English

SmartPoC: Generating Executable and Validated PoCs for Smart Contract Bug Reports

Software Engineering 2026-04-02 v3 Cryptography and Security

Abstract

Smart contracts are commonly audited through static analysis to explore vulnerabilities. However, static approaches typically produce heterogeneous findings rather than reproducible, executable proof-of-concept (PoC) test cases, leading to costly and ad hoc manual validation. Large language models (LLMs) offer a promising way to translate audit reports into PoC test cases, but face three major challenges: noisy inputs, lack of execution grounding, and missing runtime oracles. We present SmartPoC, an end-to-end approach for validating reported vulnerabilities in audit reports by generating and executing PoC test cases with automated exploitability verification. SmartPoC first extracts a focused function-level slice from each report to reduce noise, centering on the key functions referenced in a finding and augmenting them with execution-relevant neighbors. To improve executability, we wrap LLM-based PoC synthesis in a generate-repair-execute loop, combining deterministic pre-execution sanitization with feedback-driven post-execution debugging. We further use differential verification as an oracle to confirm the exploitability of generated test cases. On the SmartBugs-Vul and FORGE-Vul benchmarks, SmartPoC achieves confirmation precision of 98.32% and 98.65%, with recall of 84.17% and 85.28%, respectively. On a recent Etherscan verified-source corpus, SmartPoC confirms 64 bugs from 545 audit findings at an average cost of $0.03.

Keywords

Cite

@article{arxiv.2511.12993,
  title  = {SmartPoC: Generating Executable and Validated PoCs for Smart Contract Bug Reports},
  author = {Longfei Chen and Ruibin Yan and Taiyu Wong and Yiyang Chen and Jialai Wang and Chao Zhang},
  journal= {arXiv preprint arXiv:2511.12993},
  year   = {2026}
}
R2 v1 2026-07-01T07:40:31.098Z