ACFix: Guiding LLMs With Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts

Smart contracts are susceptible to various security issues, among which access control (AC) vulnerabilities are particularly critical. While existing research has proposed multiple detection tools, automatic and appropriate repair of AC vulnerabilities in smart contracts remains a challenge. Unlike...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on software engineering Vol. 51; no. 9; pp. 2512 - 2532
Main Authors Zhang, Lyuye, Li, Kaixuan, Sun, Kairan, Wu, Daoyuan, Liu, Ye, Tian, Haoye, Liu, Yang
Format Journal Article
LanguageEnglish
Published New York IEEE 01.09.2025
IEEE Computer Society
Subjects
Access control
Benchmark testing
Blockchains
Codes
Contracts
Logic
Maintenance engineering
Natural language processing
program repair
Repair
Smart contract
Smart contracts
software security
Source code
Source coding
Taxonomy
Online AccessGet full text
ISSN0098-5589
1939-3520
DOI10.1109/TSE.2025.3590108

Cover

Abstract Smart contracts are susceptible to various security issues, among which access control (AC) vulnerabilities are particularly critical. While existing research has proposed multiple detection tools, automatic and appropriate repair of AC vulnerabilities in smart contracts remains a challenge. Unlike commonly supported vulnerability types by existing repair tools, such as reentrancy, which are usually fixed by template-based approaches, the main obstacle of repairing AC vulnerabilities lies in identifying the appropriate roles or permissions amid a long list of non-AC-related source code to generate proper patch code, a task that demands human-level intelligence. In this paper, we employ the state-of-the-art GPT-4 model and enhance it with a novel approach called ACFix . The key insight is that we can mine common AC practices for major categories of code functionality and use them to guide LLMs in fixing code with similar functionality. To this end, ACFix involves offline and online phases. In the offline phase, ACFix mines a taxonomy of common Role-based Access Control practices from 344,251 on-chain contracts, categorizing 49 role-permission pairs from the top 1,000 unique samples. In the online phase, ACFix tracks AC-related elements across the contract and uses this context information along with a Chain-of-Thought pipeline to guide LLMs in identifying the most appropriate role-permission pair for the subject contract and subsequently generating a suitable patch. To evaluate ACFix , we built the first benchmark dataset of 118 real-world AC vulnerabilities, and our evaluation revealed that ACFix successfully repaired 94.92% of them, a major improvement compared to the baseline GPT-4 at only 52.54%. We also conducted a human study to understand the value of ACFix 's repairs and their differences from human repairs.
AbstractList Smart contracts are susceptible to various security issues, among which access control (AC) vulnerabilities are particularly critical. While existing research has proposed multiple detection tools, automatic and appropriate repair of AC vulnerabilities in smart contracts remains a challenge. Unlike commonly supported vulnerability types by existing repair tools, such as reentrancy, which are usually fixed by template-based approaches, the main obstacle of repairing AC vulnerabilities lies in identifying the appropriate roles or permissions amid a long list of non-AC-related source code to generate proper patch code, a task that demands human-level intelligence. In this paper, we employ the state-of-the-art GPT-4 model and enhance it with a novel approach called ACFix . The key insight is that we can mine common AC practices for major categories of code functionality and use them to guide LLMs in fixing code with similar functionality. To this end, ACFix involves offline and online phases. In the offline phase, ACFix mines a taxonomy of common Role-based Access Control practices from 344,251 on-chain contracts, categorizing 49 role-permission pairs from the top 1,000 unique samples. In the online phase, ACFix tracks AC-related elements across the contract and uses this context information along with a Chain-of-Thought pipeline to guide LLMs in identifying the most appropriate role-permission pair for the subject contract and subsequently generating a suitable patch. To evaluate ACFix , we built the first benchmark dataset of 118 real-world AC vulnerabilities, and our evaluation revealed that ACFix successfully repaired 94.92% of them, a major improvement compared to the baseline GPT-4 at only 52.54%. We also conducted a human study to understand the value of ACFix 's repairs and their differences from human repairs.
