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]},{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yang Liu","raw_affiliation_strings":["College of Computing and Data Science, Nanyang Technological University, Singapore","Singapore Management University, Singapore","College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-7300-9215","affiliations":[{"raw_affiliation_string":"College of Computing and Data Science, Nanyang Technological University, Singapore","institution_ids":["https://openalex.org/I172675005"]},{"raw_affiliation_string":"Singapore Management University, Singapore","institution_ids":["https://openalex.org/I79891267"]},{"raw_affiliation_string":"College of Computing and Data Science, Nanyang Technological University, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":7,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":23.5893,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.99372575,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":"51","issue":"9","first_page":"2512","last_page":"2532"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10270","display_name":"Blockchain Technology Applications and Security","score":0.9728000164031982,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10270","display_name":"Blockchain Technology Applications and Security","score":0.9728000164031982,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9156000018119812,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/role-based-access-control","display_name":"Role-based access control","score":0.8661780953407288},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7377074956893921},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7058168649673462},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.6932194828987122},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.6804578304290771},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.4439909756183624},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.3511947989463806},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.3426465094089508},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.13781526684761047}],"concepts":[{"id":"https://openalex.org/C45567728","wikidata":"https://www.wikidata.org/wiki/Q1702839","display_name":"Role-based access control","level":3,"score":0.8661780953407288},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7377074956893921},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7058168649673462},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.6932194828987122},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.6804578304290771},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.4439909756183624},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.3511947989463806},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.3426465094089508},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.13781526684761047},{"id":"https://openalex.org/C151730666","wikidata":"https://www.wikidata.org/wiki/Q7205","display_name":"Paleontology","level":1,"score":0.0},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/tse.2025.3590108","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tse.2025.3590108","pdf_url":null,"source":{"id":"https://openalex.org/S8351582","display_name":"IEEE Transactions on Software Engineering","issn_l":"0098-5589","issn":["0098-5589","1939-3520","2326-3881"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Software Engineering","raw_type":"journal-article"},{"id":"pmh:oai:repository.hkust.edu.hk:1783.1-165217","is_oa":false,"landing_page_url":"http://repository.hkust.edu.hk/ir/Record/1783.1-165217","pdf_url":null,"source":{"id":"https://openalex.org/S4306401796","display_name":"Rare & Special e-Zone (The Hong Kong University of Science and Technology)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I200769079","host_organization_name":"Hong Kong University of Science and Technology","host_organization_lineage":["https://openalex.org/I200769079"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":52,"referenced_works":["https://openalex.org/W1594706025","https://openalex.org/W2018951244","https://openalex.org/W2060333670","https://openalex.org/W2122947685","https://openalex.org/W2143177356","https://openalex.org/W2144344516","https://openalex.org/W2274071363","https://openalex.org/W2293624369","https://openalex.org/W2790202156","https://openalex.org/W2805052744","https://openalex.org/W2867448323","https://openalex.org/W2963610883","https://openalex.org/W2970809537","https://openalex.org/W2982275082","https://openalex.org/W2998011150","https://openalex.org/W3014792488","https://openalex.org/W3016124762","https://openalex.org/W3034136313","https://openalex.org/W3091512861","https://openalex.org/W3094130708","https://openalex.org/W3098557859","https://openalex.org/W3134196592","https://openalex.org/W3155100939","https://openalex.org/W3156480510","https://openalex.org/W3194076087","https://openalex.org/W3210206069","https://openalex.org/W3213446005","https://openalex.org/W4255632703","https://openalex.org/W4285490412","https://openalex.org/W4306406277","https://openalex.org/W4308641648","https://openalex.org/W4313563521","https://openalex.org/W4321524221","https://openalex.org/W4384154487","https://openalex.org/W4384302861","https://openalex.org/W4384302865","https://openalex.org/W4384304728","https://openalex.org/W4384345708","https://openalex.org/W4384345844","https://openalex.org/W4385734218","https://openalex.org/W4386436496","https://openalex.org/W4388483128","https://openalex.org/W4388483599","https://openalex.org/W4389161628","https://openalex.org/W4391653691","https://openalex.org/W4394769342","https://openalex.org/W4401042992","https://openalex.org/W4402457546","https://openalex.org/W4402595051","https://openalex.org/W4404060141","https://openalex.org/W4404782209","https://openalex.org/W4406800520"],"related_works":["https://openalex.org/W2372156812","https://openalex.org/W2374393728","https://openalex.org/W2386545329","https://openalex.org/W2945232779","https://openalex.org/W2382286253","https://openalex.org/W2356011375","https://openalex.org/W2392979115","https://openalex.org/W1969771171","https://openalex.org/W2370002471","https://openalex.org/W2148952798"],"abstract_inverted_index":{"Smart":[0],"contracts":[1,34],"are":[2,14,51],"susceptible":[3],"to":[4,80,131,198,247,260],"various":[5],"security":[6],"issues,":[7],"among":[8],"which":[9,50],"access":[10],"control":[11],"(AC)":[12],"vulnerabilities":[13,31,63],"particularly":[15],"critical.":[16],"While":[17],"existing":[18,44],"research":[19],"has":[20],"proposed":[21],"multiple":[22],"detection":[23],"tools,":[24,46],"automatic":[25],"and":[26,102,128,146,188,212,232,267],"appropriate":[27,68,205],"repair":[28,45],"of":[29,60,76,125,157,227,241,264],"AC":[30,62,120,230],"in":[32,65,134,201],"smart":[33],"remains":[35],"a":[36,73,85,106,155,195,215,243,257],"challenge.":[37],"Unlike":[38],"commonly":[39],"supported":[40],"vulnerability":[41],"types":[42],"by":[43,54],"such":[47],"as":[48],"reentrancy,":[49],"usually":[52],"fixed":[53],"template-based":[55],"approaches,":[56],"the":[57,67,98,150,172,178,186,203,209,223,248,262],"main":[58],"obstacle":[59],"repairing":[61],"lies":[64],"identifying":[66,202],"roles":[69],"or":[70],"permissions":[71],"amid":[72],"long":[74],"list":[75],"non-AC-related":[77],"source":[78],"code":[79,126,136],"generate":[81],"proper":[82],"patch":[83],"code,":[84],"task":[86],"that":[87,115,236],"demands":[88],"human-level":[89],"intelligence.":[90],"<p":[91],"xmlns:mml=\"http://www.w3.org/1998/Math/MathML\"":[92],"xmlns:xlink=\"http://www.w3.org/1999/xlink\">In":[93],"this":[94,141,190],"paper,":[95],"we":[96,116,221],"employ":[97],"state-of-the-art":[99],"GPT-4":[100,250],"model":[101],"enhance":[103],"it":[104],"with":[105,137,194],"novel":[107],"approach":[108],"called":[109],"ACFIX.":[110],"The":[111],"key":[112],"insight":[113],"is":[114],"can":[117],"mine":[118],"common":[119,158],"practices":[121,162],"for":[122,208],"major":[123,244],"categories":[124],"functionality":[127],"use":[129],"them":[130],"guide":[132,199],"LLMs":[133,200],"fixing":[135],"similar":[138],"functionality.":[139],"To":[140,218],"end,":[142],"ACFIX":[143,153,181,237],"involves":[144],"offline":[145,151],"online":[147,179],"phases.":[148],"In":[149,177],"phase,":[152,180],"mines":[154],"taxonomy":[156],"Role-based":[159],"Access":[160],"Control":[161],"from":[163,171,270],"344,251":[164],"on-chain":[165],"contracts,":[166],"categorizing":[167],"49":[168],"role-permission":[169,206],"pairs":[170],"top":[173],"1,000":[174],"unique":[175],"samples.":[176],"tracks":[182],"AC-related":[183],"elements":[184],"across":[185],"contract":[187,211],"uses":[189],"context":[191],"information":[192],"along":[193],"Chain-of-Thought":[196],"pipeline":[197],"most":[204],"pair":[207],"subject":[210],"subsequently":[213],"generating":[214],"suitable":[216],"patch.":[217],"evaluate":[219],"ACFIX,":[220],"built":[222],"first":[224],"benchmark":[225],"dataset":[226],"118":[228],"real-world":[229],"vulnerabilities,":[231],"our":[233],"evaluation":[234],"revealed":[235],"successfully":[238],"repaired":[239],"94.92%":[240],"them,":[242],"improvement":[245],"compared":[246],"baseline":[249],"at":[251],"only":[252],"52.54%.":[253],"We":[254],"also":[255],"conducted":[256],"human":[258,271],"study":[259],"understand":[261],"value":[263],"ACFIX\u2019s":[265],"repairs":[266],"their":[268],"differences":[269],"repairs.":[272]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":7}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}