An anti-pattern-based false positive removal smart contract vulnerability detection method and system

By using large language models to assist static analysis in identifying anti-patterns in blockchain smart contracts, the problem of high false positive rates in existing tools is solved, achieving high accuracy and low false positive rate in vulnerability detection, and improving the effectiveness of smart contract code security auditing.

CN122333480APending Publication Date: 2026-07-03SHANGHAI FEIYU AURORA TECHNOLOGY CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHANGHAI FEIYU AURORA TECHNOLOGY CO LTD
Filing Date
2026-04-03
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

Existing blockchain smart contract code vulnerability detection tools suffer from high false positive rates, unstable detection results, and difficulty in identifying anti-patterns, leading to actual controllable risks being misjudged as real vulnerabilities. These problems are particularly prominent in scenarios involving complex business logic and multiple function calls.

Method used

Large Language Model (LLM) is used to assist static code analysis. By extracting concise context and identifying anti-patterns, false positives are filtered out. Secondary verification is performed by combining code text matching to improve detection accuracy and reduce false positive rate.

Benefits of technology

It significantly improves the accuracy and usability of smart contract vulnerability detection, reduces false alarm rates, lowers the cost of manual review, and improves the efficiency and reliability of the detection process.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure FT_1
    Figure FT_1
  • Figure FT_2
    Figure FT_2
Patent Text Reader

Abstract

This invention discloses a method and system for detecting smart contract vulnerabilities based on anti-pattern removal to eliminate false positives, relating to the field of blockchain smart contract code security detection. The method first uses static analysis tools to detect potential vulnerabilities and extracts contextual information such as call relationships, data dependencies, and related functions around the functions corresponding to the potential vulnerabilities. Then, it constructs corresponding anti-pattern descriptions in natural language for various types of vulnerabilities. The potential vulnerabilities, anti-pattern descriptions, and context are input into a large language model for constrained code pattern matching, outputting the code corresponding to the anti-pattern. Finally, the model output is verified through code text matching to eliminate false positives, obtaining the final vulnerability detection result. This invention can reduce false positives while reusing existing static analysis capabilities, improving the accuracy, reliability, and scalability of smart contract vulnerability detection.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of software code vulnerability detection, and more particularly to vulnerability detection of blockchain smart contract code. Specifically, it addresses code vulnerability detection methods based on static analysis, enabling high-accuracy and low-false-positive detection of typical blockchain smart contract code vulnerabilities, thereby helping software developers reduce code security risks. Background Technology

[0002] Once deployed, blockchain smart contracts are typically difficult to modify and often directly carry critical business logic such as on-chain asset management, access control, and transaction settlement. Therefore, their code security directly impacts the stability of blockchain application systems and the security of user assets. If smart contracts contain vulnerabilities such as reentrancy, missing access controls, abnormal integer arithmetic, or dangerous external calls, attackers may exploit these flaws to cause asset transfers, bypass business logic, or system service interruptions, resulting in significant economic losses and security risks. Therefore, efficient and accurate vulnerability detection of blockchain smart contract code is of paramount importance.

[0003] Existing vulnerability detection tools for blockchain smart contract code have many shortcomings. Current detection methods mainly include manual auditing, dynamic testing, formal verification, and static analysis. Among these, static analysis has become an important technical approach in smart contract security auditing due to its high efficiency, ease of deployment, and lack of need for actual contract execution. However, existing static analysis tools typically scan source code, control flow, or data flow based on predefined vulnerability patterns. Their ability to understand complex business logic, cross-function call relationships, cross-contract interaction semantics, and protective code structures is limited. Therefore, in practical applications, they generally suffer from unstable detection results, a high number of false positives, and high costs for manual review.