Author Sun, Kairan
Zhang, Lyuye
Liu, Ye
Tian, Haoye
Li, Kaixuan
Liu, Yang
Wu, Daoyuan
Author_xml – sequence: 1
  givenname: Lyuye
  orcidid: 0000-0003-3087-9645
  surname: Zhang
  fullname: Zhang, Lyuye
  organization: College of Computing and Data Science, Nanyang Technological University, Singapore
– sequence: 2
  givenname: Kaixuan
  orcidid: 0000-0002-3517-353X
  surname: Li
  fullname: Li, Kaixuan
  organization: College of Computing and Data Science, Nanyang Technological University, Singapore
– sequence: 3
  givenname: Kairan
  orcidid: 0009-0005-2510-3684
  surname: Sun
  fullname: Sun, Kairan
  organization: College of Computing and Data Science, Nanyang Technological University, Singapore
– sequence: 4
  givenname: Daoyuan
  orcidid: 0000-0002-3752-0718
  surname: Wu
  fullname: Wu, Daoyuan
  email: daoyuanwu@ln.edu.hk
  organization: Department of Computer Science and Engineering, The Hong Kong University of Science and Technology, Hong Kong, SAR, China
– sequence: 5
  givenname: Ye
  orcidid: 0000-0001-6709-3721
  surname: Liu
  fullname: Liu, Ye
  organization: Singapore Management University, Singapore
– sequence: 6
  givenname: Haoye
  orcidid: 0000-0002-8049-3997
  surname: Tian
  fullname: Tian, Haoye
  organization: University of Luxembourg, luxembourg, luxembourg
– sequence: 7
  givenname: Yang
  orcidid: 0000-0001-7300-9215
  surname: Liu
  fullname: Liu, Yang
  organization: College of Computing and Data Science, Nanyang Technological University, Singapore
BookMark eNpFkDtPwzAURi0EEm1hZ2CwxJziR53EbCEqD6kViOcYOc4NuGrtYicCVn45hiAx3eE7371XZ4x2rbOA0BElU0qJPH24n08ZYWLKhSSU5DtoRCWXCReM7KIRITJPhMjlPhqHsCKEiCwTI_RVlBfm4wxf9qYx9gUvFsuAn033ipfGQoNLt9k4i-_OixLfeqU7oyHg1vmY2A4-uqR4Vx7wHWyV8di1uNCRCL-xd2v81K8teFWbtelMrBqL7zfKdwMQF4YDtNeqdYDDvzlBjxfzh_IqWdxcXpfFItFslnWJqps2y2dcSZllkLYUWk1ZqoXMAIhuU6pTRahWIlqY1XlNKW1mWhOQDeOc8Qk6GfZuvXvrIXTVyvXexpMVZ4JxSnlKI0UGSnsXgoe22noTH_6sKKl-TFfRdPVjuvozHSvHQ8UAwD8eo1TkGf8GnyV7uA
CODEN IESEDJ
Cites_doi 10.1109/ICSE48619.2023.00087
10.1109/SP40001.2021.00057
10.1145/3551349.3556956
10.1145/3385412.3385990
10.1109/ICSE48619.2023.00125
10.1145/3243734.3243780
10.1145/3558535.3559780
10.1109/WETSEB.2019.00008
10.1145/3597503.3639117
10.1145/3597926.3598125
10.18653/v1/2024.naacl-long.15
10.1145/3368089.3409757
10.1109/TSE.1984.5010248
10.1109/ICSE48619.2023.00057
10.1145/3213846.3213871
10.14722/ndss.2023.24222
10.1145/3702973
10.1007/s11432-024-4222-0
10.1109/ASE51524.2021.9678597
10.1145/3402450
10.1109/TSE.2022.3156637
10.1145/24039.24041
10.1145/3641846
10.1109/ase56229.2023.00047
10.1145/3318162
10.1109/SP40000.2020.00040
10.1016/s0065-2458(08)60206-5
10.1109/ICSE48619.2023.00129
10.14722/ndss.2018.23082
10.1002/spe.4380250705
10.1145/3533767.3534372
10.1145/3548606.3559342
10.1109/ICSE.2013.6606626
10.1145/3540250.3549098
10.1109/SANER48275.2020.9054825
10.1109/ASE56229.2023.00181
10.1145/3611643.3616271
10.1109/TSE.2021.3123170
10.1145/3274694.3274743
10.1145/3377811.3380364
10.18653/v1/2023.matching-1.7
10.1109/Blockchain62396.2024.00064
10.18653/v1/2024.emnlp-main.992
10.1109/ICSE.2009.5070536
10.1145/2837614.2837617
10.1145/3545948.3545975
10.1145/3611643.3616341
10.1145/2786805.2786811
10.1145/3650212.3680323
10.1109/WPC.1996.501116
10.1109/TSE.2022.3147265
10.1109/ICSE48619.2023.00036
ContentType Journal Article
Copyright Copyright IEEE Computer Society 2025
Copyright_xml – notice: Copyright IEEE Computer Society 2025
DBID 97E
RIA
RIE
AAYXX
CITATION
JQ2
K9.
