Module S12 — Advanced Smart Contract Harnesses

Advanced Smart Contract Harnesses

Benchmarking against EVMbench, Solana and cross-chain security, and the audit as a client-ready deliverable.

60
minutes
8
artifacts
3
sub-sections
The audit harness from S11 is operational; this module makes it measurable, portable across chains, and deliverable. Three sub-sections: benchmarking against EVMbench's three scores (Detect recall, Patch quality, Exploit success rate) and the 92% vs 34% gap between purpose-built agents and general LLMs on DeFi; Solana's account model, the Anchor framework, and cross-chain bridge security; and the audit-as-deliverable — report structure, severity classification, and the format top firms publish.
Key Claims
Load-Bearing Claims

Three scores matter on EVMbench. Detect recall, Patch quality, Exploit success rate — measured independently. Purpose-built agents hit 92% detection vs GPT-5.1's 34% on DeFi-specific classes. The gap is what domain-specific tooling buys.

Solana is not the EVM. The account model creates different vulnerability classes — account confusion, missing signer checks, PDA misuse. The harness adapts; it does not port directly.

Cross-chain bridges are the highest-value attack surface. Billions lost in 2024-2025. Bridge security is a distinct discipline within smart contract auditing.

The audit is a product. Scope, methodology, findings table, severity breakdown, PoC references, remediation roadmap — structured to match what Trail of Bits, Consensys Diligence, and OpenZeppelin publish.

After This Module
01
Configure an audit harness to run against an EVMbench subset and produce a scored results table across the three modes.
02
Explain the 92% vs 34% gap between purpose-built agents and general LLMs on DeFi vulnerability classes.
03
Adapt the harness for Solana's account model: identify account confusion, missing signer checks, integer arithmetic errors, and PDA misuse in Anchor programs.
04
Describe cross-chain bridge attack surfaces and the harness adaptations required for bridge security review.
05
Generate a client-ready audit report matching the structure and severity classification of published reports from top firms.
Artifacts