Documentation
What it is
ef-vulns-bench is a benchmark for evaluating LLMs and agents on detecting security vulnerabilities in Ethereum execution-layer and consensus-layer client code. It is built on the Ethereum Foundation's public disclosure archive: 118 structured findings drawn from real-world security reviews across 24 upstream client repositories — Geth, Erigon, Reth, Nethermind, Besu, Lighthouse, Prysm, Teku, Nimbus, Lodestar, Grandine, Vyper, and others.
Every finding carries verified introduced /
last-available / fix commit hashes,
file-and-line components, and a long-form summary written by EF
protocol-security reviewers. Labels are trustworthy because they
came from the people who triaged the original vulnerability.
Why a benchmark on real findings matters
Most code-vulnerability benchmarks lean on synthetic bugs or CWE-style toy examples — useful, but easy to overfit and not representative of what an auditor actually sees. ef-vulns-bench is built from real, published, verified vulnerabilities in production Ethereum clients, so it grades the kind of reasoning a real reviewer needs: understanding the report, finding the right code path, and reasoning about commit-relative state.
The dataset also addresses one analytical problem most code-bench datasets ignore: cross-finding presence at a commit. If finding F1 says "bug introduced at C1" and F2 says "bug at C2", commit C2 often still contains F1. Naive labelling would mark only F2 as the ground truth at C2; this dataset computes the full set of findings present at every evaluation commit using git ancestry analysis.
The four tasks in detail
Tasks are organized along two axes. Scope: T1 and T3 reason over the whole codebase at a commit; T2 and T4 reason over a single commit's diff. Shape: T1 and T2 are open-ended (list every applicable finding); T3 and T4 are closed (yes/no for one specific report). Only T3 currently has a public leaderboard.
T3 presence categories
T3 negative cases split into adversarial buckets, each testing a different reasoning failure. The leaderboard reports accuracy per category in addition to overall.
| Category | Correct answer | What it tests |
|---|
Metrics
- Accuracy
- Fraction of completed predictions that match the ground-truth label. Null/failed predictions are reported as a coverage gap, not a wrong answer.
- Precision (per label)
- Of predictions of this label, how many were correct.
- Recall (per label)
- Of cases with this label, how many were caught.
- F1
- Harmonic mean of precision and recall.
- Stratified accuracy
- Accuracy computed separately within each adversarial bucket — exposes failure modes that overall accuracy hides.
How models get on the board
Each model is run by the
triager-agent
harness over the T3 test set. Its prediction file is committed
under results/t3/<harness>/<model>/. This
site re-scores those files weekly against the parquet ground
truth from ef-vulns-bench, then publishes the
normalized leaderboard.
To add a model: open a PR to triager-agent with a
test_preds.jsonl in the conventional directory and a
short README.md describing the run.
Citation
Coming soon — see ef-vulns-bench
for the canonical citation.