DOI 10.1109/TSE.2025.3590108
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005–Present
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE Electronic Library (IEL)
CrossRef
ProQuest Computer Science Collection
ProQuest Health & Medical Complete (Alumni)
DatabaseTitle CrossRef
ProQuest Health & Medical Complete (Alumni)
ProQuest Computer Science Collection
DatabaseTitleList
ProQuest Health & Medical Complete (Alumni)
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 1939-3520
EndPage 2532
ExternalDocumentID 10_1109_TSE_2025_3590108
11086587
Genre orig-research
GrantInformation_xml – fundername: National Cybersecurity R&D Programme
  grantid: NCRP25-P04-TAICeN
– fundername: Campus for Research Excellence and Technological Enterprise (CREATE) Programme
– fundername: Academic Research Fund Tier 1
  grantid: RG96/23
– fundername: AI Singapore Programme
  grantid: AISG Award No: AISG2-GC-2023-008-1B
GroupedDBID --Z
-DZ
-~X
.4S
.DC
0R~
29I
3EH
4.4
5GY
5VS
6IK
7WY
7X7
85S
88E
88I
8FE
8FG
8FI
8FJ
8FL
8G5
8R4
8R5
97E
9M8
AAJGR
AASAJ
AAWTH
ABAZT
ABFSI
ABJCF
ABPPZ
ABQJQ
ABUWG
ABVLG
ACGFO
ACGOD
ACIWK
ACNCT
ADBBV
AENEX
AETIX
AFKRA
AGQYO
AGSQL
AHBIQ
AI.
AIBXA
AKJIK
AKQYR
ALLEH
ALMA_UNASSIGNED_HOLDINGS
ARAPS
ARCSS
ASUFR
ATWAV
AZQEC
BEFXN
BENPR
BEZIV
BFFAM
BGLVJ
BGNUA
BKEBE
BKOMP
BPEOZ
BPHCQ
BVXVI
CCPQU
CS3
DU5
DWQXO
E.L
EBS
EDO
EJD
FRNLG
FYUFA
GNUQQ
GROUPED_ABI_INFORM_RESEARCH
GUQSH
HCIFZ
HMCUK
HZ~
H~9
I-F
IBMZZ
ICLAB
IEDLZ
IFIPE
IFJZH
IPLJI
ITG
ITH
JAVBF
K60
K6V
K6~
K7-
L6V
LAI
M0C
M1P
M1Q
M2O
M2P
M43
M7S
MS~
O9-
OCL
OHT
P2P
P62
PHGZM
PHGZT
PJZUB
PPXIY
PQBIZ
PQBZA
PQGLB
PQQKQ
PROAC
PSQYO
PTHSS
PUEGO
Q2X
RIA
RIE
RNI
RNS
RXW
RZB
S10
TAE
TN5
TWZ
UHB
UKHRP
UPT
UQL
VH1
WH7
XOL
YYP
YZZ
ZCG
AAYXX
CITATION
JQ2
K9.
