Solagent Shows Dual-Loop Refinement Boosts Solidity Code Security and Correctness

Smart contract development underpins the decentralised web, but guaranteeing both functionality and security presents a substantial hurdle. Wei Chen, Zhiyuan Peng, and Xin Yin, from Shanghai Jiao Tong University and Zhejiang University, alongside Chao Ni, Chenhao Ying, and Bang Xie, introduce SolAgent, a specialised multi-agent framework designed to overcome these challenges. Their research details a tool-augmented system that emulates expert human workflows, employing a dual-loop refinement mechanism with Forge and Slither to rigorously test and secure generated Solidity code. Significantly, experiments on the SolEval+ Benchmark reveal SolAgent achieves a 64.39% Pass@1 rate, a considerable improvement over current LLMs, IDEs, and existing frameworks, while also reducing security vulnerabilities by up to 39.77% compared to human-authored code. This work not only advances the state of the art in automated smart contract generation but also offers a pathway to democratise access through the distillation of knowledge into smaller, open-source models.

Dual-loop refinement using Forge and Slither enhances smart contract security by identifying and mitigating vulnerabilities

Scientists have developed SolAgent, a novel multi-agent framework designed to generate secure and functionally correct smart contracts. Addressing the critical challenge of ensuring reliability in decentralised web applications, the research team tackled the limitations of Large Language Models (LLMs) which often produce buggy or vulnerable code when applied to smart contract development.
SolAgent mimics the workflow of human experts by integrating a dual-loop refinement mechanism, combining the Forge compiler for functional correctness and the Slither static analyzer to eliminate security vulnerabilities. This innovative approach moves beyond simple text-processing, incorporating domain-specific verification tools to enhance code quality and reliability.

The core of SolAgent lies in its ability to iteratively refine code through a dual-loop system. An inner loop utilises the Forge compiler to rigorously test and correct functional errors, ensuring the generated code meets specified requirements. Simultaneously, an outer loop employs the Slither static analyzer to proactively identify and remediate potential security vulnerabilities.

Furthermore, the agent possesses file system capabilities, allowing it to navigate complex project dependencies and contextualise code generation within larger systems. This comprehensive approach distinguishes SolAgent from existing LLM-based frameworks that often struggle with real-world project complexities.

Importantly, the framework reduces security vulnerabilities by up to 39.77% compared to code written by human developers. This substantial reduction in vulnerabilities highlights SolAgent’s potential to mitigate the risks associated with smart contract exploits, such as the recent Cetus Protocol incident which resulted in a loss of $260 million.

Beyond its immediate performance gains, the research team demonstrates that the high-quality interaction trajectories generated by SolAgent can be leveraged to train smaller, open-source models like Qwen3-8B. This “distillation” process democratises access to secure smart contract generation, making it available to a wider range of developers and fostering innovation within the Web3 ecosystem. The code and data used in this study have been released publicly, facilitating further research and development in this critical area of blockchain technology.

Solidity Dataset Construction and Multi-Agent Framework Implementation are crucial for smart contract vulnerability detection

Scientists developed SolAgent, a novel multi-agent framework designed to enhance the generation of secure and correct Solidity smart contracts. The research team engineered a dual-loop refinement mechanism, integrating the \textit{Forge} compiler for functional correctness and the \textit{Slither} static analyzer to proactively eliminate security vulnerabilities.

This innovative approach addresses the limitations of Large Language Models in producing reliable smart contract code. Initially, the study meticulously collected 1,125 functions from the SolEval dataset, comprising repository-level Solidity projects paired with natural language specifications. Researchers then performed class-function aggregation, extracting structured metadata including contract kind, class names, and method signatures, alongside human-labeled comments detailing intended function behaviour.

This parsing yielded a dataset of 1,908 methods and declarations across 81 files, forming the foundation for rigorous testing. Subsequently, the team constructed 1,188 executable test cases using the Foundry framework, focusing on critical functionalities such as state transitions, edge cases, access control, and event emissions.

SolAgent significantly outperforms LLMs in smart contract correctness and security evaluations

Scientists have developed SolAgent, a novel multi-agent framework designed to enhance the functional correctness and security of smart contracts. The research addresses limitations in current Large Language Models (LLMs) which often produce buggy or vulnerable code due to a single-pass generation approach.

Preliminary studies showed GPT-5.1 had a compilation failure rate of 54.0%, a test failure rate of 87.02%, and 20.0% of generated contracts contained vulnerabilities. Similarly, Claude-Sonnet-4.5 exhibited a 58.0% compilation failure rate, 82.60% test failure rate, and 14.0% vulnerable contracts. These results demonstrate the need for iterative refinement and domain-specific validation in smart contract development.

SolAgent incorporates a dual-loop refinement mechanism, utilising the Forge compiler for functional correctness and Slither for security vulnerability elimination. Tests confirm a reduction of up to 39.77% in security vulnerabilities compared to human-written baselines. The framework also features file system capabilities, enabling it to resolve complex project dependencies and understand codebase context.

Furthermore, scientists demonstrated that high-quality trajectories generated by SolAgent can be used to distill smaller, open-source models, democratising access to secure smart contract generation. The Refining Agent receives feedback, denoted as Ft, from the environment and generates refined code, Ct+1, in each round of iteration until predefined stopping criteria are met. Forge provides feedback including Pass Rate and detailed failure information, while Slither detects vulnerabilities categorised by severity, guiding the agent to fix critical flaws.

Dual-loop refinement and vulnerability reduction in automated smart contract generation are crucial for secure deployment

Scientists have developed SolAgent, a new multi-agent framework designed to automate the generation of secure smart contracts. The system addresses the challenges of using Large Language Models (LLMs) for blockchain development, where functional correctness and security are paramount. SolAgent employs a dual-loop refinement mechanism, utilising the Forge compiler for functional verification and the Slither static analyzer to identify and eliminate security vulnerabilities.

Furthermore, researchers found that the high-quality interaction data generated by SolAgent can be used to train smaller, more accessible open-source models for smart contract creation. The authors acknowledge that their work currently focuses on single-contract systems and that extending SolAgent to handle more complex, multi-contract projects remains a future research direction.

They also plan to explore integrating formal verification tools to further enhance security guarantees and investigate applying this tool-augmented agentic approach to other safety-critical domains. The release of data and code facilitates replication and further development by the wider research community.