MetaTrust's AI Eye: On-Chain Security Scanning Unlocks the God Perspective
MetaTrust Labs has developed an innovative GPT-based auditing engine specifically designed to analyze vulnerabilities in logical smart contracts.Author: MetaTrust Labs
MetaTrust Labs has developed an innovative GPT-based auditing engine specifically designed to analyze vulnerabilities in logical smart contracts, which were previously considered impossible for machine auditing, as described in the ICSE'23 Web3Bugs paper.
Unlike other companies that rely solely on GPT for scanning, which often leads to a high false positive rate, we believe that the true potential of GPT can be fully realized when combined with powerful static analysis tools like MetaScan. Specifically, while ChatGPT excels at reading code and identifying its properties, it struggles with effectively analyzing control and data dependencies of critical variables, often misidentifying fixed code errors as vulnerabilities. On the other hand, static analysis may not be adept at intelligently recognizing code contexts or properties, but it provides accurate dependency analysis and formal verification. To leverage the strengths of both GPT and static analysis, we have designed a novel GPT-based scanning engine architecture that has been seamlessly integrated into MetaTrust's MetaScan service, which you can try for free at MetaScan.
We have tested this AI scanning engine on various Web3Bugs. One example is https://github.com/metatrust-demo/LogicBug-Prepo, which was audited on Code4rena. As shown in the screenshot below, our engine successfully detected a high-risk logical vulnerability that allows the first depositor to disrupt the minting process of shares.
Another example comes from a past attack incident that resulted in a loss of $127,000 for a BSC token named ATK on October 12, 2022. By using MetaScan to scan this vulnerable contract, our AI engine was able to effectively identify the following vulnerable functions:
The application of artificial intelligence in blockchain security holds great potential, and combining AI technologies like GPT and static analysis can detect potential vulnerabilities that human auditors may struggle to find. We are continuously improving our AI scanning engine to provide optimal results, striving to establish a reliable AI system to protect on-chain assets and project security. The AI scanning engine of MetaScan is an important step toward achieving this goal.
MetaScan is now open for free trial; it's time to activate your AI god's eye.
