Decentralized Finance (DeFi) smart contracts manage billions of dollars, making them a prime target for exploits. Price manipulation vulnerabilities, often via flash loans, are a devastating class of attacks causing significant financial losses. Existing detection methods are limited. Reactive approaches analyze attacks only after they occur, while proactive static analysis tools rely on rigid, predefined heuristics, limiting adaptability. Both depend on known attack patterns, failing to identify novel variants or comprehend complex economic logic. We propose PMDetector, a hybrid framework combining static analysis with Large Language Model (LLM)-based reasoning to proactively detect price manipulation vulnerabilities. Our approach uses a formal attack model and a three-stage pipeline. First, static taint analysis identifies potentially vulnerable code paths. Second, a two-stage LLM process filters paths by analyzing defenses and then simulates attacks to evaluate exploitability. Finally, a static analysis checker validates LLM results, retaining only high-risk paths and generating comprehensive vulnerability reports. To evaluate its effectiveness, we built a dataset of 73 real-world vulnerable and 288 benign DeFi protocols. Results show PMDetector achieves 88% precision and 90% recall with Gemini 2.5-flash, significantly outperforming state-of-the-art static analysis and LLM-based approaches. Auditing a vulnerability with PMDetector costs just $0.03 and takes 4.0 seconds with GPT-4.1, offering an efficient and cost-effective alternative to manual audits.

翻译：去中心化金融智能合约管理着数十亿美元资产，使其成为攻击的主要目标。价格操纵漏洞（通常通过闪电贷实施）是一类破坏性极强的攻击类型，已造成重大财务损失。现有检测方法存在局限：被动响应方法仅在攻击发生后进行分析，而主动静态分析工具依赖僵化的预定义启发式规则，适应性受限。两者均依赖于已知攻击模式，无法识别新型变体或理解复杂的经济逻辑。我们提出PMDetector——一种结合静态分析与大语言模型推理的混合框架，用于主动检测价格操纵漏洞。该方法采用形式化攻击模型和三阶段流程：首先，静态污点分析识别潜在脆弱代码路径；其次，通过两阶段大语言模型处理，先分析防御机制过滤路径，再模拟攻击评估可利用性；最后，静态分析检查器验证大语言模型结果，仅保留高风险路径并生成完整漏洞报告。为评估有效性，我们构建了包含73个真实漏洞与288个良性协议的数据集。实验表明，PMDetector在使用Gemini 2.5-flash时达到88%的精确率与90%的召回率，显著优于当前最先进的静态分析与基于大语言模型的方法。使用GPT-4.1时，单次漏洞审计仅需0.03美元和4.0秒，为人工审计提供了高效且经济可行的替代方案。