Current smart contract vulnerability detection suffers from limited vulnerability coverage, low accuracy, and heavy reliance on manual auditing. To address these challenges, this paper proposes LISA—a lightweight, fine-tuning-free framework that requires no human-labeled data. LISA introduces a novel proxy-based architecture integrating static analysis, rule-based engines, and logical reasoning, while leveraging historical audit reports to encode domain expertise. It further incorporates large language models (LLMs) to enhance context-sensitive vulnerability pattern recognition. Its core contribution is enabling zero-shot cross-project and cross-vulnerability-type knowledge transfer, effectively detecting novel and evolving threats. Experimental results demonstrate that LISA significantly outperforms state-of-the-art static analyzers and LLM-based baselines in both vulnerability coverage and detection accuracy.

We present LISA, an agentic smart contract vulnerability detection framework that combines rule-based and logic-based methods to address a broad spectrum of vulnerabilities in smart contracts. LISA leverages data from historical audit reports to learn the detection experience (without model fine-tuning), enabling it to generalize learned patterns to unseen projects and evolving threat profiles. In our evaluation, LISA significantly outperforms both LLM-based approaches and traditional static analysis tools, achieving superior coverage of vulnerability types and higher detection accuracy. Our results suggest that LISA offers a compelling solution for industry: delivering more reliable and comprehensive vulnerability detection while reducing the dependence on manual effort.