LibScan: An LLM-Based Tool for Smart Contract Library Misuse Identification

Smart contracts, as programs capable of complex operations, operate on the blockchain and are commonly coded in the Solidity language. Solidity, an object-oriented programming language, frequently incorporates a variety of libraries to boost the reusability of code and simplify the intricacies of smart contract development. However, this practice often gives rise to library misuse, where incorrect implementation or application of libraries can lead to flaws in the contract. At present, there is a lack of tools that can effectively detect and recognize patterns of library misuse within smart contracts. To fill this gap, we introduce LibScan, a tool powered by large language models (LLMs) to identify the vulnerabilities caused by library misuse. LibScan captures the distinctive features and qualities of each library misuse pattern and leverages a Generative Pre-training Transformer (GPT) to align contract code with these patterns, pinpointing instances of library misuse. It uses an iterative feedback mechanism to refine the LLM's accuracy, particularly for sophisticated contracts, and corroborates its findings with static analysis techniques. The tool's effectiveness is underscored by its performance metrics, which are notably high in both identifying true positives and minimizing false positives. We also explore the current limitations of the tool and propose avenues for future research to enhance its capabilities.