Large Language Model based Smart Contract Auditing with LLMBugScanner

TL;DR

This paper introduces LLMBugScanner, a framework that combines fine-tuning and ensemble learning of large language models to improve the accuracy and robustness of smart contract vulnerability detection.

Contribution

It proposes a novel ensemble approach with domain knowledge adaptation and conflict resolution to enhance smart contract auditing with LLMs.

Findings

LLMBugScanner outperforms individual LLMs in vulnerability detection accuracy.

The ensemble approach improves robustness across diverse smart contract structures.

Fine-tuning with domain knowledge enhances LLMs' reasoning about vulnerabilities.

Abstract

This paper presents LLMBugScanner, a large language model (LLM) based framework for smart contract vulnerability detection using fine-tuning and ensemble learning. Smart contract auditing presents several challenges for LLMs: different pretrained models exhibit varying reasoning abilities, and no single model performs consistently well across all vulnerability types or contract structures. These limitations persist even after fine-tuning individual LLMs. To address these challenges, LLMBugScanner combines domain knowledge adaptation with ensemble reasoning to improve robustness and generalization. Through domain knowledge adaptation, we fine-tune LLMs on complementary datasets to capture both general code semantics and instruction-guided vulnerability reasoning, using parameter-efficient tuning to reduce computational cost. Through ensemble reasoning, we leverage the complementary strengths of multiple LLMs and apply a consensus-based conflict resolution strategy to produce more reliable vulnerability assessments. We conduct extensive experiments across multiple popular LLMs and compare LLMBugScanner with both pretrained and fine-tuned individual models. Results show that LLMBugScanner achieves consistent accuracy improvements and stronger generalization, demonstrating that it provides a principled, cost-effective, and extensible framework for smart contract auditing.