Module SDD-10 — EVMbench

EVMbench

The benchmark that makes smart contract audit harnesses measurable: 117 vulnerabilities across 40 repos, scored in three modes — Detect, Patch, Exploit.

45
minutes
8
artifacts
3
sub-sections
EVMbench (arXiv 2603.04915, OpenAI/Paradigm) is the measurement methodology that lets a Heimdallr-class agent, a static analyzer, and a general LLM be evaluated on the same axis. Its core design decision is the three-mode separation: Detect (recall), Patch (remediation), and Exploit (adversarial depth, execution-verified on a forked chain) are distinct competencies that a composite score would hide. With 117 real-world vulnerabilities from 40 audited protocols, a good score reflects performance on the messiness of actual code, not over-fitting to synthetic patterns. A harness without an EVMbench scorecard is a claim; with one, it is evidence.
Key Claims
Load-Bearing Claims

The three-mode separation is the design decision that makes the benchmark honest. Detect, Patch, and Exploit are distinct competencies — a harness can detect without patching, exploit without detecting. Reporting them separately prevents a weak mode being hidden behind a strong one. A composite score is the dishonest default; EVMbench rejects it.

Real-world grounding over synthetic challenges. 117 vulnerabilities from 40 audited protocols carry the messiness of actual code — inheritance, proxies, integrations. A harness that scores well on synthetic but poorly on real-world has over-fit to the pattern. The repo diversity prevents tuning to one codebase style.

The Exploit mode is execution-verified. 'Produced an exploit' is not a self-reported claim — the transaction sequence runs on a forked chain by Foundry/Hardhat and either triggers the vulnerability or does not. This is the same standard Heimdallr's reconstructions need (SDD-09 build-on).

Data contamination is the largest integrity risk. If a harness's underlying LLM saw the repos or audit reports during training, the Detect score measures memorization, not capability. Governing dataset integrity and leakage is what keeps the benchmark a measurement rather than a recitation test.

After This Module
01
Explain the three-mode scoring (Detect/Patch/Exploit) and why separating them makes the benchmark honest.
02
Describe the dataset structure (117 vulns, 40 repos) and what each axis contributes to evaluation validity.
03
Run a smart contract audit harness against EVMbench and produce a comparable three-mode scorecard.
04
Interpret scorecard profiles correctly (finding-flagger vs attack-reconstructor) and the failure modes of benchmark-chasing.
05
Score the benchmark-as-methodology on the 12-module rubric (30/45) and identify the build-on list (cost, precision, versioning).
Artifacts