LiquiLM: Bridging the Semantic Gap in Liquidity Flaw Audit via DCN and LLMs

TL;DR

LiquiLM is a novel framework combining LLMs and DCN to detect and explain liquidity flaws in smart contracts, significantly improving accuracy and aiding vulnerability discovery in DeFi ecosystems.

Contribution

The paper introduces LiquiLM, a new approach that bridges semantic gaps between code and liquidity intents using LLMs and DCN, enhancing flaw detection in liquidity management smart contracts.

Findings

Achieves over 90% F1-score in liquidity flaw detection.

Successfully identifies 238 high-risk contracts in real-world audits.

Discovers 10 CVE-certified vulnerabilities in Ethereum contracts.

Abstract

Traditional consensus mechanisms, such as Proof of Stake (PoS), increasingly reveal an excessive dependency on large liquidity providers. Although the Proof of Liquidity (PoL) mechanism serves as a critical paradigm for incentivizing sustained liquidity provision and ensuring market stability, its transition from asset staking to active liquidity management significantly increases the complexity of underlying smart contract economic models and interaction logic. This renders hidden liquidity logic flaws difficult to detect via traditional methods, seriously threatening the system stability and user asset security of mainstream DeFi and emerging PoL ecosystems. To address this, we propose the LiquiLM framework, which integrates Large Language Models (LLMs) with a Dynamic Co-Attention Network (DCN). By establishing a dynamic interaction between liquidity-critical contracts and flaw descriptions, the framework effectively bridges the semantic gap between underlying code implementations and high-level liquidity intents. We evaluate the performance of LiquiLM on 1,490 validation contracts (covering precision, recall, specificity, and F1-score). The results show that it achieves significant effectiveness in auditing and explaining liquidity flaws: in experiments using Gemini 3 Pro and GPT-4o as backbone models, respectively, the F1-scores both exceed 90%. Furthermore, through an in-depth audit of 1,380 real-world PoL and Ethereum economic contracts, LiquiLM successfully identifies 238 high-risk contracts and assists in discovering 10 vulnerabilities that have received CVE certification.