Smart contracts have significantly advanced blockchain technology, and digital signatures are crucial for reliable verification of contract authority. Through signature verification, smart contracts can ensure that signers possess the required permissions, thus enhancing security and scalability. However, lacking checks on signature usage conditions can lead to repeated verifications, increasing the risk of permission abuse and threatening contract assets. We define this issue as the Signature Replay Vulnerability (SRV). In this paper, we conducted the first empirical study to investigate the causes and characteristics of the SRVs. From 1,419 audit reports across 37 blockchain security companies, we identified 108 with detailed SRV descriptions and classified five types of SRVs. To detect these vulnerabilities automatically, we designed LASiR, which utilizes the general semantic understanding ability of Large Language Models (LLMs) to assist in the static taint analysis of the signature state and identify the signature reuse behavior. It also employs path reachability verification via symbolic execution to ensure effective and reliable detection. To evaluate the performance of LASiR, we conducted large-scale experiments on 15,383 contracts involving signature verification, selected from the initial dataset of 918,964 contracts across four blockchains: Ethereum, Binance Smart Chain, Polygon, and Arbitrum. The results indicate that SRVs are widespread, with affected contracts holding $4.76 million in active assets. Among these, 19.63% of contracts that use signatures on Ethereum contain SRVs. Furthermore, manual verification demonstrates that LASiR achieves an F1-score of 87.90% for detection. Ablation studies and comparative experiments reveal that the semantic information provided by LLMs aids static taint analysis, significantly enhancing LASiR's detection performance.

翻译：智能合约极大地推动了区块链技术的发展，而数字签名对于合约权限的可靠验证至关重要。通过签名验证，智能合约能够确保签名者具备所需权限，从而提升安全性与可扩展性。然而，若缺乏对签名使用条件的检查，可能导致重复验证，增加权限滥用风险并威胁合约资产安全。我们将此问题定义为签名重放漏洞。本文首次通过实证研究探讨了签名重放漏洞的成因与特征。通过分析来自37家区块链安全公司的1,419份审计报告，我们识别出108份包含详细签名重放漏洞描述的案例，并将其归纳为五种类型。为实现自动化漏洞检测，我们设计了LASiR系统，该系统利用大语言模型的通用语义理解能力辅助进行签名状态的静态污点分析，以识别签名重用行为；同时结合符号执行进行路径可达性验证，确保检测的有效性与可靠性。为评估LASiR的性能，我们在涉及签名验证的15,383份合约上进行了大规模实验，这些合约选自以太坊、币安智能链、Polygon和Arbitrum四条区块链上总计918,964份合约的初始数据集。实验结果表明，签名重放漏洞普遍存在，受影响合约持有476万美元活跃资产。其中，以太坊上使用签名的合约中有19.63%存在此类漏洞。进一步人工验证显示，LASiR的检测F1分数达到87.90%。消融实验与对比分析表明，大语言模型提供的语义信息有助于静态污点分析，显著提升了LASiR的检测性能。