Smart Contract Audit Harnesses
The EVM audit architecture, business-logic vulnerability detection, exploit chain construction, and patch generation with cascaded verification.
LLMs alone fail on smart contracts. Hallucinations on Solidity semantics, context limits on large codebases, false positives on benign patterns. The harness pairs static analysis with LLM semantic reasoning.
Business logic is the hardest class. Logic bugs are syntactically valid and pass all static checks but are economically exploitable. Static analysis checks patterns, not intent — invariant extraction closes the gap.
Detection is not enough; the harness must exploit. EVMbench's Exploit mode scores whether the agent can write and run a working PoC on forked mainnet, not just describe the bug.
Patch generation requires cascaded verification. A fix must preserve all intended behavior while removing the vulnerability — static analysis, test suite, and formal verification where feasible.