SmartPoC: Generating Executable and Validated PoCs for Smart Contract Bug Reports

TL;DR

SmartPoC is an end-to-end system that generates and executes executable PoC test cases for smart contract vulnerabilities, improving validation accuracy and reducing manual effort.

Contribution

It introduces a novel approach combining focused report analysis, generate-repair-execute loops, and differential verification for reliable exploitability confirmation.

Findings

Achieves over 98% confirmation precision on benchmarks.

Confirms 64 bugs from 545 findings at low cost.

Improves exploitability verification accuracy for smart contracts.

Abstract

Smart contracts are commonly audited through static analysis to explore vulnerabilities. However, static approaches typically produce heterogeneous findings rather than reproducible, executable proof-of-concept (PoC) test cases, leading to costly and ad hoc manual validation. Large language models (LLMs) offer a promising way to translate audit reports into PoC test cases, but face three major challenges: noisy inputs, lack of execution grounding, and missing runtime oracles. We present SmartPoC, an end-to-end approach for validating reported vulnerabilities in audit reports by generating and executing PoC test cases with automated exploitability verification. SmartPoC first extracts a focused function-level slice from each report to reduce noise, centering on the key functions referenced in a finding and augmenting them with execution-relevant neighbors. To improve executability, we wrap LLM-based PoC synthesis in a generate-repair-execute loop, combining deterministic pre-execution sanitization with feedback-driven post-execution debugging. We further use differential verification as an oracle to confirm the exploitability of generated test cases. On the SmartBugs-Vul and FORGE-Vul benchmarks, SmartPoC achieves confirmation precision of 98.32% and 98.65%, with recall of 84.17% and 85.28%, respectively. On a recent Etherscan verified-source corpus, SmartPoC confirms 64 bugs from 545 audit findings at an average cost of $0.03.