DeFiLogicShield: Business Security Rule-Guided LLM Smart Contract Audit Framework
摘要
Smart contracts, once deployed, cannot be modified. Since DeFi protocol smart contracts typically store enormous amounts of funds, ensuring their correctness before deployment is crucial. However, existing static and dynamic analysis tools demonstrate significant limitations in detecting business logic vulnerabilities in DeFi protocols. Large language models (LLMs) exhibit promising potential for smart contract vulnerability detection through their powerful semantic analysis capabilities; nevertheless, they still face challenges in identifying complex business logic vulnerabilities in DeFi protocols due to a lack of targeted guidance. In this paper, we propose an automated smart contract security audit framework guided by business security rules. First, we systematically classify a large corpus of DeFi protocol code according to their core business logic (such as lending, liquidity provision, trading mechanisms, etc.) into distinct categories. Second, we leverage large language models to extract specific business logic security rules from each category, constructing a comprehensive security rule repository. By combining the semantic understanding capabilities of LLMs with these domain-specific security rules, our approach can more accurately identify potential business logic vulnerabilities. Experiments demonstrate that our method achieves 79.7% precision and 73.5% recall on known vulnerable contract sets, significantly outperforming traditional static analysis tools (approximately 30% precision) and direct LLM-based methods (38.3% precision), while reducing the false negative rate for business logic vulnerabilities from over 90% to 28.4%. Furthermore, in zero-day vulnerability detection on unverified contracts, 70% of the high-risk vulnerabilities identified by our method were confirmed as genuine by security experts, demonstrating exceptional practical value.