Cointime

Cointime

Download App
iOS & Android

MetaTrust's AI Scan Engine: Harnessing the Power of GPT and Static Analysis

Validated Project

We are excited to announce that MetaTrust Labs has developed an innovative GPT-based auditing engine, specifically designed to analyze logic smart contract vulnerabilities that were previously deemed un-auditable by machines, as per the ICSE'23 Web3Bugs paper.

In contrast to other companies that solely rely on GPT for scanning, resulting in a high number of false positives, we believe that the true potential of GPT can be fully harnessed when combined with a powerful static analysis tool like MetaScan. Specifically, while ChatGPT excels at reading code and recognizing its properties, it struggles to effectively analyze the control and data dependencies of key variables, often misidentifying patched code as vulnerable. On the other hand, static analysis may not be adept at intelligently recognizing code scenarios or properties, but it provides accurate dependency analysis and formal verification. To leverage the strengths of both GPT and static analysis, we have designed a novel architecture for a GPT-based scanning engine (details to be introduced in a forthcoming academic paper). This engine has been seamlessly integrated into MetaTrust's MetaScan service.

We have tested this AI scan engine on various Web3Bugs. One example is https://github.com/metatrust-demo/LogicBug-Prepo, which was audited on Code4rena. As depicted in the following screenshot, our engine was successful in detecting a high-risk logic vulnerability that allowed the first depositor to disrupt the minting of shares.

Another example is from a past attack incident that led to a BSC token named ATK suffering a $127k loss on October 12, 2022. By scanning this vulnerable contract with MetaScan, our AI engine was able to effectively pinpoint the following vulnerable function:

The application of AI in blockchain security is exciting. We believe that combining GPT and static analysis with AI technologies can detect potential vulnerabilities that human auditors find difficult to identify. Although AI will not completely replace manual audits, it can greatly enhance audit efficiency and coverage. We are working to build a reliable AI system to protect blockchain users and help build a safer cryptocurrency ecosystem. While there is still a long way to go, the future is promising. We firmly believe that the blockchain industry will continue to benefit from the development of AI.

AI has huge potential in the field of blockchain security. By combining GPT and static analysis with AI technologies, we can detect potential vulnerabilities that human auditors find difficult to identify. We are constantly improving our AI scanning engine to provide the best results, working to build a reliable AI system to protect on-chain assets and project security. The AI scanning engine of MetaScan is an important step towards achieving this goal. Try MetaScan for FREE now.

Follow Us

Website: metatrust.io

Twitter: @MetaTrustLabs

AI Blockchain Web3
Comments

All Comments

Recommended for you

  • Unverified Ember Sword NFT auction contract vulnerability has caused nearly $200,000 in losses

    Certik has discovered a vulnerability in the unverified Ember Sword NFT auction contract, which has earned 60 WETH (approximately $195,000) from 159 victims who approved the contract. Certik reminds users to revoke their approval of the relevant contract on Polygon.

  • zkSync ecological lending platform xBank Finance suspected of RUG

    xBank Finance, a zkSync ecosystem lending platform, was suspected of being a RUG, and the protocol's TVL was close to zero. The project's official Twitter account has been frozen.

  • Scammers use fake USDT balances to defraud cryptocurrency users

    SlowMist has partnered with Imtoken to uncover a new cryptocurrency scam that uses offline transactions and USDT. Scammers manipulate the Ethereum RPC to falsify the USDT balance in the victim's wallet. The scammer lures the victim to change their Ethereum RPC URL to a URL controlled by them, making it appear that the victim has deposited USDT funds, but in reality, the victim is left empty-handed when attempting to trade. In addition, the scam also deceives users through small transfers to gain trust, then manipulates account balances and contract information, posing serious risks to unsuspecting users and is related to a wider range of pig slaughter scam activities.

  • Cointime April 27th News Express

    1. ETH falls below $3,100

  • HKEX: Accepts BOS HashKey, Huaxia, Harvest Bitcoin and Ethereum ETFs as eligible securities for multiple counters in the central clearing system

    On April 27th, the Hong Kong Stock Exchange issued three notices, announcing the inclusion of Bo Shi HashKey Bitcoin ETF shares and Bo Shi HashKey Ethereum ETF shares, Huaxia Bitcoin ETF shares and Huaxia Ethereum ETF shares, and Jia Shi Bitcoin Spot ETF shares and Jia Shi Ethereum Spot ETF shares as Central Clearing System multi-counterparty eligible securities. It is reported that:

  • Russia’s Central Bank and Rosfinmonitoring unveil pilot of fiat-to-crypto tracking system

    According to reports, since 2023, Russia has been trying to track cryptocurrency transactions and their sources. The Russian Central Bank and the Federal Financial Monitoring Service (Rosfinmonitoring) revealed that there is currently a system that allows private banks to track the connection between fiat-based transactions and cryptocurrency business.

  • PolkaWorld: Coretime trading on Kusama has started

    On April 27th, PolkaWorld announced that Coretime trading on Kusama has begun, marking the end of the era of parallel chains. With the approval and implementation of Kusama proposal 373, the proposal will upgrade the Kusama relay chain runtime to v1.2.0 and bring Coretime functionality. Shortly thereafter, the Kusama community approved Kusmaa proposal 375 last Friday, allowing Coretime chain to begin selling Coretime. Currently, Kusama is in the Renew Period and is selling batches of Coretime.

  • Over $155 million worth of MEME will be unlocked on May 3, accounting for 31.96% of the circulating supply

    According to Token Unlocks data, 5.31 billion MEME tokens, worth over $155 million, will be unlocked on May 3, 2024, accounting for 31.96% of the circulating supply. These tokens will be unlocked and distributed to airdrops, advisors, and investors.

  • The total open interest of BTC options is $17.83 billion, and the open interest of ETH options is $8.07 billion.

    Coinglass data shows that the nominal value of unclosed BTC option positions on the entire network is 17.83 billion US dollars, which is the lowest point since February 26; the nominal value of unclosed ETH option positions is 8.07 billion US dollars, which is the lowest point since February 25.

  • Wu Jiezhuang, a member of the National Committee of the Chinese People's Political Consultative Conference, suggested that Hong Kong refer to IPO to provide innovative financing models for Web3

    Wu Jiezhuang, a member of the National Committee of the Chinese People's Political Consultative Conference and a member of the Hong Kong Legislative Council, wrote an article in the Hong Kong Wen Wei Po titled "Leading the Digital Economy by Adapting to the Web3 Trend". The article pointed out that developing Web3+ has both advantages and new challenges. The Hong Kong government has taken an important step in the direction of developing Web3 and the digital economy by formulating a short- to medium-term strategic development blueprint, ensuring that policies and resources are in place, and promoting the construction of Web3+ application scenarios. Focusing on Web3, establishing an international innovation financing platform can not only help Hong Kong leverage its traditional financial advantages, but also help it become a global digital technology center. It is suggested to refer to the mature mode of existing enterprises' IPOs in Hong Kong, provide an innovative financing model for Web3, and create a market trend and service competitive advantage to promote the development of the industry and attract upstream and downstream of the industry chain at home and abroad to gather in Hong Kong.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company