In the case of upgrading smart contracts on blockchain systems, it is essential to consider the continuity of upgrade and subsequent maintenance. In practice, upgrade operations often introduce new vulnerabilities. To address this, we propose an Upgradable Smart Contract Security Analyzer, USCSA, which evaluates the risks associated with the upgrade process using the Abstract Syntax Tree (AST) differential analysis. We collected and analyzed 3,546 cases of vulnerabilities in upgradable contracts,covering common vulnerability categories such as reentrancy, access control flaws, and integer overflow. Experimental results show that USCSA achieves an accuracy of 92.3%, recall of 89.7%, and F1-score of 91.0% in detecting upgrade-induced vulnerabilities. In addition, the efficiency of mapping high-risk changes has achieved a 30% improvement over the conventional approach. As a result, USCSA provides a significant advantage to improve the security and integrity of upgradable smart contracts, providing a novel and efficient solution to secure audits on blockchain applications.

翻译：在区块链系统中升级智能合约时，必须考虑升级的连续性及后续维护。实践中，升级操作常引入新的安全漏洞。为此，我们提出一种可升级智能合约安全分析器USCSA，其利用抽象语法树差异分析来评估升级过程相关的风险。我们收集并分析了3,546例可升级合约中的漏洞案例，涵盖重入、访问控制缺陷、整数溢出等常见漏洞类型。实验结果表明，USCSA在检测升级引发的漏洞方面达到了92.3%的准确率、89.7%的召回率以及91.0%的F1分数。此外，映射高风险变更的效率较传统方法提升了30%。因此，USCSA为提升可升级智能合约的安全性与完整性提供了显著优势，为区块链应用的安全审计提供了一种新颖高效的解决方案。