This paper presents the first systematic empirical study of Signature Replay Vulnerabilities (SRVs) in smart contracts—security flaws arising from insufficient contextual constraints on digital signatures, enabling unauthorized privilege escalation. To address this, the authors analyze 1,419 professional security audit reports to categorize five distinct SRV patterns. They then propose LASiR, a novel detection framework integrating large language model–enhanced static taint analysis, symbolic execution, and path-reachability verification to precisely identify signature state contamination and illicit reuse. Evaluated on 15,383 real-world Ethereum smart contracts featuring signature verification, LASiR detects SRVs in 19.63% of them—impacting $4.76M in actively deployed assets. The framework achieves an F1-score of 87.90%, significantly improving both accuracy and reliability over prior approaches. This work advances smart contract security by establishing the first taxonomy of SRVs and delivering a robust, scalable, and empirically validated detection methodology.

Smart contracts have significantly advanced blockchain technology, and digital signatures are crucial for reliable verification of contract authority. Through signature verification, smart contracts can ensure that signers possess the required permissions, thus enhancing security and scalability. However, lacking checks on signature usage conditions can lead to repeated verifications, increasing the risk of permission abuse and threatening contract assets. We define this issue as the Signature Replay Vulnerability (SRV). In this paper, we conducted the first empirical study to investigate the causes and characteristics of the SRVs. From 1,419 audit reports across 37 blockchain security companies, we identified 108 with detailed SRV descriptions and classified five types of SRVs. To detect these vulnerabilities automatically, we designed LASiR, which utilizes the general semantic understanding ability of Large Language Models (LLMs) to assist in the static taint analysis of the signature state and identify the signature reuse behavior. It also employs path reachability verification via symbolic execution to ensure effective and reliable detection. To evaluate the performance of LASiR, we conducted large-scale experiments on 15,383 contracts involving signature verification, selected from the initial dataset of 918,964 contracts across four blockchains: Ethereum, Binance Smart Chain, Polygon, and Arbitrum. The results indicate that SRVs are widespread, with affected contracts holding $4.76 million in active assets. Among these, 19.63% of contracts that use signatures on Ethereum contain SRVs. Furthermore, manual verification demonstrates that LASiR achieves an F1-score of 87.90% for detection. Ablation studies and comparative experiments reveal that the semantic information provided by LLMs aids static taint analysis, significantly enhancing LASiR's detection performance.