Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logical flaws arising from defective business logic. This paper introduces SmartGraphical, a novel security framework specifically engineered to identify logical attack surfaces. By synthesizing automated static analysis with an interactive graphical representation of contract architectures, SmartGraphical facilitates a comprehensive inspection of a contract's functional control flow. To mitigate the context-dependent nature of logical bugs, the tool adopts a human-in-the-loop approach, empowering developers to interpret heuristic warnings within a visualized structural context. The efficacy of SmartGraphical was validated through a rigorous empirical evaluation involving a large dataset of real-world contracts and a large-scale user study with 100 developers of varying expertise. Furthermore, the framework's performance was demonstrated through case studies on high-profile exploits, such as the SYFI rebase failure and farming protocol flash swap attacks, proving that SmartGraphical identifies intricate vulnerabilities that elude state-of-the-art automated detectors. Our findings indicate that this hybrid methodology significantly enhances the interpretability and detection rate of non-trivial logical security threats in smart contracts.

翻译：智能合约是区块链生态系统的核心组件，但其固有漏洞导致安全性始终是严峻挑战。现有检测方法主要面向语法层面（如重入攻击与算术错误检测），往往忽视由业务逻辑缺陷引发的逻辑漏洞。本文提出SmartGraphical——一种专门用于识别逻辑攻击面的新型安全框架。该框架通过融合自动化静态分析与合约架构交互式图形化表示，实现对合约功能控制流的全面审查。为应对逻辑漏洞的上下文依赖性特征，该工具采用人机协同方法，使开发者能够在可视化结构上下文中解读启发式告警。通过包含大规模真实合约数据集和100名不同经验水平开发者的用户研究，我们进行了严格的实证验证。此外，案例研究（如SYFI再平衡失败事件与农耕协议闪电贷攻击）展示了该框架的性能，证实SmartGraphical能识别现有顶级自动化检测器难以发现的复杂漏洞。研究结果表明，该混合方法显著提升了对智能合约中非平凡逻辑安全威胁的可解释性与检测率。