LibScan_An LLM-Based Tool for Smart Contract Library Misuse Identification

Smart contracts, as programs capable of complex operations, operate on the blockchain and are com monly coded in the Solidity language. Solid ity, an object-oriented programming language, fre quently incorporates a variety of libraries to boost the reusability of code and simplify the intricacies of smart contract development. However, this prac tice often gives rise to library misuse, where incor rect implementation or application of libraries can lead to flaws in the contract. At present, there is a lack of tools that can effectively detect and recog nize patterns of library misuse within smart con tracts. To fill this gap, we introduce LibScan, a tool powered by large language models (LLMs) to identify the vulnerabilities caused by library mis use. LibScan captures the distinctive features and qualities of each library misuse pattern and lever ages a Generative Pre-training Transformer (GPT) to align contract code with these patterns, pinpoint ing instances of library misuse. It uses an iterative feedback mechanism to refine the LLM’s accuracy, particularly for sophisticated contracts, and corrob orates its findings with static analysis techniques. The tool’s effectiveness is underscored by its per formance metrics, which are notably high in both identifying true positives and minimizing false pos itives. We also explore the current limitations of the tool and propose avenues for future research to en hance its capabilities.