Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logical flaws arising from defective business logic. This paper introduces SmartGraphical, a novel security framework specifically engineered to identify logical attack surfaces. By synthesizing automated static analysis with an interactive graphical representation of contract architectures, SmartGraphical facilitates a comprehensive inspection of a contract's functional control flow. To mitigate the context-dependent nature of logical bugs, the tool adopts a human-in-the-loop approach, empowering developers to interpret heuristic warnings within a visualized structural context. The efficacy of SmartGraphical was validated through a rigorous empirical evaluation involving a large dataset of real-world contracts and a large-scale user study with 100 developers of varying expertise. Furthermore, the framework's performance was demonstrated through case studies on high-profile exploits, such as the SYFI rebase failure and farming protocol flash swap attacks, proving that SmartGraphical identifies intricate vulnerabilities that elude state-of-the-art automated detectors. Our findings indicate that this hybrid methodology significantly enhances the interpretability and detection rate of non-trivial logical security threats in smart contracts.

翻译：智能合约是区块链生态系统的核心组件，然而其固有的安全漏洞仍是关键隐患。现有检测方法主要面向语法层面，针对重入和算术错误，却常常忽视由业务逻辑缺陷引发的逻辑性漏洞。本文提出SmartGraphical，一种专门用于识别逻辑攻击面的新型安全框架。该框架通过将自动化静态分析与合约架构的交互式图形化表示相结合，实现对合约功能控制流的全面审查。为应对逻辑漏洞的上下文依赖性，该工具采用人机协同方法，使开发者能够在可视化的结构上下文中解读启发式告警。通过对大规模真实合约数据集的严格实证评估，以及涵盖100名不同专业水平开发者的大规模用户研究，验证了SmartGraphical的有效性。此外，通过对SYFI重定基失败和闪电兑换攻击等高关注度漏洞事件的案例研究，证明了本框架能够识别当前最先进自动化检测器所遗漏的复杂漏洞。我们的研究结果表明，这种混合方法显著提升了智能合约中非平凡逻辑安全威胁的可解释性与检测率。