Blockchain security auditing firm OpenZeppelin has conducted an independent review of the AI-based smart contract security benchmark EVMbench, launched through a collaboration between OpenAI and Paradigm, and identified two major critical issues: data contamination during training and at least four vulnerabilities labeled as “high risk” that are actually invalid forgeries.
EVMbench Data Contamination: A Critical Flaw in AI Training Cutoff Dates
EVMbench was released in mid-February 2026, aiming to evaluate different AI models’ ability to identify, fix, and exploit smart contract vulnerabilities. During testing, the AI agents’ internet access was cut off to prevent them from searching for answers online. However, OpenZeppelin’s audit revealed a structural flaw: the benchmark is based on vulnerabilities from 120 audits conducted between 2024 and mid-2025, and most top AI models’ knowledge cutoff dates are also set in mid-2025.
This means AI agents likely encountered EVMbench’s vulnerability reports during pretraining, and their memory may already contain answers to all the questions. OpenZeppelin stated, “The most important ability for AI security is to discover new vulnerabilities in code that the model has never seen before.” The limited size of the dataset further amplifies the impact of contamination on overall evaluation.
Key Issues Found in the EVMbench Audit
- Training Data Contamination: Pretraining of AI agents may have included EVMbench’s vulnerability reports, rendering “zero-knowledge discovery” tests meaningless.
- Invalid High-Risk Vulnerability Classifications: At least four vulnerabilities marked as high risk are actually unexploitable.
- Scoring System Flaws: EVMbench previously awarded points for AI discovering these fake vulnerabilities, indicating issues with the scoring basis.
- Limited Dataset Size: Further magnifies the impact of contamination on overall results.
- Current Leaderboard: Anthropic’s Claude 4.6 leads, followed by OpenAI’s OC-GPT-5.2 and Google’s Gemini 3 Pro.
Fake Vulnerability Crisis: At Least Four High-Risk Classifications Proven Invalid
Beyond data contamination, OpenZeppelin uncovered specific factual errors. They evaluated at least four vulnerabilities categorized as high risk by EVMbench and found that these vulnerabilities do not exist—more critically, the described exploit methods are fundamentally ineffective.
OpenZeppelin pointed out, “These are not subjective disagreements over severity; rather, the described exploit methods simply do not work.” If an AI agent “discovers” these fake vulnerabilities during testing, it indicates the scoring system rewards incorrect results.
OpenZeppelin emphasized that this audit does not negate AI’s potential in blockchain security: “The issue is not whether AI will change the security of smart contracts— it certainly will. The problem is whether the data and benchmarks we use to build and evaluate these tools are aligned with the standards of the contracts they aim to protect.”
Frequently Asked Questions
Q: What issues did OpenZeppelin find in their audit of EVMbench?
A: They identified two core problems: first, data contamination, as EVMbench’s test vulnerabilities come from audits conducted between 2024 and 2025, overlapping with AI models’ training cutoff dates, meaning models may have “seen” the answers during pretraining; second, at least four high-risk vulnerabilities are invalid forgeries, with exploit descriptions that are actually unexecutable.
Q: Why is data contamination so dangerous for AI security evaluation?
A: If AI models have already encountered the benchmark’s vulnerability reports during pretraining, they might answer questions based on memory rather than genuine vulnerability discovery ability. This invalidates the “zero-knowledge” test, making it impossible to accurately assess AI’s real security auditing capabilities against entirely new, unknown smart contracts.
Q: What is OpenZeppelin’s attitude toward AI’s future in blockchain security?
A: They believe AI will significantly impact smart contract security but emphasize that this influence must be based on trustworthy methodologies and accurate evaluation standards. They see the issues with EVMbench not as a rejection of AI’s potential but as an important warning to the industry standards.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Web3 wallet Zerion detected abnormal activity on the platform; the web service is temporarily offline
Gate News message, April 11, Web3 wallet Zerion posted an announcement on the X platform saying that it detected abnormal activity on the platform, and the web app service has been temporarily taken offline. Zerion urges users to temporarily not use the web app; at the moment, the iOS and Android apps, as well as the browser extension program, are running normally and are secure, and users’ funds in the wallet are not affected. Zerion says it is actively monitoring the situation, and it will notify users separately once the web application is restored.
GateNews13h ago
Phantom Wallet crashes big time! During the airdrop period, token prices went haywire and balances were reset to zero—users blasted it for “making them pay up.”
Phantom, a wallet in the Solana ecosystem, experienced a service outage during the airdrop, causing abnormal token prices and account balances to be displayed, which affected user transactions. Some users suffered losses as a result and demanded compensation. Security experts warned of the risk of phishing attacks and advised users to verify on-chain data. Although the issue has been fixed, the trust crisis still needs to be monitored. This incident highlights the challenges of self-custody wallets in terms of system stability and the user experience.
区块客14h ago
TAO Plummets 25% as Bittensor Co-Founder Accused of Using Token Sales to Coerce Compliance
Bittensor's TAO token dropped 25% due to allegations of centralized control by co-founder Jacob Steeves, resulting in $650 million market cap loss and $9.1 million liquidations. The controversy raises concerns about the project's governance.
Coinpedia15h ago
Bitcoin Depot Discloses $3.6M BTC Theft After Hack on Settlement Accounts
Bitcoin Depot reported a security breach where hackers stole 50.9 BTC, worth approximately $3.6 million, by compromising internal settlement account credentials. This incident highlights vulnerabilities in crypto companies' operational infrastructure, emphasizing the need for enhanced security measures.
CryptoNewsFlash18h ago
OpenAI Releases an Announcement on a Third-Party Library Security Incident: No Evidence of User Data Leaks or System Intrusion Found
OpenAI issued a security advisory on April 11 confirming that it identified a security issue involving the third-party library Axios, but found no evidence that user data was accessed. To ensure security, the company requires all macOS users to update to the latest version to prevent the risk of forged applications.
GateNews18h ago
Blockchain security losses from 2026 to date are nearly $800 million, with incidents related to North Korea accounting for about 42%.
Since January 1, 2026, CertiK Alert has recorded 163 blockchain security incidents, with total losses of about $796.7 million. Of these, 12 were related to North Korean hacker organizations, with losses of about $329 million, accounting for 42% of total losses. Compared with the 60% share in 2025, it has declined.
GateNews20h ago
