As the Ethereum platform continues to mature and gain widespread usage, it is crucial to maintain high standards of smart contract writing practices. While bad practices in smart contracts may not directly lead to security issues, they elevate the risk of encountering problems. Therefore, to understand and avoid these bad practices, this paper introduces the first systematic study of bad practices in smart contracts, delving into over 47 specific issues. Specifically, we propose SCALM, an LLM-powered framework featuring two methodological innovations: (1) A hybrid architecture that combines context-aware function-level slicing with knowledge-enhanced semantic reasoning via extensible vectorized pattern matching. (2) A multi-layer reasoning verification system connects low-level code patterns with high-level security principles through syntax, design patterns, and architecture analysis. Our extensive experiments using multiple LLMs and datasets have shown that SCALM outperforms existing tools in detecting bad practices in smart contracts.
翻译:随着以太坊平台日益成熟并广泛应用,维持高标准的智能合约编写实践至关重要。虽然智能合约中的不良实践可能不会直接导致安全问题,但它们会增加遭遇问题的风险。因此,为理解和避免这些不良实践,本文首次对智能合约不良实践展开系统性研究,深入探讨了超过47个具体问题。具体而言,我们提出了SCALM——一个基于LLM的框架,具备两项方法论创新:(1)通过可扩展向量化模式匹配,将上下文感知的函数级切片与知识增强的语义推理相结合的混合架构。(2)多层推理验证系统,通过语法、设计模式和架构分析,将底层代码模式与高层安全原则相连接。我们使用多个LLM和数据集进行的广泛实验表明,SCALM在检测智能合约不良实践方面优于现有工具。