EVMbench: Evaluating AI Agents on Smart Contract Security

TL;DR

EVMbench is a comprehensive evaluation framework that measures AI agents' ability to detect, patch, and exploit vulnerabilities in smart contracts on Ethereum, highlighting current capabilities and risks.

Contribution

Introduces EVMbench, a new benchmark for assessing AI agents' performance in smart contract security tasks using real-world vulnerabilities and blockchain environments.

Findings

AI agents can discover and exploit vulnerabilities end-to-end.

Current agents demonstrate capabilities in security-related tasks.

The benchmark supports ongoing research in smart contract security.

Abstract

Smart contracts on public blockchains now manage large amounts of value, and vulnerabilities in these systems can lead to substantial losses. As AI agents become more capable at reading, writing, and running code, it is natural to ask how well they can already navigate this landscape, both in ways that improve security and in ways that might increase risk. We introduce EVMbench, an evaluation that measures the ability of agents to detect, patch, and exploit smart contract vulnerabilities. EVMbench draws on 117 curated vulnerabilities from 40 repositories and, in the most realistic setting, uses programmatic grading based on tests and blockchain state under a local Ethereum execution environment. We evaluate a range of frontier agents and find that they are capable of discovering and exploiting vulnerabilities end-to-end against live blockchain instances. We release code, tasks, and tooling to support continued measurement of these capabilities and future work on security.