EVMbench: Evaluating AI Agents on Smart Contract Security
This work addresses the critical problem of evaluating AI agents' capabilities in smart contract security for blockchain developers and security researchers, which is a novel and important area given the financial value at stake.
This paper introduces EVMbench, an evaluation framework for AI agents on smart contract security. It measures agents' ability to detect, patch, and exploit vulnerabilities, drawing on 117 curated vulnerabilities from 40 repositories. The evaluation found that frontier AI agents are capable of end-to-end discovery and exploitation of vulnerabilities against live blockchain instances.
Smart contracts on public blockchains now manage large amounts of value, and vulnerabilities in these systems can lead to substantial losses. As AI agents become more capable at reading, writing, and running code, it is natural to ask how well they can already navigate this landscape, both in ways that improve security and in ways that might increase risk. We introduce EVMbench, an evaluation that measures the ability of agents to detect, patch, and exploit smart contract vulnerabilities. EVMbench draws on 117 curated vulnerabilities from 40 repositories and, in the most realistic setting, uses programmatic grading based on tests and blockchain state under a local Ethereum execution environment. We evaluate a range of frontier agents and find that they are capable of discovering and exploiting vulnerabilities end-to-end against live blockchain instances. We release code, tasks, and tooling to support continued measurement of these capabilities and future work on security.