{"ID":2846335,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2511.02780","arxiv_id":"2511.02780","title":"PoCo: Agentic Proof-of-Concept Exploit Generation for Smart Contracts","abstract":"Smart contracts operate in a highly adversarial environment, where vulnerabilities can lead to substantial financial losses. Thus, smart contracts are subject to security audits. In auditing, proof-of-concept (PoC) exploits play a critical role by demonstrating to the stakeholders that the reported vulnerabilities are genuine, reproducible, and actionable. However, manually creating PoCs is time-consuming, error-prone, and often constrained by tight audit schedules. We introduce PoCo, an agentic framework that automatically generates executable PoC exploits from natural-language vulnerability descriptions written by auditors. PoCo autonomously generates PoC exploits in an agentic manner by interacting with a set of codeexecution tools in a Reason-Act-Observe loop. It produces fully executable exploits compatible with the Foundry testing framework, ready for integration into audit reports and other security tools. We evaluate PoCo on a dataset of 23 real-world vulnerability reports. PoCo consistently outperforms the Zero-shot and Workflow baselines, generating well-formed and logically correct PoCs. Our results demonstrate that agentic frameworks can significantly reduce the effort required for high-quality PoCs in smart contract audits. Our contribution provides actionable knowledge for the smart contract security community.","short_abstract":"Smart contracts operate in a highly adversarial environment, where vulnerabilities can lead to substantial financial losses. Thus, smart contracts are subject to security audits. In auditing, proof-of-concept (PoC) exploits play a critical role by demonstrating to the stakeholders that the reported vulnerabilities are...","url_abs":"https://arxiv.org/abs/2511.02780","url_pdf":"https://arxiv.org/pdf/2511.02780v3","authors":"[\"Vivi Andersson\",\"Sofia Bobadilla\",\"Harald Hobbelhagen\",\"Martin Monperrus\"]","published":"2025-11-04T18:03:12Z","proceeding":"cs.CR","tasks":"[\"cs.CR\",\"cs.AI\",\"cs.SE\"]","methods":"[]","has_code":false}