While security vulnerabilities in Ethereum smart contracts have been extensively studied, non-security yet high-risk “bad practices”—including design flaws and anti-patterns—remain under-investigated. Method: This paper presents the first systematic empirical study, identifying and formally characterizing 47 representative bad practices. We propose the first detection framework tailored to such issues, integrating context-aware function slicing with knowledge-enhanced semantic reasoning to construct a three-layer (syntactic–design–architectural) semantic parser and multi-level verification mechanism. Leveraging LLM-driven analysis and vectorized pattern matching, our approach enables interpretable, traceable, and scalable detection. Contribution/Results: Evaluated across multiple LLMs and diverse datasets, our framework achieves significantly higher accuracy and coverage than state-of-the-art tools, effectively addressing the research gap in detecting non-vulnerability risks for smart contract quality assurance.

As the Ethereum platform continues to mature and gain widespread usage, it is crucial to maintain high standards of smart contract writing practices. While bad practices in smart contracts may not directly lead to security issues, they elevate the risk of encountering problems. Therefore, to understand and avoid these bad practices, this paper introduces the first systematic study of bad practices in smart contracts, delving into over 47 specific issues. Specifically, we propose SCALM, an LLM-powered framework featuring two methodological innovations: (1) A hybrid architecture that combines context-aware function-level slicing with knowledge-enhanced semantic reasoning via extensible vectorized pattern matching. (2) A multi-layer reasoning verification system connects low-level code patterns with high-level security principles through syntax, design patterns, and architecture analysis. Our extensive experiments using multiple LLMs and datasets have shown that SCALM outperforms existing tools in detecting bad practices in smart contracts.