Smart contract vulnerability detection faces two key challenges: (1) incomplete data coverage, as existing datasets lack multi-level annotations and high-quality explanations; and (2) weak security semantic interpretability in large language models (LLMs), which often misinterpret execution order of critical security concepts—e.g., state changes. To address these, we propose Smart-LLaMA-DPO, a framework built upon LLaMA-3.1-8B that integrates continual pretraining, supervised fine-tuning, and direct preference optimization (DPO). We construct a high-quality, multi-level annotated dataset covering four representative vulnerability types and machine-hard-to-audit scenarios. Our DPO strategy incorporates human feedback and a customized loss function. Experiments show that Smart-LLaMA-DPO achieves average improvements of 10.43% in F1-score and 7.87% in accuracy across the four vulnerability categories. Both LLM-based and human evaluations confirm significantly enhanced explanation accuracy, completeness, and clarity—demonstrating improved understanding and interpretability of smart contract security semantics.

Smart contract vulnerability detection remains a major challenge in blockchain security. Existing vulnerability detection methods face two main issues: (1) Existing datasets lack comprehensive coverage and high-quality explanations for preference learning. (2) Large language models (LLMs) often struggle with accurately interpreting specific concepts in smart contract security. Empirical analysis shows that even after continual pre-training (CPT) and supervised fine-tuning (SFT), LLMs may misinterpret the execution order of state changes, resulting in incorrect explanations despite making correct detection decisions. To address these challenges, we propose Smart-LLaMA-DPO based on LLaMA-3.1-8B. We construct a comprehensive dataset covering four major vulnerability types and machine-unauditable vulnerabilities, including precise labels, explanations, and locations for SFT, as well as high-quality and low-quality output pairs for Direct Preference Optimization (DPO). Second, we perform CPT using large-scale smart contract to enhance the LLM's understanding of specific security practices in smart contracts. Futhermore, we conduct SFT with our comprehensive dataset. Finally, we apply DPO, leveraging human feedback and a specially designed loss function that increases the probability of preferred explanations while reducing the likelihood of non-preferred outputs. We evaluate Smart-LLaMA-DPO on four major vulnerability types: reentrancy, timestamp dependence, integer overflow/underflow, and delegatecall, as well as machine-unauditable vulnerabilities. Our method significantly outperforms state-of-the-art baselines, with average improvements of 10.43% in F1 score and 7.87% in accuracy. Moreover, both LLM evaluation and human evaluation confirm that our method generates more correct, thorough, and clear explanations.