Episode Details

This story was originally published on HackerNoon at: https://hackernoon.com/can-claude-audit-smart-contracts-zero-shot-vulnerability-detection-across-five-swc-classes.
Claude Sonnet 4.6 caught all five known smart contract vulnerabilities in a zero-shot benchmark test — but marked every single one as Critical.
Check more stories related to web3 at: https://hackernoon.com/c/web3. You can also check exclusive content about #smart-contract-security, #claude-sonnet-4.6, #solidity-vulnerabilities, #smartbugs-benchmark, #smart-contract-auditing, #ethereum-security, #reentrancy-attacks, #hackernoon-top-story, and more.

This story was written by: @dilraboorziqulova. Learn more about this writer by checking @dilraboorziqulova's about page, and for more stories, please visit hackernoon.com.

This article evaluates Claude Sonnet 4.6 on five vulnerable Solidity contracts from the SmartBugs Curated benchmark using a zero-shot auditing setup. Claude successfully identified all five primary vulnerability classes — including reentrancy, integer underflow, tx.origin misuse, timestamp manipulation, and unchecked send — while also surfacing additional valid findings across the contracts. The analysis focuses not only on detection accuracy, but on Claude’s tendency to consistently overestimate severity, raising questions about how LLMs should be positioned alongside tools like Slither and Mythril within real-world smart contract auditing workflows.