๐ฅ๏ธ
Best Viewed on Desktop
The technical documentation and app previews are optimized for desktop viewing.
โ Back to Home๐ฅ
GAEV
Generative AI Exploit Verification โ dual-LLM system generating and verifying exploit code using Claude + GPT-4 in parallel with Foundry testing.
68.4%
Critical+High
39/57 verified
63.6%
Overall Success
84/132 total
12.3s
Avg Generation
Per exploit
2.1
Avg Iterations
Refinement rounds
Algorithm 1 โ GAEV Exploit Generation
Dual-LLM VerificationAlgorithm
Require: Finding f with severity โ {Critical, High}
Ensure: Verified exploit or failure report
1: skeleton โ ExploitGenerator(f)
2: refined_claude โ Claude.refine(skeleton, f.context)
3: refined_gpt โ GPT4.refine(skeleton, f.context)
4: for exploit โ {refined_claude, refined_gpt} do
5: result โ Foundry.test(exploit)
6: if result.success then
7: return (exploit, VERIFIED)
8: end if
9: end for
10: return (best_attempt, UNVERIFIED)Finding
Critical/High
Skeleton
ExploitGen
Claude
Refine
GPT-4
Refine
Foundry
forge test
Result
โ / โ
Results (Table 9)
| Severity | Attempted | Verified | Rate |
|---|---|---|---|
| Critical | 21 | 15 | 71.4% |
| High | 36 | 24 | 66.7% |
| Critical+High | 57 | 39 | 68.4% |
| Medium (sample) | 75 | 45 | 60.0% |
| Total | 132 | 84 | 63.6% |
Case Study: Flash Loan Attack (ยง8.8)
DVD "Unstoppable" โ Flash Loan Drain
Individual tool results:
โข Slither: External call pattern (low confidence)
โข Mythril: Timeout on symbolic execution
โข Echidna: No invariant violation (needed manual property)
AttackChainAgent combined:
1. Slither's external call finding
2. Contract state analysis โ unprotected accounting
3. Flash loan availability from dependency graph
Result: Complete attack chain + exploit skeleton โ fund extraction VERIFIED
๐จ Practical Limitation
Generated exploits need manual adjustment in ~40% of cases. Complex multi-contract interactions may need human refinement. Cost: $0.02โ0.05 per contract.