[0004] The key to vulnerability detection in blockchain smart contract code lies in reducing false positives. For many code snippets flagged as potential vulnerabilities by detection tools, developers have actually mitigated the risks through methods such as permission checks, state constraints, call order control, whitelisting mechanisms, and cross-function and cross-contract security checks. If these anti-patterns used to protect against vulnerabilities cannot be accurately identified, it's easy to misjudge controllable risks as real vulnerabilities, especially when multiple function call chains, variable data dependencies, and collaboration with external contracts are involved. Therefore, there is an urgent need for a smart contract vulnerability detection method and system that can effectively identify vulnerability anti-patterns and eliminate false positives while reusing existing static analysis capabilities. Summary of the Invention

[0005] This invention proposes a smart contract vulnerability detection method and system based on anti-pattern removal of false positives. It adopts a technical approach of using Large Language Model (LLM)-assisted static code analysis to detect smart contract vulnerabilities: first, static analysis tools identify vulnerability patterns and use static analysis to extract concise context for LLM; then, LLM detects specific anti-vulnerable patterns, constraining the role of LLM to code pattern matching rather than free reasoning, thereby limiting its autonomous decision-making scope and filtering relevant false positives. This achieves high accuracy and low false positive rate, significantly improving the accuracy of vulnerability detection in smart contract auditing while reducing the consumption of artificial intelligence computing power.

[0006] The method of the present invention specifically includes the following steps:

[0007] S1. Context Extraction of Potential Smart Contract Vulnerabilities: For a smart contract to be tested and its associated external contracts, use existing smart contract static code analysis tools to detect 37 types of smart contract vulnerability patterns defined by Smart Contract WeaknessClassification (SWC); if the tool reports the existence of several types of vulnerabilities, they are denoted as V_i, V_j, etc.; the detection results are regarded as potential vulnerabilities, and the corresponding code function is marked for each potential vulnerability; the context information of the marked function is extracted, including the set of all callers of the function, other variables that have data dependencies on the internal variables involved in the function, and all other functions that define or assign values ​​to these variables, and this context information is denoted as CTX.

[0008] S2. Anti-pattern matching of potential smart contract vulnerabilities: For the 37 types of smart contract vulnerability patterns defined in Smart Contract Weakness Classification (SWC), describe the measures to protect against any type of vulnerability using natural language and define them as vulnerability anti-patterns; for any potential vulnerability V_i reported in step S1, input the potential vulnerability, its corresponding anti-pattern, and CTX to LLM, and ask LLM to determine whether a specific anti-pattern exists in CTX. If it exists, output the corresponding code; repeat the above judgment to check all potential vulnerabilities and save the output as R.

[0009] S3. Smart Contract Vulnerability False Positive Filtering: Traverse the result R, and for each potential vulnerability, if an anti-pattern exists, extract the corresponding code output by LLM, and use code text matching to check if the extracted code exists in the smart contract to be detected and its associated external contracts; if it exists, the corresponding potential vulnerability is regarded as a false positive and excluded; all remaining potential vulnerability outputs after filtering are taken as the vulnerability detection results.

[0010] Based on the above steps, this invention also proposes a smart contract vulnerability detection system based on anti-pattern removal of false positives. The system consists of three parts: the first part is a static analysis unit, which integrates existing blockchain smart contract static code vulnerability detection tools. The input is the smart contract to be detected, and the output is the context information associated with the vulnerability. The second part is an anti-pattern detection unit, which integrates existing LLM (Local Least Model) tools. The input is anti-pattern text and vulnerability context information, and the output is the contract code corresponding to the anti-pattern. If no anti-pattern exists, the output is empty. The third part is a vulnerability false positive filtering unit, which takes the contract to be detected and all its potential vulnerabilities, as well as the contract code corresponding to the anti-pattern, as input, and outputs all vulnerabilities for which no anti-pattern exists.

[0011] The present invention provides a smart contract vulnerability detection method and system based on anti-pattern removal to eliminate false positives. Compared with the prior art, its advantages are as follows:

[0012] First, this invention, while reusing existing static analysis vulnerability detection tools, introduces LLM to identify anti-patterns corresponding to potential vulnerabilities. It does not need to completely replace the existing detection process. While maintaining the high efficiency of static analysis, it can significantly reduce false positives caused by coarse pattern matching, thereby improving the accuracy and usability of smart contract vulnerability detection results.

[0013] Second, this invention uses natural language to define anti-pattern detection rules, which allows the protection logic for different vulnerability types to be described and extended at a lower cost. This reduces the workload of manually constructing complex detection logic in traditional rule engineering and has good development simplicity and high scalability.

[0014] Third, this invention uses static analysis results to extract concise and focused vulnerability contexts for LLM, rather than directly inputting complete contract code. This can effectively narrow the scope of model processing, reduce interference from irrelevant information, reduce the consumption of artificial intelligence computing power, and improve the engineering deployment efficiency of the detection process.

[0015] Fourth, this invention constrains the role of LLM to code pattern matching rather than free reasoning, and combines code text matching to perform secondary verification of the model output, which can improve the reliability and stability of LLM prediction and reduce the adverse effects of model illusion or uncertain output on the detection results.

[0016] Fifth, this invention can more accurately distinguish between real vulnerabilities and potential vulnerabilities whose risks have been mitigated by protective measures, thereby outputting higher quality vulnerability reports, reducing the cost of manual review, improving the practicality of smart contract code security auditing, and ultimately achieving highly scalable and reliable smart contract vulnerability detection. Attached Figure Description

[0017] Figure 1This is a schematic diagram of a smart contract vulnerability detection method based on anti-pattern removal to remove false positives disclosed in an embodiment of the present invention.

[0018] Figure 2 This is a schematic diagram of a smart contract vulnerability detection system architecture based on anti-pattern removal to remove false positives, as disclosed in an embodiment of the present invention. Detailed Implementation

[0019] like Figure 1 As shown, the present invention proposes a smart contract vulnerability detection method based on anti-pattern removal to remove false positives. The method comprises three main stages: smart contract potential vulnerability context extraction, smart contract potential vulnerability anti-pattern matching, and smart contract vulnerability false positive filtering. The technical solution of the present invention will be further described in detail below with reference to the accompanying drawings and specific implementation process.

[0020] Step S1: Extracting Contextual Information for Potential Smart Contract Vulnerabilities. The purpose of Step S1 is to first use existing static analysis tools to identify potential vulnerabilities in the smart contract to be tested, and then extract sufficient contextual information around these potential vulnerabilities to support subsequent anti-pattern judgment, thereby establishing a refined and targeted input for subsequent LLM detection.

[0021] In step S1.1, for a specific smart contract to be tested and its associated external contracts, any existing smart contract static code analysis tool is invoked to detect the 37 types of smart contract vulnerability patterns defined by Smart Contract Weakness Classification (SWC). If the tool reports the existence of several potential vulnerabilities, they are respectively denoted as V_i, V_j, etc. The object to be tested can be either a single smart contract file or a collection of contracts consisting of a main contract and several associated external contracts.

[0022] In step S1.2, the results detected in step S1.1 are considered potential vulnerabilities, and each potential vulnerability is labeled with its corresponding code function. The labeling can record information such as the vulnerability type, the name of the function, the location of the code, and the contract file to which it belongs, so as to facilitate subsequent contextual tracing around the specific vulnerability. By first locating potential risk areas at the function level, indiscriminate processing of the complete contract code can be avoided, thereby improving the efficiency of subsequent processing.

[0023] In step S1.3, context information is extracted from the functions marked in step S1.2. This context includes at least: the set of all callers of the function, other variables that have data dependencies on the internal variables involved in the function, and all other functions that define or assign values ​​to these variables. When cross-contract calls are involved, corresponding function fragments from associated external contracts may also be included. This context information collectively constitutes the CTX used to characterize the semantic environment of potential vulnerabilities.

[0024] In this embodiment, CTX extraction does not aim to completely reconstruct the entire program, but prioritizes preserving code context that is significant in determining whether a vulnerability actually exists. This includes elements such as permission verification branches, state variable update logic, conditional checks before and after external calls, reentrancy protection variables, and call relationships between critical functions. This vulnerability-oriented context compression method reduces the burden on subsequent model processing while ensuring effective information coverage.

