ReDetect: A Hybrid LLM-GNN Framework for High-Precision Reentrancy Vulnerability Detection in Smart Contracts

The immutable nature of smart contracts, while offering security benefits, also means that any latent code vulnerability can lead to irreversible financial losses upon deployment. Reentrancy vulnerabilities, notoriously responsible for the 2016 DAO attack, remain a significant threat, yet existing detection tools often suffer from high false positive rates, unacceptable false negative rates, or prohibitive analysis overhead, struggling to cope with their complex and evolving patterns. This paper introduces ReDetect, a novel automated tool that synergistically integrates Large Language Models (LLMs) with Graph Neural Networks (GNNs) and static/taint analysis to achieve high-precision reentrancy vulnerability detection in Ethereum smart contracts. ReDetect leverages an LLM (GPT-4 Turbo) to semantically extract and formalize reentrancy patterns from diverse security knowledge. These formalized rules then guide a GNN (Graph Attention Network) to analyze rich graph representations (ASTs, CFGs, DFGs) of smart contracts for structural pattern recognition. Finally, a lightweight static and taint analysis component rigorously validates candidate patterns by verifying feasible execution paths and tracking the flow of tainted data to critical state variables, effectively pruning false positives and confirming exploitability. Our comprehensive evaluation on an expert-labeled Ground-truth Dataset of 45 smart contracts demonstrates ReDetect's superior performance.