{"ID":2887628,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2508.01371","arxiv_id":"2508.01371","title":"Prompt to Pwn: Automated Exploit Generation for Smart Contracts","abstract":"Smart contracts are important for digital finance, yet they are hard to patch once deployed. Prior work has mainly explored LLMs for smart contract vulnerability detection, leaving end-to-end automated exploit generation (AEG) much less understood. We study that gap with \\textsc{ReX}, an execution-grounded framework that links LLM-based exploit synthesis to the Foundry stack for end-to-end generation, compilation, execution, and validation. Five recent LLMs are evaluated across eight common vulnerability classes, supported by a curated dataset of 38{+} real incident PoCs and three automation aids: prompt refactoring, a compiler feedback loop, and templated test harnesses. Results indicate that current frontier LLMs can often produce deterministic PoCs for single-contract vulnerabilities, but remain weak on cross-contract attacks; outcomes depend mainly on the model and bug type, while code structure and prompt tuning contribute less in our setting. The study also surfaces important boundary conditions of LLM-driven AEG, including gaps between oracle-validated exploitability and real-world economic attacks, pointing to the need for stronger defenses and more realistic evaluation.","short_abstract":"Smart contracts are important for digital finance, yet they are hard to patch once deployed. Prior work has mainly explored LLMs for smart contract vulnerability detection, leaving end-to-end automated exploit generation (AEG) much less understood. We study that gap with \\textsc{ReX}, an execution-grounded framework th...","url_abs":"https://arxiv.org/abs/2508.01371","url_pdf":"https://arxiv.org/pdf/2508.01371v3","authors":"[\"ZeKe Xiao\",\"Qin Wang\",\"Yuekang Li\",\"Shiping Chen\"]","published":"2025-08-02T13:52:15Z","proceeding":"cs.CR","tasks":"[\"cs.CR\",\"cs.AI\",\"cs.ET\"]","methods":"[\"Large Language Model\"]","has_code":false}