Smart contracts govern billions of dollars in decentralized finance (DeFi), yet automated vulnerability detection remains challenging because many vulnerabilities are tightly coupled with project-specific business logic. We observe that recurring vulnerabilities across diverse DeFi business models often share the same underlying economic mechanisms, which we term DeFi semantics, and that capturing these shared abstractions can enable more systematic auditing. Building on this insight, we propose Knowdit, a knowledge-driven, agentic framework for smart contract vulnerability detection. Knowdit first constructs an auditing knowledge graph from historical human audit reports, linking fine-grained DeFi semantics with recurring vulnerability patterns. Given a new project, a multi-agent framework leverages this knowledge through an iterative loop of specification generation, harness synthesis, fuzz execution, and finding reflection, driven by a shared working memory for continuous refinement. We evaluate Knowdit on 12 recent Code4rena projects with 75 ground-truth vulnerabilities. Knowdit detects all 14 high-severity and 77\% of medium-severity vulnerabilities with only 2 false positives, significantly outperforming all baselines. Applied to six real-world projects, Knowdit further discovers 12 high- and 10 medium-severity previously unknown vulnerabilities, proving its outstanding performance.

翻译：摘要：智能合约管理着去中心化金融（DeFi）领域数十亿美元的资金，然而自动化漏洞检测仍面临挑战，原因在于许多漏洞与项目特定的业务逻辑紧密耦合。我们观察到，不同DeFi业务模型中反复出现的漏洞通常共享相同的底层经济机制（我们称之为DeFi语义），捕获这些共享抽象特征能够实现更系统化的审计。基于这一发现，我们提出Knowdit——一种知识驱动的自主式智能合约漏洞检测框架。Knowdit首先从历史人工审计报告中构建审计知识图谱，将细粒度DeFi语义与反复出现的漏洞模式关联起来。针对新项目，多智能体框架通过规范生成、工具链合成、模糊执行与缺陷反思的迭代循环来利用该知识，并由共享工作记忆驱动实现持续优化。我们在12个近期Code4rena项目（包含75个真实漏洞）上评估Knowdit。Knowdit检测出全部14个高危漏洞及77%的中危漏洞，仅产生2个误报，显著优于所有基线方法。在6个真实项目的应用中，Knowdit进一步发现了12个高危和10个中危的未知漏洞，证明了其卓越性能。