ID FETCH-LOGICAL-c247t-abdf7843a9977e6f1efc126c597ee0cf61c6a01ca50254b8b111d4cc0e9d23323
IEDL.DBID RIE
ISSN 0098-5589
IngestDate Mon Oct 20 00:39:03 EDT 2025
Wed Oct 01 05:17:50 EDT 2025
Wed Oct 01 07:05:09 EDT 2025
IsPeerReviewed true
IsScholarly true
Issue 9
Language English
License https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html
https://doi.org/10.15223/policy-029
https://doi.org/10.15223/policy-037
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c247t-abdf7843a9977e6f1efc126c597ee0cf61c6a01ca50254b8b111d4cc0e9d23323
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0003-3087-9645
0009-0005-2510-3684
0000-0002-8049-3997
0000-0002-3752-0718
0000-0001-7300-9215
0000-0002-3517-353X
0000-0001-6709-3721
PQID 3252311361
PQPubID 21418
PageCount 21
ParticipantIDs proquest_journals_3252311361
crossref_primary_10_1109_TSE_2025_3590108
ieee_primary_11086587
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate 2025-09-01
PublicationDateYYYYMMDD 2025-09-01
PublicationDate_xml – month: 09
  year: 2025
  text: 2025-09-01
  day: 01
PublicationDecade 2020
PublicationPlace New York
PublicationPlace_xml – name: New York
PublicationTitle IEEE transactions on software engineering
PublicationTitleAbbrev TSE
PublicationYear 2025
Publisher IEEE
IEEE Computer Society
Publisher_xml – name: IEEE
– name: IEEE Computer Society
References ref57
ref56
ref59
ref58
ref52
Wood (ref1) 2014
Devlin (ref31) 2019
Wu (ref8) 2021
ref51
ref50
Tian (ref27) 2023
ref46
ref45
ref48
ref42
ref41
Radford (ref32)
ref49
Wang (ref80) 2024
ref7
ref9
ref4
ref3
ref6
ref5
Rodler (ref20) 2021
ref100
(ref73) 2023
Xiao (ref62) 2020
ref34
ref36
ref33
(ref38) 2024
ref39
ref24
ref23
Giesen (ref79) 2022
ref22
ref21
Touvron (ref25) 2023
ref28
Durieux (ref68) 2020
ref29
(ref26) 2023
ref13
ref12
ref15
Yuan (ref55) 2023
ref14
ref97
ref96
ref11
ref99
ref10
ref98
ref17
ref16
ref19
ref18
ref93
ref92
ref95
ref94
(ref72) 2023
ref91
Sun (ref54) 2024
ref90
Wei (ref30) 2022; 35
ref89
ref86
ref85
ref88
Szabo (ref37) 1997
Tikhomirov (ref77) 2018
Du (ref47) 2023
ref82
ref81
Lewis (ref44) 2020
ref84
ref83
ref78
ref75
ref76
Schick (ref43) 2023
ref2
(ref74) 2023
ref71
ref70
ref67
ref64
ref63
ref66
Jiang (ref35) 2023
ref65
David (ref53) 2023
(ref40) 2023
(ref69) 2023
Son (ref87) 2013
ref60
ref61
References_xml – ident: ref70
  article-title: DeFi hack labs
– ident: ref34
  article-title: GPT3.5
– year: 2023
  ident: ref25
  article-title: Llama 2: Open foundation and fine-tuned chat models
– ident: ref9
  doi: 10.1109/ICSE48619.2023.00087
– ident: ref85
  article-title: Quitoxic
– year: 2023
  ident: ref74
  article-title: Medium
– ident: ref15
  doi: 10.1109/SP40001.2021.00057
– ident: ref63
  doi: 10.1145/3551349.3556956
– ident: ref11
  doi: 10.1145/3385412.3385990
– ident: ref100
  doi: 10.1109/ICSE48619.2023.00125
– ident: ref76
  doi: 10.1145/3243734.3243780
– ident: ref2
  doi: 10.1145/3558535.3559780
– ident: ref66
  doi: 10.1109/WETSEB.2019.00008
– ident: ref56
  doi: 10.1145/3597503.3639117
– ident: ref13
  doi: 10.1145/3597926.3598125
– ident: ref52
  article-title: Open card sorting
– ident: ref46
  doi: 10.18653/v1/2024.naacl-long.15
– ident: ref60
  doi: 10.1145/3368089.3409757
– ident: ref58
  doi: 10.1109/TSE.1984.5010248
– ident: ref86
  article-title: Guardian role for ERC20
– ident: ref61
  doi: 10.1109/ICSE48619.2023.00057
– ident: ref94
  doi: 10.1145/3213846.3213871
– ident: ref50
  article-title: Ethereum contracts
– ident: ref64
  doi: 10.14722/ndss.2023.24222
– ident: ref57
  doi: 10.1145/3702973
– ident: ref21
  article-title: Smart contract initialization
– year: 2023
  ident: ref40
  article-title: GYMNetwork attack
– ident: ref48
  doi: 10.1007/s11432-024-4222-0
– ident: ref51
  doi: 10.1109/ASE51524.2021.9678597
– ident: ref17
  doi: 10.1145/3402450
– year: 2019
  ident: ref31
  article-title: Bert: Pre-training of deep bidirectional transformers for language understanding
– ident: ref33
  article-title: ChatGPT
– ident: ref92
  doi: 10.1109/TSE.2022.3156637
– ident: ref84
  article-title: How much does GPT-4 cost?
