Artificial Intelligence (AI) has the potential to revolutionize the auditing of smart contracts and enhance cybersecurity in the crypto industry. However, the current capabilities of AI, particularly GPT-4, fall short in these areas. Coinbase’s experiment with ChatGPT revealed that the AI system wrongly classified high-risk tokens as low-risk in 25% of cases. James Edwards from Librehash speculates that OpenAI may have intentionally limited the bot’s capabilities to avoid being held responsible for vulnerabilities or exploits. While AI, such as ChatGPT, can aid in creating and analyzing smart contracts, it often generates logical code bugs and potential security breaches.
Although ChatGPT can assist with code analysis, relying solely on it for solo smart contract auditing is risky. A tiny mistake in the code can lead to significant financial loss for a project. Richard Ma from Quantstamp highlights the main issue with ChatGPT’s ability to audit smart contracts – its training data is too general. As a result, ChatGPT is more proficient at hacking servers than identifying vulnerabilities in smart contracts. To address this limitation, researchers are working on training AI models with extensive data on smart contract exploits and hacks.
Research is underway to train AI models using datasets specifically tailored to detect smart contract vulnerabilities. Quantstamp, for example, has been compiling a vast internal database of various exploit types for over six years. This data serves as valuable training material for AI systems. James Edwards is also building an open-source WizardCoder AI model that incorporates the Mando Project repository of smart contract vulnerabilities and leverages Microsoft’s CodeBert pretrained programming languages model. These specialized datasets enable AI models to achieve an unprecedented level of accuracy in auditing contracts.
The next challenge in smart contract auditing is training AI models to recognize patterns and similarities within the code. This entails enabling the model to identify connections between different functions, variables, and contexts that humans might overlook. While these AI models are not yet as competent as a human auditor, they can still provide a strong initial pass to accelerate the auditing process and improve its comprehensiveness. The goal is to develop AI systems that can assist auditors in a manner similar to how LexisNexis aids lawyers, but even more effectively.
One of the difficulties AI faces in smart contract auditing is the highly specialized and uncommon nature of smart contract exploits. These exploits often involve niche edge cases that result in unexpected behavior in smart contracts. Traditional language models (LLMs), which predict the next word based on statistical probabilities, struggle to address these rare occurrences. However, Illia Polushkin, co-founder of Near, suggests that AI models can be trained to identify these unconventional exploits by leveraging formal search procedures and investing in code correctness. Nonetheless, Polushkin believes that AI will not surpass human auditors in the immediate future.
While AI holds great potential for smart contract auditing and cybersecurity in the crypto industry, there are significant challenges to overcome. The limitations of current AI models, such as GPT-4, highlight the need for specialized training data and improved pattern recognition abilities. Researchers and companies are actively working to address these challenges and develop AI models that can effectively assist auditors in identifying vulnerabilities and ensuring the integrity of smart contracts. The ongoing advancements in AI technology, coupled with an increasing focus on data specificity, offer hope for a future where AI plays a vital role in securing the crypto ecosystem.
Andrew Fenton is a journalist and editor based in Melbourne, Australia, specializing in cryptocurrency and blockchain. With extensive experience as a national entertainment writer for News Corp Australia and a film journalist for SA Weekend, Fenton brings a wealth of knowledge to the crypto industry. He has also contributed to The Melbourne Weekly and continues to stay at the forefront of developments in AI and blockchain technology.
Leave a Reply