OpenZeppelin, a crypto cybersecurity firm, recently conducted experiments demonstrating the potential for artificial intelligence (AI) to revolutionize the landscape of smart contract audits and enhance security.
OpenZeppelin’s First Charge at Leveraging New Technology
OpenZeppelin recently conducted a series of experiments, as reported by Cointelegraph, highlighting the capabilities of artificial intelligence (AI) in identifying vulnerabilities in smart contracts.
In an effort to determine whether AI tools could replace human auditors, blockchain security firm OpenZeppelin’s Mariko Wakabayashi and Felix Wegener pitted ChatGPT-4 against the firm’s Ethernaut security challenge. pic.twitter.com/YrKvKDcUzD
— (@motoki0180) June 2, 2023
The blockchain technology company utilized ChatGPT-4 model, a powerful AI chatbot created by OpenAI to detect security loopholes in Solidarity Smart contracts.
The code was built to enable auditors to learn how to spot exploits. When entered on GPT-4 prompts, the AI chatbot immediately identified 20 of 28 challenges cyber hackers could leverage.
OpenZeppelin claims the AI platform spotted vulnerabilities in the code below:
constructor() public payable {
owner = msg.sender;
allocations[owner] = msg. value;
This tested code is from the Ethernaut smart contract-powered hacking online game.
We entered the same open-source claim on ChatGPT-4 to verify this claim and discovered that the chatbot detected some loopholes.
The chatbot indicated there were no threatening vulnerabilities. However, suggestions were made on potential factors that could be compromised.
While this is not an in-depth analysis, AI experts believe ChatGPT and other AI-based setups will help optimize smart contract auditing.
In the future, purpose-built AI smart-contract auditing models trained with massive repositories of smart contracts could fully avert potential breaches, which bad actors regularly exploit to steal investors’ assets.
Blockchain and AI Revolution
The thriving blockchain revolution has significantly impacted various functional industries, particularly finance, and technology.
Arguably, one of the most valuable innovations brought forth by this revolution is the introduction of smart contracts. They enable the smooth process of decentralized and trustless execution of agreements.
However, despite the benefits of smart contracts, their immutability and irreversible nature pose significant challenges to security and auditing.
Although auditing experts may offer solutions to address these challenges, they often struggle to fully identify vulnerabilities and ensure the ongoing efficiency of smart contracts. They also don’t come cheap.
Smart contract audits are necessary as they help to spot, avert, or mitigate loopholes that cyber hackers may exploit.
The consequences of a vulnerable contract can be catastrophic, resulting in steep financial losses.
Due to exposed vulnerabilities, the decentralized finance (DeFi) sector, which relies on smart contracts, has lost $58 billion across revered networks like Ethereum, Avalanche, and Solana within 2020 – 2022.
The Poly network recorded a breach on August 15, 2021, which caused a drain of $600 million of customers’ funds and assets.
Important Notice:
We are sorry to announce that #PolyNetwork was attacked on @BinanceChain @ethereum and @0xPolygon Assets had been transferred to hacker's following addresses:
ETH: 0xC8a65Fadf0e0dDAf421F28FEAb69Bf6E2E589963
BSC: 0x0D6e286A7cfD25E0c01fEe9756765D8033B32C71— Poly Network (@PolyNetwork2) August 10, 2021
On March 29, 2022, the Ronin cross-chain protocol suffered a smart contract breach resulting in the loss of private keys that stored over $615 million in funds.
There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP
— Ronin (@Ronin_Network) March 29, 2022
Another notable hack exploit was the Horizon Bridge attack, where unknown cyberattackers breached the network and stole tokens worth $100 million.
1/ The Harmony team has identified a theft occurring this morning on the Horizon bridge amounting to approx. $100MM. We have begun working with national authorities and forensic specialists to identify the culprit and retrieve the stolen funds.
More
— Harmony (@harmonyprotocol) June 23, 2022
These are just a few examples from an extensive list of smart contract breaches within the blockchain ecosystem.
Traditional audits have solely relied on time-consuming basic testing methodologies and manual code reviews that often fail to detect vulnerabilities efficiently. This is coupled with the limited cyber security experts and the industry’s novelty.
However, OpenZeppelin’s recent experiments suggest that artificial intelligence (AI) techniques could provide a solution.
This innovative technology has demonstrated the potential to enhance the auditing and optimization of smart contracts by automating the identification of vulnerabilities and proactively preventing cyber attacks.
How to Use ChatGPT to Audit Smart Contracts: A Simple Guide to Programming
While web developers have found several use cases for OpenAI’s biggest language model, we now see a spate of cybersecurity and blockchain teams take on more tasks through advanced language interfaces.
Apart from OpenZeppelin’s latest smart contract auditing through ChatGPT, Coinbase exchange has utilized the AI chatbot to conduct a similar experiment to review token security.
While the AI did not deliver exceptional results in distinguishing high-risk assets from low-risk ones, Coinbase acknowledged that progress had been made.
As the adoption of AI in the blockchain industry continues to grow, with more comprehensive review processes, we can anticipate significant improvements in security and efficiency for the digital finance sphere.
Developers seeking to utilize ChatGPT for identifying vulnerabilities in smart contracts can visit the chatbot’s website, input the code into the provided text prompt, and submit it for analysis.
Below, we utilized historical vulnerability codes encountered in the past as test cases to evaluate fundamental loopholes that hackers can leverage:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.13;
contract Wallet {
address public owner;
constructor() payable {
owner = msg.sender;
}
function transfer (address payable _to, uint _amount) public {
require (tx.origin == owner, “Not owner”);
(bool sent, ) = _to.call{value: _amount}(“”);
require(sent, “Failed to send Ether”);
?
ChatGPT-4 detected potential threats in the code, as seen below.
Even better, the AI chatbot built an updated version of the code addressing the above vulnerabilities.
The AI industry is still in its early stages of growth and holds great potential to provide valuable use cases for the blockchain industry.
Instead of posing a threat to traditional auditing practices, AI innovations such as ChatGPT can assist professionals in early threat detection, thereby mitigating the risk of cyber-attacks.
Related News
- Anthropic Launches Claude 2 Available for Free in the US and UK – Is it Better Than ChatGPT?
-
100+ Artificial Intelligence Statistics You Need to Know – Who, Why, and How It’s Used
- AI May Not Devastate Search-Reliant Companies as Expected – Bing’s AI ChatBot Actually Drives More Click-Throughs to Sites Says Microsoft VP
Wall Street Memes (WSM) - Newest Meme Coin
- Community of 1 Million Followers
- Experienced NFT Project Founders
- Listed On OKX
- Staking Rewards