– year: 2023
  ident: ref69
  article-title: National vulnerability database
– ident: ref65
  doi: 10.1145/24039.24041
– ident: ref36
  article-title: Llama3
– ident: ref78
  doi: 10.1145/3641846
– ident: ref42
  doi: 10.1109/ase56229.2023.00047
– year: 2023
  ident: ref27
  article-title: Is ChatGPT the ultimate programming assistant – How far is it?
– ident: ref49
  doi: 10.1145/3318162
– ident: ref23
  article-title: Unchecked low-level call
– ident: ref7
  doi: 10.1109/SP40000.2020.00040
– ident: ref39
  article-title: OpenZepplin Access Control
– ident: ref24
  doi: 10.1016/s0065-2458(08)60206-5
– ident: ref28
  article-title: ChatGPT hallucination
– start-page: 9
  volume-title: Proc. 1st Int. Workshop Emerg. trends in Softw. Eng. Blockchain
  year: 2018
  ident: ref77
  article-title: SmartCheck: Static analysis of Ethereum smart contracts
– year: 2023
  ident: ref26
  article-title: GPT-4 technical report
– volume-title: Proc. NDSS
  year: 2013
  ident: ref87
  article-title: Fix me up: Repairing access-control bugs in web applications
– ident: ref88
  doi: 10.1109/ICSE48619.2023.00129
– year: 2021
  ident: ref8
  article-title: DeFiRanger: Detecting price manipulation attacks on DeFi applications
– year: 2023
  ident: ref72
  article-title: Blocksec building blockchain security infrastructure
– ident: ref6
  doi: 10.14722/ndss.2018.23082
– ident: ref10
  article-title: Parity wallet attack
– ident: ref67
  doi: 10.1002/spe.4380250705
– ident: ref12
  doi: 10.1145/3533767.3534372
– ident: ref3
  doi: 10.1145/3548606.3559342
– year: 1997
  ident: ref37
  article-title: Smart contracts: Building blocks for digital markets
– ident: ref95
  doi: 10.1109/ICSE.2013.6606626
– ident: ref91
  doi: 10.1145/3540250.3549098
– year: 2023
  ident: ref53
  article-title: Do you still need a manual smart contract audit?
– ident: ref16
  doi: 10.1109/SANER48275.2020.9054825
– ident: ref99
  doi: 10.1109/ASE56229.2023.00181
– ident: ref90
  doi: 10.1145/3611643.3616271
– ident: ref71
  article-title: Tintinweb Vul Dataset
– ident: ref18
  doi: 10.1109/TSE.2021.3123170
– start-page: 1289
  volume-title: Proc. 30th USENIX Secur. Symp. (USENIX Secur.)
  year: 2021
  ident: ref20
  article-title: $\{${EVMPatch$\}$}: Timely and automated patching of Ethereum smart contracts
– start-page: 1165
  volume-title: Proc. 29th USENIX Secur. Symp. (USENIX Secur.)
