Large language models (LLMs) have been widely adopted in modern software development lifecycles, where they are increasingly used to automate and assist code generation, significantly improving developer productivity and reducing development time. In the blockchain domain, developers increasingly rely on LLMs to generate and maintain smart contracts, the immutable, self-executing components of decentralized applications. Because deployed smart contracts cannot be modified, correctness and security are paramount, particularly in high-stakes domains such as finance and governance. Despite this growing reliance, the security implications of LLM-generated smart contracts remain insufficiently understood. In this work, we conduct a systematic security analysis of Solidity smart contracts generated by state-of-the-art LLMs, including ChatGPT, Gemini, and Sonnet. We evaluate these contracts against a broad set of known smart contract vulnerabilities to assess their suitability for direct deployment in production environments. Our extensive experimental study shows that, despite their syntactic correctness and functional completeness, LLM-generated smart contracts frequently exhibit severe security flaws that could be exploited in real-world settings. We further analyze and categorize these vulnerabilities, identifying recurring weakness patterns across different models. Finally, we discuss practical countermeasures and development guidelines to help mitigate these risks, offering actionable insights for both developers and researchers. Our findings aim to support safe integration of LLMs into smart contract development workflows and to strengthen the overall security of the blockchain ecosystem against future security failures.

翻译：大型语言模型（LLM）在现代软件开发生命周期中已被广泛采用，越来越多地用于自动化和辅助代码生成，显著提升了开发者的生产力并缩短了开发时间。在区块链领域，开发者日益依赖LLM来生成和维护智能合约——这些去中心化应用中不可变且自动执行的组件。由于已部署的智能合约无法修改，其正确性与安全性至关重要，尤其是在金融和治理等高风险领域。尽管依赖度不断增长，但LLM生成的智能合约所带来的安全影响仍未得到充分理解。本研究对由前沿LLM（包括ChatGPT、Gemini和Sonnet）生成的Solidity智能合约进行了系统性安全分析。我们针对一系列已知的智能合约漏洞评估了这些合约，以判断其是否适合直接部署至生产环境。我们的大规模实验研究表明：尽管LLM生成的智能合约在语法正确性和功能完整性上表现良好，却频繁出现可能在实际场景中被利用的严重安全缺陷。我们进一步对这些漏洞进行了分析和分类，识别出不同模型间反复出现的缺陷模式。最后，我们探讨了实用的防护措施和开发指南以帮助降低相关风险，为开发者和研究人员提供了可操作的见解。本研究旨在支持LLM在智能合约开发流程中的安全整合，并增强区块链生态系统应对未来安全故障的整体防护能力。