We tested AuditAgents against a simplified reproduction of the ownership-initialization vulnerability pattern responsible for the Parity Wallet incident.
The Parity Wallet incident exposed a critical initialization vulnerability that allowed unauthorized ownership takeover. The core issue was that initialization logic could be executed by unintended parties, resulting in complete administrative control over the contract.
For this benchmark, we created a minimal vulnerable contract reproducing the same vulnerability class and submitted it to AuditAgents without any additional hints or manual guidance.
The following function reproduces the initialization vulnerability class from the Parity Wallet incident:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
contract SimpleWallet {
address public owner;
bool private initialized;
// ⚠ No access control — any caller can become owner
function initWallet(address _owner) public {
owner = _owner;
initialized = true;
}
modifier onlyOwner() {
require(msg.sender == owner, "Not owner");
_;
}
function withdraw(uint256 amount) external onlyOwner {
payable(owner).transfer(amount);
}
receive() external payable {}
}initWallet() and become the owner of the contract, gaining full withdrawal privileges over all funds.
The following issues were identified by AuditAgents without any hints or pre-knowledge of the vulnerability:
| Expected Detection | AuditAgents Result |
|---|---|
| Unprotected Initialization | ✓ PASS |
| Ownership Takeover Risk | ✓ PASS |
| Complete Fund Loss Scenario | ✓ PASS |
| Exploit Path Explanation | ✓ PASS |
| Severity Classification | ✓ PASS |
AuditAgents successfully identified the vulnerability class responsible for the Parity Wallet ownership takeover pattern, correctly classified it as Critical severity, explained the exploit path, and described the potential financial impact — all without any hints or prior guidance.