  year: 2020
  ident: ref62
  article-title: $\{${MVP$\}$}: Detecting vulnerabilities using $\{${patch-enhanced$\}$} vulnerability signatures
– year: 2023
  ident: ref47
  article-title: Improving factuality and reasoning in language models through multiagent debate
– ident: ref82
  article-title: OpenAI Formatting
– year: 2024
  ident: ref38
  article-title: ERC 20
– ident: ref22
  doi: 10.1145/3274694.3274743
– year: 2023
  ident: ref73
  article-title: SlowMist
– start-page: 9459
  volume-title: Proc. NeurIPS
  year: 2020
  ident: ref44
  article-title: Retrieval-augmented generation for knowledge-intensive NLP tasks
– start-page: 530
  volume-title: Proc. ACM/IEEE 42nd Int. Conf. Softw. Eng.
  year: 2020
  ident: ref68
  article-title: Empirical review of automated analysis tools on 47,587 Ethereum smart contracts
  doi: 10.1145/3377811.3380364
– start-page: 2350
  volume-title: Proc. 39th IEEE/ACM Int. Conf. Autom. Softw. Eng.
  year: 2024
  ident: ref80
  article-title: ContractTinker: LLM-empowered vulnerability repair for real-world smart contracts
– start-page: 1
  year: 2014
  ident: ref1
  article-title: Ethereum: A secure decentralised generalised transaction ledger
– ident: ref45
  doi: 10.18653/v1/2023.matching-1.7
– ident: ref81
  doi: 10.1109/Blockchain62396.2024.00064
– year: 2022
  ident: ref79
  article-title: Practical mitigation of smart contract bugs
– year: 2024
  ident: ref54
  article-title: LLM4Vuln: A unified evaluation framework for decoupling and enhancing LLMs’ vulnerability reasoning
– ident: ref29
  doi: 10.18653/v1/2024.emnlp-main.992
– year: 2023
  ident: ref43
  article-title: Toolformer: Language models can teach themselves to use tools
– ident: ref83
  article-title: Etherscan
– volume: 35
  start-page: 24824
  volume-title: Proc. Adv. Neural Inf. Process. Syst.
  year: 2022
  ident: ref30
  article-title: Chain-of-thought prompting elicits reasoning in large language models
– ident: ref98
  doi: 10.1109/ICSE.2009.5070536
– ident: ref97
  doi: 10.1145/2837614.2837617
– ident: ref19
  doi: 10.1145/3545948.3545975
– ident: ref4
  article-title: Solidity
– ident: ref14
  doi: 10.1145/3611643.3616341
– ident: ref75
  article-title: ACFix Website
– ident: ref96
  doi: 10.1145/2786805.2786811
– year: 2023
  ident: ref55
  article-title: No more manual tests? Evaluating and improving ChatGPT for unit test generation
– ident: ref89
  doi: 10.1145/3650212.3680323
– ident: ref59
  doi: 10.1109/WPC.1996.501116
– year: 2023
  ident: ref35
  article-title: Mistral 7b
– ident: ref93
  doi: 10.1109/TSE.2022.3147265
– ident: ref5
  doi: 10.1109/ICSE48619.2023.00036
– ident: ref32
  article-title: Improving language understanding by generative pre-training
– ident: ref41
  article-title: Example address
SSID ssj0005775
ssib053395008
Score 2.480536
Snippet Smart contracts are susceptible to various security issues, among which access control (AC) vulnerabilities are particularly critical. While existing research...
