Recently, MetaTrust Lab unveiled its latest AI research report, introducing a groundbreaking weapon in the Web3 security industry's arsenal to combat smart contract vulnerabilities: GPTScan. As a powerful engine, GPTScan integrates generative pre-trained transformers (GPT) with static analysis, seamlessly embedded within the AI-driven security scanning tool, MetaScan. This innovation efficiently detects logical vulnerabilities in smart contracts.

The research paper titled "When GPT Meets Program Analysis: Towards Intelligent Detection of Smart Contract Logic Vulnerabilities in GPTScan" was first publicly disclosed in early August 2023 and is currently under review for a prestigious conference in the software engineering domain. The paper meticulously delves into the architecture, design, and evaluation of GPTScan, showcasing its effectiveness in identifying vulnerabilities within complex smart contracts. Evaluation conducted on a diverse dataset comprising approximately 400 contract projects and 3,000 Solidity files revealed GPTScan's high precision, especially in substantial projects like DefiHacks, where it achieved an impressive accuracy rate exceeding 90%. It effectively identified real logic flaws with a recall rate exceeding 70%.

For researchers, GPTScan ushers in a new era in AI-driven security, inspiring further exploration of comprehensive AI capabilities. With GPTScan, the software engineering field can make rapid strides in constructing more robust, reliable, and secure decentralized systems. Researchers at MetaTrust AI Labs commented during an academic visit, stating, "GPTScan is the first tool to harness GPT technology to match potential vulnerability functions based on code-level context and features."

As smart contracts and DeFi projects continue to expand, vulnerabilities in susceptible contracts have led to losses amounting to billions of dollars, emphasizing the urgent need for advanced security solutions in the industry. GPTScan offers a distinct advantage to smart contract developers and auditors by reducing financial and reputational risks through the identification of previously undiscovered vulnerabilities.

Notably, researchers have improved the accuracy of smart contract scanning by guiding GPT to identify critical variables and statements, followed by static confirmation, effectively mitigating the issue of false positives that can occur when relying solely on GPT for vulnerability identification. Furthermore, GPTScan uncovered nine new vulnerabilities not present in the Code4rena audit report, underscoring its value as a complementary tool for human auditors.

This pioneering fusion of AI and blockchain in GPTScan has garnered recognition from researchers in the AI field. "The inherent autonomy of artificial intelligence aligns closely with the decentralization and autonomy features of blockchain and smart contracts. It has the potential to shift the prevailing centralized governance in the blockchain ecosystem to a truly decentralized and autonomous paradigm," remarked AI researchers.

On the path to smart contract security, GPTScan's emergence provides an unprecedented tool for gaining insight into and safeguarding smart contracts from potential threats. Whether you are a developer, auditor, or participant in the blockchain ecosystem, GPTScan offers an effective means to address previously imperceptible logic flaws.

The birth of GPTScan represents the organic union of artificial intelligence and blockchain, bringing forth new opportunities and challenges. We eagerly anticipate witnessing more innovations in the future, further advancing the security and reliability of smart contracts.

About MetaTrust Labs

MetaTrust Labs is the world's leading provider of Web3 AI security services with largest research team in Asia which incubated by Nanyang Technological University in Singapore. Our range of services includes AI Security Scanning, Security Audits, Security Monitoring, and Open Source Smart Contract Templates. We offer fast, accurate, and cost-efficient solutions through every stage of the project development lifecycle to help builders develop secure Web3 applications with ease.