AI in Crypto & Smart Contract Security
22 may 2024
4 minutes
This article was written by Shantanu Sontakke, a security researcher at Zokyo.
Recently there has been a spurt of AI and DePin (Decentralized Physical Infrastructure) projects being built on blockchains. DePin provides compute for AI models to be trained and run over a decentralized network of computing machines. AI is traditionally run on centralized servers, but DePin promises a way of using AI that is more decentralized and transparent in its approach by running it over a decentralized network of servers.
With the recent launch of the GPT-4o version, the AI and crypto space has experienced a breakthrough again. After its launch, Vitalik said that he thinks GPT-4 has passed the Turing test.
Our team at Zokyo ran our own tests on the following code to check if the latest version of ChatGPT i.e. ChatGPT-4o is able to detect the issues in smart contract correctly or not.
Code:
contract Owned {
address public owner;
function owned() public {
owner = msg.sender;
} modifier onlyOwner {
require(msg.sender == owner);
_;
} function transferOwnership(address newOwner) onlyOwner public {
owner = newOwner;
}
}
Owned is a basic contract with a vulnerable-owned function that allows any user to take control of the ownership of the contract. But ChatGPT-4o was only able to detect 2 CVEs while other CVEs were flagged incorrectly as being present in the contract. This shows us that we need more robust custom-built and trained AI models for carrying out vulnerability detection in real-world codebases.
In one of his blogs, Vitalik also explored the potential applications of Crypto + AI ranging from using AI in crypto prediction markets to using AI along with wallets to simulate and detect scammy transactions.
But the biggest one of them in terms of importance and impact is using AI in Smart Contract Security. One of the ways, in which one can use AI’s potential is in formal verification of smart contracts.
Apparently, formal verification using AI was recently demonstrated by Researchers from MetaTrust Labs and NTU Singapore. As they were able to make a viable LLM-driven AI based formal verification system to the point that they were able to claim $8,256 in bounty rewards on Code4rena.
They named their model PropertyGPT, which was trained on 623 human-written properties collected from 23 Certora projects. They used these 623 properties as a knowledge base to supply PropertyGPT for detecting real-world CVEs and past attack incidents and demonstrated that PropertyGPT successfully detected 9 out of 13 CVEs and 17 out of 24 attack incidents. This is a big step forward for practical AI-based Formal verification.
Here are some of the characteristics of the Certora properties that they collected:
AI can also help in real-time monitoring and threat detection for smart contracts. This is one of the most promising use cases of AI in blockchain and crypto.
One such project is Mamoru.ai which detects and blocks attacks in real time. It also allows custom rules to be written depending on the project logic, improving its effectiveness across blockchains.
Mamoru’s AI has decentralized nodes running that keep watch for malicious activities and threats in real time.
AI has promising synergies with crypto, especially in smart contract defense and bug finding. If we want to secure blockchain networks from any more Million dollar hacks and losses, AI is the fastest and most impactful way to move forward.
About Zokyo
Zokyo (“augment” in Japanese) keeps pace with your in-house development team and provides blockchain security, design, and development talent to startups and enterprise organizations as needed. As a go-to web3 security, development, and investment partner working with some of the most progressive companies since 2019, we are highly experienced in tackling some of the most challenging problems with an entrepreneurial spirit.
With immediate access to in-demand skills ranging from security auditing, cryptography, white-hat hacking, mathematical specifications of network design, UI/UX design, QA, and full-stack engineering, we help legendary companies accelerate time to market and achieve their goals on time and on budget. Our clients demand and deserve best-in-class security and engineering support. As such, we at Zokyo are committed, passionate and proud to build a more secure Web3 future.