The Potential of AI for Smart Contract Auditing and Cybersecurity in Crypto
Every day this week, we’re highlighting genuine use cases for AI in the crypto industry. Today, we’ll explore the potential of using AI for smart contract auditing and cybersecurity.
The Limitations of GPT-4
OpenAI’s ChatGPT, a language model powered by AI, has been tested for automated token security reviews by Coinbase. However, it has been found that in 25% of cases, it wrongly identified high-risk tokens as low-risk. James Edwards, the lead maintainer for cybersecurity investigator Librehash, believes that OpenAI may have intentionally limited the bot’s capabilities to avoid being held responsible for any vulnerabilities or exploits.
While AI, including ChatGPT, can be helpful in creating smart contracts, it is not yet reliable for auditing them. According to CertiK Chief Security Officer Kang Li, using ChatGPT to build smart contracts may result in logical code bugs and potential exploits. A tiny mistake in auditing can lead to significant losses for a project.
The Need for Specialized Training Data
Richard Ma from blockchain security firm Quantstamp explains that the key issue with using ChatGPT for smart contract auditing is its lack of specialized training data. As ChatGPT is trained on general data, it is better equipped for hacking servers than identifying smart contract vulnerabilities. The race is on to train AI models with years of data on smart contract exploits and hacks to enhance their ability to identify vulnerabilities.
Building AI Smart Contract Auditors
To address the limitations of existing AI models, several projects are underway to develop more reliable smart contract auditors. One such project is the open-source WizardCoder AI model, being developed by James Edwards. This model incorporates the Mando Project repository of smart contract vulnerabilities and uses Microsoft’s CodeBert pretrained programming languages model to spot problems. While still not as good as human auditors, the AI model can provide a strong first pass to speed up the auditing process.
The Niche Nature of Smart Contract Exploits
Near co-founder Illia Polushkin highlights the challenge of identifying smart contract exploits, which often involve rare and niche edge cases. While AI models focus on statistically possible outcomes, the true challenge lies in considering all the edge cases. Polushkin believes that AI will not surpass human auditors in the next couple of years, as more work is needed to address these complex scenarios.
While AI shows promise for smart contract auditing and cybersecurity in the crypto industry, it is not yet a fully reliable solution. Human auditors and code analysis are still essential for ensuring the security and integrity of smart contracts.