Smart contracts are self-executing programs that manage financial transactions on blockchain networks. Developers commonly rely on third-party code libraries to improve both efficiency and security. However, improper use of these libraries can introduce hidden vulnerabilities that are difficult to detect, leading to significant financial losses. Existing automated tools struggle to identify such misuse because it often requires understanding the developer's intent rather than simply scanning for known code patterns. This paper presents LibScan, an automated detection framework that combines large language model (LLM)-based semantic reasoning with rule-based code analysis, identifying eight distinct categories of library misuse in smart contracts. To improve detection reliability, the framework incorporates an iterative self-correction mechanism that refines its analysis across multiple rounds, alongside a structured knowledge base derived from large-scale empirical studies of real-world misuse cases. Experiments conducted on 662 real-world smart contracts demonstrate that LibScan achieves an overall detection accuracy of 85.15\%, outperforming existing tools by a margin of over 16 percentage points. Ablation experiments further confirm that combining both analysis approaches yields substantially better results than either method used independently.

翻译：智能合约是在区块链网络上管理金融交易的自执行程序。开发者通常依赖第三方代码库来提高效率和安全性。然而，这些库的不当使用会引入难以检测的隐藏漏洞，导致重大财务损失。现有自动化工具难以识别此类误用，因为这通常需要理解开发者的意图，而非简单扫描已知代码模式。本文提出LibScan——一种结合基于大语言模型（LLM）的语义推理与基于规则的代码分析的自动化检测框架，可识别智能合约中八类不同的库误用情况。为提高检测可靠性，该框架集成了迭代自校正机制，能在多轮分析中优化结果，同时结合了基于大规模真实误用案例实证研究构建的结构化知识库。在662个真实智能合约上的实验表明，LibScan实现了85.15%的整体检测准确率，比现有工具高出超过16个百分点。消融实验进一步证实，将两种分析方法结合使用比单独使用任一方法能获得更优结果。