SCALM: Detecting Bad Practices in Smart Contracts Through LLMs

TL;DR

This paper introduces SCALM, a novel LLM-based framework that systematically detects bad practices in smart contracts, improving the identification process and helping developers maintain higher standards.

Contribution

The paper presents the first systematic study of bad practices in smart contracts and proposes SCALM, combining Step-Back Prompting and RAG to enhance detection accuracy.

Findings

SCALM outperforms existing tools in detecting bad practices.

Extensive experiments validate SCALM's effectiveness across multiple datasets.

Identifies over 35 specific bad practices in smart contracts.

Abstract

As the Ethereum platform continues to mature and gain widespread usage, it is crucial to maintain high standards of smart contract writing practices. While bad practices in smart contracts may not directly lead to security issues, they do elevate the risk of encountering problems. Therefore, to understand and avoid these bad practices, this paper introduces the first systematic study of bad practices in smart contracts, delving into over 35 specific issues. Specifically, we propose a large language models (LLMs)-based framework, SCALM. It combines Step-Back Prompting and Retrieval-Augmented Generation (RAG) to identify and address various bad practices effectively. Our extensive experiments using multiple LLMs and datasets have shown that SCALM outperforms existing tools in detecting bad practices in smart contracts.