[0025] Step S2: Anti-pattern matching of potential vulnerabilities in smart contracts. The purpose of step S2 is to use LLM to identify the protective code patterns corresponding to potential vulnerabilities, i.e., vulnerability anti-patterns, in order to determine whether some potential vulnerabilities in the static analysis report have actually been resolved by the protective logic in the contract.

[0026] In step S2.1, for the 37 smart contract vulnerability patterns defined in Smart Contract Weakness Classification (SWC), natural language is used to describe the measures to protect against any type of vulnerability, and these measures are defined as vulnerability anti-patterns. For example, for access control vulnerabilities, the anti-pattern can be described as having permission checks, role verification, or caller identity restrictions before executing sensitive logic; for reentrancy risks, the anti-pattern can be described as having state locks, reentrancy flags, or strict call order control before and after external calls.

[0027] In step S2.2, for any potential vulnerability V_i reported in step S1.1, the type information of the potential vulnerability, the corresponding vulnerability anti-pattern description, and the CTX generated in step S1.3 are input into any existing LLM tool. To improve the stability of the judgment, in this embodiment, the task of LLM is limited to code pattern matching, that is, the model is required to search for the existence of corresponding code implementations in the CTX around a given anti-pattern, rather than requiring the model to perform open security reasoning.

[0028] If the LLM determines that a specific anti-pattern exists in the CTX, it outputs the code snippet corresponding to that anti-pattern; otherwise, the output is empty. The output can include the function name, code statement, conditional statement, or critical variable operation related to security protection that triggered the anti-pattern. By having the model directly point out the corresponding code, rather than just providing an abstract yes or no conclusion, verifiable evidence can be provided for subsequent false positive filtering.

[0029] In step S2.3, step S2.2 is repeated for all potential vulnerabilities reported in step S1.1, and the anti-pattern matching result corresponding to each potential vulnerability is saved as a result set R. The result set R can record the vulnerability identifier, anti-pattern description, model judgment result, and the corresponding code snippet output by the model, thus forming intermediate results for subsequent filtering stages.

[0030] In this embodiment, the anti-pattern text can be continuously expanded and maintained according to different vulnerability categories; when it is necessary to support new vulnerability detection types, only the corresponding natural language anti-pattern description needs to be added, without rewriting complex static analysis rules. Therefore, this invention, while retaining the foundation of static analysis engineering, can enhance the ability to identify complex protection logic at a lower cost.

[0031] Step S3: Smart Contract Vulnerability False Positive Filtering. The purpose of step S3 is to verify the anti-pattern matching results output by LLM and exclude potential vulnerabilities supported by verifiable anti-pattern code from the detection results, ultimately outputting a higher quality vulnerability report.

[0032] In step S3.1, the result set R generated in step S2.3 is traversed, and the output result corresponding to each potential vulnerability V_i is checked; if the result shows an anti-pattern, the corresponding code fragment output by LLM is extracted. The extracted code fragment can be a complete statement, or a partial expression, conditional judgment, permission verification statement, or state control logic with identifiable meaning.

[0033] In step S3.2, code text matching is used to check whether the code extracted in step S3.1 actually exists in the smart contract to be detected and its associated external contracts. If a match is found, it means that the protection logic corresponding to the potential vulnerability can be verified by the real code, and the potential vulnerability can be regarded as a false alarm and excluded; if it does not exist, the potential vulnerability is retained. This step further ensures the objectivity and stability of the filtering process by performing code-level verification on the model output.

[0034] In step S3.3, all remaining potential vulnerabilities after filtering in step S3.2 are output as the final vulnerability detection result. The final result may include the vulnerability type, the function it belongs to, the contract it is located in, and necessary contextual descriptions related to the vulnerability, thus forming a vulnerability report that can be directly used by developers or auditors.

[0035] like Figure 2 As shown, the smart contract vulnerability detection system of this invention includes a static analysis unit, an anti-pattern detection unit, and a vulnerability false positive filtering unit. The static analysis unit receives the smart contract to be detected and outputs the vulnerability-related context; the anti-pattern detection unit receives the anti-pattern text and vulnerability context and outputs the corresponding anti-pattern code; the vulnerability false positive filtering unit performs text matching verification on the model output and outputs the final vulnerability report. This system can be deployed as a standalone tool or as a service-oriented system for code auditing processes.

