A fundamental gap exists between detecting a vulnerability in a smart contract and proving it is exploitable. Current tools produce alerts of the form "potential reentrancy at line 47" but rarely generate executable exploit code. Without proof-of-concept exploits, auditors cannot distinguish true vulnerabilities from false positives, and false positive rates reach 40--90% depending on the tool. This paper presents GAEV (Generative AI Exploit Verification), the first end-to-end pipeline for automated exploit synthesis, validation, and repair. GAEV introduces a template-based generation approach that mechanically extracts test infrastructure from existing Foundry test files, limiting LLM generation to the exploit body only (5--30 lines). A 21-fix mechanical PostProcessor corrects common LLM artifacts without additional LLM calls. An ExploitAuditor receives failed exploits alongside forge diagnostics and generates corrected versions with detailed correction reports. Evaluated on 22 challenges from Damn Vulnerable DeFi v4 and 30 real-world Etherscan contracts with documented post-mortem exploits, GAEV achieves 81. 4% compilation rate and 67. 2% end-to-end exploitation success at 0. 06 per finding — an order of magnitude reduction from iterative refinement approaches. Beyond exploit generation, the PatchGenerator pipeline closes the full DETECT→VERIFY→PATCH loop, generating Solidity patches with RemediationGuides aligned to EU AI Act Art. 14 and MiCA Art. 45, achieving 53. 8% automatic patch rate. To the best of our knowledge, this is the first exploit-to-patch pipeline with regulatory compliance output for smart contract security.
Alejandro Jaime (Sun,) studied this question.