Tailored Prompts, Targeted Protection: Vulnerability-Specific LLM Analysis for Smart Contracts

TL;DR

This paper introduces an LLM-based framework for detecting smart contract vulnerabilities, utilizing a large annotated dataset and vulnerability-specific prompts to achieve high recall and precision.

Contribution

It presents a scalable, vulnerability-specific detection approach with a large dataset and AST-based context extraction for smart contract security.

Findings

Achieved an average positive recall of 0.92

Achieved an average negative recall of 0.85

Demonstrated effectiveness of vulnerability-specific prompts

Abstract

Smart contracts on blockchains are prone to diverse security vulnerabilities that can lead to significant financial losses due to their immutable nature. Existing detection approaches often lack flexibility across vulnerability types and rely heavily on manually crafted expert rules. In this paper, we present an LLM-based framework for practical smart contract vulnerability detection. We construct and release a large-scale dataset comprising 31,165 professionally annotated vulnerability instances collected from over 3,200 real-world projects across 15 major blockchain platforms. Our approach leverages precise AST-based context extraction and vulnerability-specific prompt design to instantiate customized detectors for 13 prevalent vulnerability categories. Experimental results demonstrate strong effectiveness, achieving an average positive recall of 0.92 and an average negative recall of 0.85, highlighting the potential of carefully engineered contextual prompting for scalable and high-precision smart contract security analysis.