[0036] The specific embodiments described above are only used to illustrate the technical solutions of the present invention, and are not intended to limit the scope of protection of the present invention. For those skilled in the art, several equivalent substitutions or modifications can be made without departing from the concept of the present invention, and all such equivalent substitutions or modifications should fall within the scope of protection of the present invention.

Claims

1. A smart contract vulnerability detection method based on anti-pattern false positive removal, characterized in that, The process includes the following steps: S1, Extracting the context of potential vulnerabilities in smart contracts: For the smart contract to be tested and its associated external contracts, use a smart contract static code analysis tool to detect preset vulnerability patterns and obtain potential vulnerabilities; Each potential vulnerability is marked with a corresponding code function, and the context information of the code function is extracted, which is denoted as CTX; S2. Anti-pattern matching of potential vulnerabilities in smart contracts: For the vulnerability patterns corresponding to the potential vulnerabilities, construct corresponding vulnerability anti-pattern descriptions; The potential vulnerability, the anti-pattern description of the vulnerability, and CTX are input into the Large Language Model (LLM) to determine whether a corresponding anti-pattern of the vulnerability exists in CTX. If it exists, output the corresponding code and save the judgment results of all potential vulnerabilities as a result set R; S3. Smart Contract Vulnerability False Alarm Filtering: Traverse the result set R, extract the corresponding code from the LLM output for potential vulnerabilities with vulnerability anti-patterns, and use code text matching to check whether the extracted corresponding code exists in the smart contract to be detected and its associated external contracts; if it exists, the corresponding potential vulnerability is regarded as a false alarm and excluded, and the remaining potential vulnerabilities after filtering are output as the vulnerability detection result.

2. The method of claim 1, wherein the method is based on removing false positives by anti-patterns. In step S1, a specific smart contract vulnerability pattern detection is performed. When a specific potential vulnerability is detected, the set of all callers of the code function corresponding to the potential vulnerability, other variables that have data dependencies on the internal variables involved in the code function, and all other functions that define or assign values ​​to the other variables are organized into context information CTX.

3. The method of claim 1 or 2, wherein the method further comprises: The vulnerability anti-pattern description in step S2 is a natural language description of the protective measures against the corresponding vulnerability pattern.

4. The anti-pattern based false positive removal method for smart contract vulnerability detection according to any of claims 1 to 3, characterized in that, In step S2, the LLM task is constrained to a code pattern matching task, so that the LLM searches for the existence of a corresponding code implementation in CTX around a given vulnerability anti-pattern.

5. The anti-pattern based false positive removal method for smart contract vulnerability detection according to any one of claims 1 to 4, characterized in that, In step S2, if LLM determines that a corresponding vulnerability anti-pattern exists in CTX, it outputs the code snippet corresponding to the vulnerability anti-pattern. If it does not exist, the output will be empty.

6. The anti-pattern based false positive removal method for smart contract vulnerability detection according to any one of claims 1 to 5, characterized in that, The scope of the code text matching check in step S3 includes the smart contract to be detected and its associated external contracts; when the corresponding code output by LLM exists in the smart contract to be detected and its associated external contracts, the corresponding potential vulnerability is judged as a false alarm.

7. An anti-pattern-based false positive removal intelligent contract vulnerability detection system, characterized in that, include: The static analysis unit is used to perform static code analysis on the smart contract to be tested and its associated external contracts, detect potential vulnerabilities, and extract contextual information associated with the vulnerabilities. The anti-pattern detection unit is used to construct a corresponding anti-pattern description for potential vulnerabilities, and input the potential vulnerability, the anti-pattern description, and the context information into the Large Language Model (LLM) to output the code corresponding to the anti-pattern. The vulnerability false positive filtering unit is used to perform code text matching verification on the code corresponding to the vulnerability anti-pattern, and output the potential vulnerability that does not have a verified vulnerability anti-pattern as the final vulnerability detection result.