Public Benchmark · Solhunt-Duel

Adversarial AI Agents for Smart Contract Auditing

An autonomous red-vs-blue agent system where the harness enforces four server-side gates the LLMs cannot see or modify. Every claim of convergence is backed by forge test on a fresh fork — never by LLM assertion.

Live Demo GitHub Beanstalk Case Study Architecture asciinema demo

Headline Results

Beanstalk Reproduction
$182M hack
Reproduced in 1m 44s for $0.65 in API costs. No hint, no oracle, no help.
Full case study with run log →
Curated 32-Contract Benchmark
67.7%
Exploit rate at $0.89/contract on a curated DeFiHackLabs subset (verified-source, single-contract attack vectors).
Honest comparison: see the 13% random-sample gap at right.
Random 95-Contract Eval (Honest)
13%
The generalization gap (13/95 = 13.7%). Sandbox limitations, not model limitations. Published plain.

Phase 4 — Red/Blue Duel Results 10 contracts · honest convergence breakdown · click row to expand round-by-round

For an apples-to-apples comparison to Anthropic's SCONE-bench (405 random contracts, 51.1% exploit rate), see the SCONE-bench paper. Their benchmark is random-draw at scale; the 67.7% number above is curated. The honest random-sample comparison is the 13% card on the right.

Total Runs
10
Hardened (Blue patched)
1
Dexible · all 4 gates passed
Red-failed (no exploit found)
3
contract may be safe — or harness limit
Blue-failed (Red found, Blue couldn't patch)
3
Same-class escaped
1
Timeout / Unknown
2
Contract Vuln Class Rounds Convergence Notional Cost Wall (sec)
Convergence taxonomy
Hardened (Blue-patched)
Red found a real exploit, Blue produced a patch, all 4 server-side gates passed on a fresh fork.
Red-failed
Red attempted N turns and gave up without finding an exploit. Could mean the contract is safe, or that the harness/sandbox doesn't support this attack class. Honest uncertainty.
Blue-failed
Red found a real exploit, but Blue couldn't produce a patch that passes the 4 gates within budget.
Same-class escaped
Red found vuln, Blue patched, then Red found another vuln of the same class on the patched contract. Multiple-round convergence.
Timeout
Wall-clock budget exhausted (60min default) before convergence.

The Verification Funnel honest denominator at every step — not "100% on 4 gates" without showing n

Contracts attempted
10 / 10
10
Red found exploit
5 / 10
5
Blue produced passing patch
3 rounds / 5 contracts
3
All 4 gates passed (gate-verified)
3 / 3 rounds
3 / 3
exploitNeutralized
3 / 3
Blue patch breaks Red exploit on fresh fork
benignPassed
3 / 3
Patch doesn't break legitimate flow
freshAttackerNeutralized
3 / 3
A model-naive Red can't re-exploit
storageLayoutPreserved
3 / 3
Patch doesn't shift state slots

The honest read: when the full check chain ran (3 rounds: Dexible r1 + Floor Protocol r1 + Floor Protocol r2), all four gates passed unanimously — 12/12 individual checks. The gates are real; the question is how often you reach them. 5 of 10 contracts had Red find anything; 2 of those had Blue produce a passing patch. That's the funnel that matters.

The 67.7% → 13% Gap (Honest Origin Story)

The 32-contract benchmark over-represented verified-source contracts with single-contract attack vectors. The 95-contract random sample included unverified contracts, multi-protocol flash-loan exploits, and non-standard token patterns the sandbox doesn't yet handle. The gap is sandbox work, not model work.

That gap is the published origin story for Solhunt-Duel's four server-side verification gates — agents will lie about success if you let them, so all claims must be backed by verifiable execution.

67.7%Curated 32-contract
13.7%Random 95-contract
~52ppGeneralization gap

Cost & Compute notional vs real — Max subscription means $0 marginal

Notional Compute Cost
$48.50
What a per-token API call would have cost across all 10 contracts + rounds.
Real Cost (Operator)
$0
Run on Claude Max subscription via --via-claude-cli. No marginal token cost.
Total Wall Time
3.2 hrs
Across all rounds. Abracadabra timed out at 60min wall (excluded from this sum).