Given the critical nature of Ethereum, exploiting 1-day vulnerabilities that are patched but not yet widely deployed is essential. Meanwhile, Automatic Patch-based Exploit Generation (APEG) is a promising technique for this, as it helps developers understand root causes, verify fixes in downstream forks, and detect incomplete patches. However, existing exploit generation tools can not work well for vulnerabilities on Ethereum due to three key unique challenges: (1) navigating complex and cross-language exploit paths hidden within patches, (2) synthesizing complicated and stateful environment configurations, and (3) handling non-deterministic inconsistencies between blockchain nodes that lead to false alarms.

To address these challenges, we introduce \textit{ChainDelta}, a novel fuzzing agent framework driven by Large Language Models to automatically generate exploits based on Ethereum security patches. \textit{ChainDelta} consists of three core modules: a directed fuzzer utilizes call graph analysis to guide testing towards vulnerable code based on the patch information; an agent-based environment fuzzer acts as an expert to automatically set up the necessary blockchain states to trigger vulnerabilities; and finally, a state-aware sanitizer performs differential analysis while monitoring the blockchain transient state to distinguish true inconsistencies from benign non-determinism.

We evaluate \textit{ChainDelta} on a diverse benchmark with real-world vulnerability patches, covering a wide range of types such as data racing and denial-of-service. \textit{ChainDelta} successfully generated exploits with a 70% success rate and only a 12.5% false positive rate. An ablation study confirms the contribution of each module to the overall performance. To demonstrate its practical impacts, we conducted a real-world auditing campaign on top of \textit{ChainDelta}, leading to the discovery of four previously undisclosed vulnerabilities with bug bounties.