Smart contracts play a significant role in automating blockchain services. Nevertheless, vulnerabilities in smart contracts pose serious threats to blockchain security. Currently, traditional detection methods primarily rely on static analysis and formal verification, which can result in high false-positive rates and poor scalability. Large Language Models (LLMs) have recently made significant progress in smart contract vulnerability detection. However, they still face challenges such as high inference costs and substantial computational overhead. In this paper, we propose ParaVul, a parallel LLM and retrieval-augmented framework to improve the reliability and accuracy of smart contract vulnerability detection. Specifically, we first develop Sparse Low-Rank Adaptation (SLoRA) for LLM fine-tuning. SLoRA introduces sparsification by incorporating a sparse matrix into quantized LoRA-based LLMs, thereby reducing computational overhead and resource requirements while enhancing their ability to understand vulnerability-related issues. We then construct a vulnerability contract dataset and develop a hybrid Retrieval-Augmented Generation (RAG) system that integrates dense retrieval with Best Matching 25 (BM25), assisting in verifying the results generated by the LLM. Furthermore, we propose a meta-learning model to fuse the outputs of the RAG system and the LLM, thereby generating the final detection results. After completing vulnerability detection, we design chain-of-thought prompts to guide LLMs to generate comprehensive vulnerability detection reports. Simulation results demonstrate the superiority of ParaVul, especially in terms of F1 scores, achieving 0.9398 for single-label detection and 0.9330 for multi-label detection.

翻译：智能合约在自动化区块链服务中扮演着重要角色。然而，智能合约中的漏洞对区块链安全构成严重威胁。目前，传统的检测方法主要依赖静态分析和形式化验证，这可能导致高误报率和较差的可扩展性。大语言模型（LLMs）最近在智能合约漏洞检测方面取得了显著进展，但仍面临推理成本高和计算开销大等挑战。本文提出ParaVul，一种并行LLM与检索增强框架，旨在提高智能合约漏洞检测的可靠性和准确性。具体而言，我们首先为LLM微调开发了稀疏低秩自适应（SLoRA）。SLoRA通过在量化的基于LoRA的LLMs中引入稀疏矩阵来实现稀疏化，从而在降低计算开销和资源需求的同时，增强其理解漏洞相关问题的能力。随后，我们构建了一个漏洞合约数据集，并开发了一个混合检索增强生成（RAG）系统，该系统将稠密检索与最佳匹配25（BM25）相结合，以辅助验证LLM生成的结果。此外，我们提出一个元学习模型来融合RAG系统和LLM的输出，从而生成最终的检测结果。完成漏洞检测后，我们设计思维链提示来引导LLMs生成全面的漏洞检测报告。仿真结果证明了ParaVul的优越性，特别是在F1分数方面，单标签检测达到0.9398，多标签检测达到0.9330。