Business logic vulnerabilities have become one of the most damaging yet least understood classes of smart contract vulnerabilities. Unlike traditional bugs such as reentrancy or arithmetic errors, these vulnerabilities arise from missing or incorrectly enforced business invariants and are tightly coupled with protocol semantics. Existing static analysis techniques struggle to capture such high-level logic, while recent large language model based approaches often suffer from unstable outputs and low accuracy due to hallucination and limited verification. In this paper, we propose LogicScan, an automated contrastive auditing framework for detecting business logic vulnerabilities in smart contracts. The key insight behind LogicScan is that mature, widely deployed on-chain protocols implicitly encode well-tested and consensus-driven business invariants. LogicScan systematically mines these invariants from large-scale on-chain contracts and reuses them as reference constraints to audit target contracts. To achieve this, LogicScan introduces a Business Specification Language (BSL) to normalize diverse implementation patterns into structured, verifiable logic representations. It further combines noise-aware logic aggregation with contrastive auditing to identify missing or weakly enforced invariants while mitigating LLM-induced false positives. We evaluate LogicScan on three real-world datasets, including DeFiHacks, Web3Bugs, and a set of top-200 audited contracts. The results show that LogicScan achieves an F1 score of 85.2%, significantly outperforming state-of-the-art tools while maintaining a low false-positive rate on production-grade contracts. Additional experiments demonstrate that LogicScan maintains consistent performance across different LLMs and is cost-effective, and that its false-positive suppression mechanisms substantially improve robustness.

翻译：业务逻辑漏洞已成为智能合约中危害最大却最不为人理解的一类漏洞。与重入或算术错误等传统缺陷不同，这类漏洞源于业务不变量的缺失或错误执行，且与协议语义紧密耦合。现有静态分析技术难以捕捉此类高层逻辑，而近期基于大语言模型的方法常因幻觉问题和有限验证能力导致输出不稳定且准确率低下。本文提出LogicScan——一种用于检测智能合约业务逻辑漏洞的自动化对比审计框架。其核心洞见在于：成熟且广泛部署的链上协议隐式编码了经过充分测试且达成共识的业务不变量。LogicScan系统性地从大规模链上合约中挖掘这些不变量，并将其复用为参考约束来审计目标合约。为实现这一目标，LogicScan引入业务规约语言（BSL），将多样化的实现模式规范化为结构化、可验证的逻辑表示。该框架进一步结合噪声感知逻辑聚合与对比审计技术，在识别缺失或弱执行不变量的同时，有效缓解大语言模型引发的误报。我们在三个真实数据集（包括DeFiHacks、Web3Bugs以及一组经审计的前200名合约）上评估LogicScan。实验结果表明，LogicScan的F1分数达到85.2%，显著优于现有最优工具，并在生产级合约上保持较低的误报率。补充实验证明：LogicScan在不同大语言模型下均保持稳定性能，具备良好的成本效益，且其误报抑制机制显著提升了框架的鲁棒性。