LibScan: Smart Contract Library Misuse Detection with Iterative Feedback and Static Verification

TL;DR

LibScan is an innovative framework that combines LLM-based semantic reasoning with static code analysis to detect smart contract library misuse, achieving high accuracy through iterative feedback and empirical knowledge.

Contribution

It introduces a novel hybrid detection approach with iterative self-correction and a knowledge base, significantly improving misuse detection in smart contracts.

Findings

LibScan achieves 85.15% detection accuracy on real-world contracts.

Combining semantic reasoning with static analysis outperforms individual methods.

Iterative feedback enhances detection reliability and reduces false positives.

Abstract

Smart contracts are self-executing programs that manage financial transactions on blockchain networks. Developers commonly rely on third-party code libraries to improve both efficiency and security. However, improper use of these libraries can introduce hidden vulnerabilities that are difficult to detect, leading to significant financial losses. Existing automated tools struggle to identify such misuse because it often requires understanding the developer's intent rather than simply scanning for known code patterns. This paper presents LibScan, an automated detection framework that combines large language model (LLM)-based semantic reasoning with rule-based code analysis, identifying eight distinct categories of library misuse in smart contracts. To improve detection reliability, the framework incorporates an iterative self-correction mechanism that refines its analysis across multiple rounds, alongside a structured knowledge base derived from large-scale empirical studies of real-world misuse cases. Experiments conducted on 662 real-world smart contracts demonstrate that LibScan achieves an overall detection accuracy of 85.15\%, outperforming existing tools by a margin of over 16 percentage points. Ablation experiments further confirm that combining both analysis approaches yields substantially better results than either method used independently.