This study evaluates the reliability of large language models (LLMs) in static security analysis of smart contracts, investigating whether they can replace or merely complement traditional tools. To this end, we introduce the first automated evaluation framework that systematically assesses LLM performance in vulnerability detection, quantitatively revealing— for the first time—high false positive rates stemming from lexical biases (e.g., identifier naming) and insufficient semantic validation. Through extensive experiments with diverse prompting strategies, we observe a pronounced trade-off between precision and recall. Our framework achieves 92% accuracy in classifying model outputs, demonstrating that current LLMs are ill-suited for standalone security auditing but show promise as collaborative aids to conventional static analysis tools, thereby underscoring the necessity of hybrid approaches.

The irreversible nature of blockchain transactions makes the identification of smart contract vulnerabilities an essential requirement for secure system development. While Large Language Models (LLMs) are increasingly integrated into developer workflows, their reliability as autonomous security auditors remains unproven. We assess whether current generative models are a viable replacement for, or only a complement to, traditional static-analysis tools. Our findings indicate that LLM efficacy is undermined by both inherent lexical bias and a lack of rigorous validation of external data inputs. This reliance on non-semantic heuristics, such as identifier naming, leads to a high frequency of false positives. Furthermore, prompting techniques reveal a trade-off between precision and recall. These results were derived using our custom automated framework, which achieves 92% accuracy in classifying model outputs.