← Sergei Solovev · TradFi → AI → DeFi

Smart-contract security and applied ML are becoming one discipline

2026-06-28 · Sergei Solovev, HSE University
Two-track pipeline showing RAG-based vulnerability detection and learned EVM bytecode representations converging into a unified auditor-facing output with both verifiability and adaptivity

Smart-contract auditors and ML engineers have been solving adjacent problems in separate rooms for years. The auditor asks: is this bytecode exploitable? The ML engineer asks: what latent structure lives in this bytecode? The two questions share the same input but almost no shared literature.

The preprints I am releasing address this gap from two directions — retrieval-augmented generation applied to vulnerability detection, and learned representations of EVM bytecode — without treating them as separate research tracks. The underlying argument is that verifiability and adaptivity are not competing properties in on-chain economic systems; they are jointly necessary. A system that can detect novel attack patterns but cannot explain its reasoning to an auditor is commercially useless. A system that produces interpretable rules but cannot generalize beyond its training distribution fails in practice just as quickly.

What I find worth stating plainly: the convergence is not a research trend to watch. It is already the operational reality for any team building production-grade security tooling on EVM-compatible chains. The tooling that survives the next two years will be the tooling that handles both constraints simultaneously.

Full write-up and preprints: https://doi.org/preprints: RAG smart-contract security + EVM-bytecode ML

#SmartContracts #RAG #ML