This work addresses the critical issue of access control vulnerabilities in NFT smart contracts, which are frequently exploited and lead to substantial financial losses. To enhance detection accuracy and scalability, the study introduces multi-view learning—an approach previously unexplored in this domain—by integrating static analysis with dual code representations derived from execution path sequences and control flow graph structures. These complementary views are unified into a cohesive code embedding, enabling fine-grained identification of three distinct categories of permission-related vulnerabilities through multi-view similarity analysis. Evaluated on 795 prominent NFT projects, the method uncovered 241 real-world vulnerabilities, achieving a manual verification accuracy of 97.92% and an F1 score of 81.09%, thereby significantly advancing the precision, efficiency, and scalability of vulnerability detection in NFT smart contracts.

Permission control vulnerabilities in Non-fungible token (NFT) contracts can result in significant financial losses, as attackers may exploit these weaknesses to gain unauthorized access or circumvent critical permission checks. In this paper, we propose NFTDELTA, a framework that leverages static analysis and multi-view learning to detect permission control vulnerabilities in NFT contracts. Specifically, we extract comprehensive function Control Flow Graph (CFG) information via two views: sequence features (representing execution paths) and graph features (capturing structural control flow). These two views are then integrated to create a unified code representation. We also define three specific categories of permission control vulnerabilities and employ a custom detector to identify defects through multi-view feature similarity analysis. Our evaluation of 795 popular NFT collections identified 241 confirmed permission control vulnerabilities, comprising 214 cases of Bypass Auth Reentrancy, 15 of Weak Auth Validation, and 12 of Loose Permission Management. Manual verification demonstrates the detector's high reliability, achieving an average precision of 97.92% and an F1-score of 81.09%. Furthermore, NFTDELTA demonstrates enhanced efficiency and scalability, proving its effectiveness in securing NFT ecosystems.