Writing a Proof of Concept (PoC) is essential for smart contract security researchers to prove vulnerabilities are real and exploitable. A strong PoC must be minimal, reproducible, deterministic, and include explicit assertions of impact. The guide covers a 10-step workflow: understanding the vulnerability, identifying root cause, defining the attack path, setting up initial state, choosing a testing framework (Foundry recommended), writing a minimal reproduction, triggering the bug, asserting the bad outcome, comparing expected vs actual behavior, and cleaning up. A complete reentrancy PoC example using Foundry is provided, along with report structure, common mistakes to avoid, and a pre-submission checklist.
Table of contents
What is a PoC in Smart Contract Security?Why PoCs Matter for Security ResearchersIn Bug Bounty SubmissionsIn Audit ReportsIn Competitive Audit ContestsIn Internal Security ReviewsIn Client CommunicationWhen Do You Need a PoC?Absolutely NecessaryHighly RecommendedOptional (but still useful)ExamplesCore Qualities of a Strong PoC1. Minimal2. Reproducible3. Deterministic4. Realistic5. Easy to Run6. Measurable7. FocusedStep by Step: How to Write a PoCStep 1: Understand the Vulnerability DeeplyStep 2: Identify the Root CauseStep 3: Define the Attack PathStep 4: Set Up the Initial StateStep 5: Choose the Right Testing FrameworkStep 6: Write the Smallest Possible ReproductionStep 7: Trigger the BugStep 8: Assert the Bad OutcomeGet Abraham ’s stories in your inboxStep 9: Compare Expected vs Actual BehaviorStep 10: Clean Up the PoCChoosing the Right PoC FormatFoundry Tests (Recommended)Hardhat TestsSolidity Attacker ContractsFork TestsLocal Mock SetupsAnatomy of a Smart Contract PoCExample PoC Outline (Reentrancy)Vulnerability SummaryAttack FlowSample Foundry PoCWhat This PoC DemonstratesHow to Write the Written Report Around the PoCTitleSummaryAffected ComponentsRoot CausePreconditionsSteps to ReproducePoC CodeImpactExpected vs ActualRemediationCommon Mistakes Researchers MakeTips to Make Your PoC Stand OutFinal ThoughtsPoC Submission ChecklistSort: