Cointime

Download App
iOS & Android

MetaTrust's AI Scan Engine: Harnessing the Power of GPT and Static Analysis

Validated Project

We are excited to announce that MetaTrust Labs has developed an innovative GPT-based auditing engine, specifically designed to analyze logic smart contract vulnerabilities that were previously deemed un-auditable by machines, as per the ICSE'23 Web3Bugs paper.

In contrast to other companies that solely rely on GPT for scanning, resulting in a high number of false positives, we believe that the true potential of GPT can be fully harnessed when combined with a powerful static analysis tool like MetaScan. Specifically, while ChatGPT excels at reading code and recognizing its properties, it struggles to effectively analyze the control and data dependencies of key variables, often misidentifying patched code as vulnerable. On the other hand, static analysis may not be adept at intelligently recognizing code scenarios or properties, but it provides accurate dependency analysis and formal verification. To leverage the strengths of both GPT and static analysis, we have designed a novel architecture for a GPT-based scanning engine (details to be introduced in a forthcoming academic paper). This engine has been seamlessly integrated into MetaTrust's MetaScan service.

We have tested this AI scan engine on various Web3Bugs. One example is https://github.com/metatrust-demo/LogicBug-Prepo, which was audited on Code4rena. As depicted in the following screenshot, our engine was successful in detecting a high-risk logic vulnerability that allowed the first depositor to disrupt the minting of shares.

Another example is from a past attack incident that led to a BSC token named ATK suffering a $127k loss on October 12, 2022. By scanning this vulnerable contract with MetaScan, our AI engine was able to effectively pinpoint the following vulnerable function:

The application of AI in blockchain security is exciting. We believe that combining GPT and static analysis with AI technologies can detect potential vulnerabilities that human auditors find difficult to identify. Although AI will not completely replace manual audits, it can greatly enhance audit efficiency and coverage. We are working to build a reliable AI system to protect blockchain users and help build a safer cryptocurrency ecosystem. While there is still a long way to go, the future is promising. We firmly believe that the blockchain industry will continue to benefit from the development of AI.

AI has huge potential in the field of blockchain security. By combining GPT and static analysis with AI technologies, we can detect potential vulnerabilities that human auditors find difficult to identify. We are constantly improving our AI scanning engine to provide the best results, working to build a reliable AI system to protect on-chain assets and project security. The AI scanning engine of MetaScan is an important step towards achieving this goal. Try MetaScan for FREE now.

Follow Us

Website: metatrust.io

Twitter: @MetaTrustLabs

Comments

All Comments

Recommended for you