SourceID proquest
crossref
ieee
SourceType Aggregation Database
Index Database
Publisher
StartPage 2512
SubjectTerms Access control
Benchmark testing
Blockchains
Codes
Contracts
Logic
Maintenance engineering
Natural language processing
program repair
Repair
Smart contract
Smart contracts
software security
Source code
Source coding
Taxonomy
Title ACFix: Guiding LLMs With Mined Common RBAC Practices for Context-Aware Repair of Access Control Vulnerabilities in Smart Contracts
URI https://ieeexplore.ieee.org/document/11086587
https://www.proquest.com/docview/3252311361
Volume 51
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVIEE
  databaseName: IEEE Electronic Library (IEL)
  customDbUrl:
  eissn: 1939-3520
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0005775
  issn: 0098-5589
  databaseCode: RIE
  dateStart: 19750101
  isFulltext: true
  titleUrlDefault: https://ieeexplore.ieee.org/
  providerName: IEEE
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LT9wwELYKp17Ko1Td8tAceukhS-LEccItrFgQYlFVoOUWxc5YRKVJtZuIqkd-OWMnERVVpd4iZWJZnrHn--J5MPaRJwXhXh89RWDVi6JQeSkGwuMBWbMSiitXTGdxGZ_dROe34nZIVne5MIjogs9wah_dXX7Z6M7-Kju0IevkMeUaW5NJ3CdrPcdzSCnGAplCJOl4J-mnh9dXJ8QEuZiGNtPSdpL8wwe5pip_ncTOvcw32OU4sT6q5Pu0a9VU_35Rs_G_Z77J3gxAE7LeMrbYK6y32cbYxAGGPf2WPWazefXrCE67yroxuLhYrOBb1d7BggBoCTaDpKnhy3E2g89DStUKCOqCK2xFvDl7KJYIhOSLagmNgcz1YHSvl809fO3ubWVrF4RLtByqGq5-kMH2AjTgaofdzE-uZ2fe0JjB0zySrVeo0sgkCouU0CPGJkCjAx5rIieIvjZxoOPCD2y3BeKfKlF0oJaR1j6mJQ9DHr5j63VT43sGpTCBicrCCFlEnKMqURIFkqGRJM75hH0aVZX_7Otv5I63-GlOas2tWvNBrRO2Y1f-WW5Y9AnbG5WbDzt0lYecKLhtaBN8-Mdnu-y1Hb0PKNtj6-2yw31CIK06cJb3BHeS108
linkProvider IEEE
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LT9wwELYoPbSX0gcVCxTm0AuHLIljx5vewoplaXdXqCwttyh2bDUqTdBuIqoe-8sZO4moiir1FimTxPKMPd8Xz4OQ93SUIe71tScRrHqMhdKLdcA9GqA1Sy6pdMV05otoesU-XvPrLlnd5cJorV3wmR7aS3eWn1eqsb_Kjm3IOnpM8YQ85Ywx3qZrPUR0CMH7Epmcj-L-VNKPj5eXp8gFKR-GNtfS9pL8wwu5tiqP9mLnYCZbZNEPrY0r-T5sajlUv_6q2vjfY39JXnRQE5LWNl6RDV2-Jlt9GwfoVvUb8jsZT4qfH-CsKawjg9lsvoavRf0N5ghBc7A5JFUJn0-SMVx0SVVrQLALrrQVMufkLltpQCyfFSuoDCSuC6O7vapu4EtzY2tbuzBcJOZQlHD5A022FcAXrrfJ1eR0OZ56XWsGT1Emai-TuREjFmYx4kcdmUAbFdBIIT3R2lcmClSU-YHtt4AMVI4kbqk5U8rXcU7DkIZvyWZZlXqHQM5NYFieGS4yRqmWuRZIgkRoBIpTOiBHvarS27YCR-qYix-nqNbUqjXt1Dog23bmH-S6SR-Q_V65abdG12lIkYTbljbB7j8eOyTPpsv5LJ2dLz7tkef2S2142T7ZrFeNfod4pJYHzgrvAeVg2pw
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=ACFix%3A+Guiding+LLMs+With+Mined+Common+RBAC+Practices+for+Context-Aware+Repair+of+Access+Control+Vulnerabilities+in+Smart+Contracts&rft.jtitle=IEEE+transactions+on+software+engineering&rft.au=Zhang%2C+Lyuye&rft.au=Li%2C+Kaixuan&rft.au=Sun%2C+Kairan&rft.au=Wu%2C+Daoyuan&rft.date=2025-09-01&rft.issn=0098-5589&rft.eissn=1939-3520&rft.volume=51&rft.issue=9&rft.spage=2512&rft.epage=2532&rft_id=info:doi/10.1109%2FTSE.2025.3590108&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_TSE_2025_3590108
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0098-5589&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0098-5589&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0098-5589&client=summon