Abstract

Smart contracts are the foundational pillars of Decentralized Finance (DeFi), yet their immutable nature makes them high-value targets for exploitation. This study proposes a conceptual framework that integrates automated auditing tools—utilizing static analysis, symbolic execution, and fuzzing—with manual ethical hacking methodologies. Through systematic literature mapping and STRIDE-based threat modeling, this research evaluates the efficacy of these techniques in identifying critical vulnerabilities such as reentrancy and integer overflows. The findings reveal that while automated tools offer unparalleled scalability, they significantly lack the contextual logic awareness required to detect complex business logic flaws. Consequently, this paper argues for a hybrid security posture, transitioning from traditional infrastructure-centric defense to an identity and logic-centric paradigm. The framework serves as a structured roadmap for cybersecurity practitioners and researchers to enhance the resilience of blockchain ecosystems.