Cointime

Download App
iOS & Android

MetaTrust's AI Scan Engine: Harnessing the Power of GPT and Static Analysis

Validated Project

We are excited to announce that MetaTrust Labs has developed an innovative GPT-based auditing engine, specifically designed to analyze logic smart contract vulnerabilities that were previously deemed un-auditable by machines, as per the ICSE'23 Web3Bugs paper.

In contrast to other companies that solely rely on GPT for scanning, resulting in a high number of false positives, we believe that the true potential of GPT can be fully harnessed when combined with a powerful static analysis tool like MetaScan. Specifically, while ChatGPT excels at reading code and recognizing its properties, it struggles to effectively analyze the control and data dependencies of key variables, often misidentifying patched code as vulnerable. On the other hand, static analysis may not be adept at intelligently recognizing code scenarios or properties, but it provides accurate dependency analysis and formal verification. To leverage the strengths of both GPT and static analysis, we have designed a novel architecture for a GPT-based scanning engine (details to be introduced in a forthcoming academic paper). This engine has been seamlessly integrated into MetaTrust's MetaScan service.

We have tested this AI scan engine on various Web3Bugs. One example is https://github.com/metatrust-demo/LogicBug-Prepo, which was audited on Code4rena. As depicted in the following screenshot, our engine was successful in detecting a high-risk logic vulnerability that allowed the first depositor to disrupt the minting of shares.

Another example is from a past attack incident that led to a BSC token named ATK suffering a $127k loss on October 12, 2022. By scanning this vulnerable contract with MetaScan, our AI engine was able to effectively pinpoint the following vulnerable function:

The application of AI in blockchain security is exciting. We believe that combining GPT and static analysis with AI technologies can detect potential vulnerabilities that human auditors find difficult to identify. Although AI will not completely replace manual audits, it can greatly enhance audit efficiency and coverage. We are working to build a reliable AI system to protect blockchain users and help build a safer cryptocurrency ecosystem. While there is still a long way to go, the future is promising. We firmly believe that the blockchain industry will continue to benefit from the development of AI.

AI has huge potential in the field of blockchain security. By combining GPT and static analysis with AI technologies, we can detect potential vulnerabilities that human auditors find difficult to identify. We are constantly improving our AI scanning engine to provide the best results, working to build a reliable AI system to protect on-chain assets and project security. The AI scanning engine of MetaScan is an important step towards achieving this goal. Try MetaScan for FREE now.

Follow Us

Website: metatrust.io

Twitter: @MetaTrustLabs

Comments

All Comments

Recommended for you

  • AI data collection startup Sapien raises $10.5 million in seed funding

    AI data collection startup Sapien has completed a $10.5 million seed round of funding, led by Variant, with participation from Primitive Ventures, Animoca, Yield Game Guild, and HF0. Sapien's team is led by former co-founder of Coinbase Layer2 network Base, Rowan Stone, and founder of Polymath and author of RWA standard ERC1400, Trevor Koverko. Sapien rewards data providers using USDC stablecoins or a reward points system.

  • Privacy-Focused Blockchain Project Nillion Raises $25M in Funding Round Led by Hack VC

    Privacy-focused blockchain project Nillion has secured $25 million in a funding round led by Hack VC, with participation from Arbitrum, Worldcoin, and Sei. Nillion aims to attract projects at the intersection of blockchain and AI, where secure sharing and storage of large amounts of data are crucial. The company's service is built around the concept of "blind computing," which enables the processing of data without revealing its contents. Nillion's partners include blockchain networks NEAR, Aptos, Arbitrum, and Ritual, among others.

  • BTC falls below $72,000

    the market shows BTC has fallen below $72,000, currently trading at $71,959.7 with a 24-hour increase of 0.69%. The market is volatile, please be prepared for risk control.

  • Spot gold reaches $2,780 for the first time

    spot gold rose and touched $2,780 per ounce, reaching a new historical high, with a cumulative increase of nearly $150 in October. 

  • GRASS briefly broke through $1.1

     GRASS has broken through 1.1 US dollars in a short period of time and is currently trading at 1.0512 US dollars, with a 24-hour increase of over 60%. The market is volatile, so please be prepared for risk control.

  • Bitcoin re-staking protocol PumpBTC completes 10 million seed round financing

    PumpBTC, a Bitcoin liquidity collateral platform, announced the completion of a $10 million seed round of financing, led by SevenX Ventures and Mirana Ventures, with participation from UTXO, Mantle Ecosystem Fund, and other institutions, and attracted many industry partners such as Quantstamp and Veda.

  • BTC breaks through $71,000

    the market shows BTC has broken through $71,000, currently trading at $71,002.01 with a 24-hour increase of 3.62%. The market is highly volatile, please exercise caution in risk control.

  • SlowMist: The theft of 1.67 million EIGEN tokens originated from an external malicious attack

    SlowMist announced in a post that it was commissioned to investigate independently the recent theft of 1.67 million EIGEN tokens. After a thorough investigation, SlowMist concluded that the incident was caused by an external malicious attack: an investor of Eigen Labs became a victim of a phishing attack, which led to the intrusion of an employee's email account. This allowed the attacker to access the email thread between the investor, Eigen Labs, and the custodian, where they discussed transferring EIGEN tokens to the custodian, who would hold the tokens on behalf of the investor.

  • BTC breaks through $71,500

    the market shows that BTC has broken through $71,500 and is now reported at $71,526.32, with a 24-hour increase of 5.61%. The market is volatile, please be prepared for risk control.

  • Web3 data and AI company Validation Cloud completes $10 million in new round of financing

     Web3 data and AI company Validation Cloud announced a $10 million financing round from True Global Ventures. The company plans to use the funds to expand its AI products and achieve seamless access to Web3 data.