Module S11 — Smart Contract Audit Harnesses

Smart Contract Audit Harnesses

The EVM audit architecture, business-logic vulnerability detection, exploit chain construction, and patch generation with cascaded verification.

90
minutes
8
artifacts
4
sub-sections
A smart contract security harness operates in three modes — Detect, Patch, Exploit — and is benchmarked against EVMbench's 117 curated vulnerabilities across 40 repositories. This module builds the four pillars of a production EVM audit harness: a static-plus-LLM detection pipeline, invariant extraction for business-logic bugs, Foundry-based exploit chain construction on forked mainnet, and cascaded verification for patch quality. Heimdallr's architecture anchors the design — function-level reorganization, heuristic reasoning, cascaded verification — at $2.31 per 10K LOC and 92.45% detection.
Key Claims
Load-Bearing Claims

LLMs alone fail on smart contracts. Hallucinations on Solidity semantics, context limits on large codebases, false positives on benign patterns. The harness pairs static analysis with LLM semantic reasoning.

Business logic is the hardest class. Logic bugs are syntactically valid and pass all static checks but are economically exploitable. Static analysis checks patterns, not intent — invariant extraction closes the gap.

Detection is not enough; the harness must exploit. EVMbench's Exploit mode scores whether the agent can write and run a working PoC on forked mainnet, not just describe the bug.

Patch generation requires cascaded verification. A fix must preserve all intended behavior while removing the vulnerability — static analysis, test suite, and formal verification where feasible.

After This Module
01
Design the three-mode EVM audit architecture (Detect/Patch/Exploit) and defend why LLMs alone fail on smart contracts.
02
Build an invariant extraction and checking harness for business-logic vulnerabilities, including flash loan attack paths that span multiple contracts.
03
Construct a Foundry-based exploit chain PoC on forked mainnet with structured evidence (transaction hash, state delta, economic impact).
04
Implement a patch generation pipeline with cascaded verification quality gates and a human approval gate.
05
Map the harness to EVMbench's taxonomy of 117 vulnerabilities across 40 repositories and Heimdallr's $2.31/10K LOC cost model.
Artifacts