ChatGPT-4 Uncovers Real-time Ethereum Smart Contract Vulnerabilities
Uncover the potential of AI in securing smart contracts with Conor Grogan’s breakthrough. Explore how his experiment with ChatGPT-4 exposed flaws in Ethereum smart contracts and why it’s crucial for real-world applications.
Conor Grogan, director of Coinbase, recently made a significant breakthrough in smart contracts. He revealed on social media that he had inserted a real-time Ethereum smart contract into ChatGPT-4, an AI language model trained by OpenAI. To his surprise, the AI quickly found security holes in the contract and demonstrated how to exploit them.
I dumped a live Ethereum contract into GPT-4.
In an instant, it highlighted a number of security vulnerabilities and pointed out surface areas where the contract could be exploited. It then verified a specific way I could exploit the contract pic.twitter.com/its5puakUW
— Conor (@jconorgrogan) March 14, 2023
Grogan went on to explain that hackers had previously exploited the contract in 2018. This highlights the need for more rigorous testing and validation of smart contracts, especially those with real-world implications. By using AI to analyze smart contracts, flaws and vulnerabilities can be identified and remedied before malicious actors can exploit them.
In addition to testing the Ethereum smart contract, Grogan also attempted to process Euler’s smart contract using ChatGPT-4. However, he found that the contract was too long to be processed by the AI. Despite this setback, Grogan believes that AI will play a crucial role in making smart contracts safer and easier to build.
However, upon examining the findings presented in the tweet, Salus Security, a security blockchain company discovered that some of the vulnerabilities identified by ChatGPT were false positives or incorrect. Additionally, it was later clarified that the version of ChatGPT used was 3.5, not 4.0 as initially claimed.
Firstly, we want to clarify that the ChatGPT version employed in @jconorgrogan Conor’s tweet for testing purposes was ChatGPT-3.5, not 4.0. #securityaudit #chatgpt #smartcontracts https://t.co/e8eTPe6JOZpic.twitter.com/yJNOCPW08s
— Salus Security|We’re hiring! (@salus_sec) March 15, 2023
Despite the potential risks highlighted by ChatGPT, it was noted that the AI did not provide solid assistance for auditing tasks. Instead, the results were more like vulnerability enumeration rather than actual analysis.
However, it is important to note that AI has the potential to play a significant role in improving smart contract security in the future. Conor himself acknowledged this, stating that AI will eventually make smart contracts safer and easier to build.
In conclusion, while the use of AI in smart contract auditing is an intriguing concept, it is clear that further development is needed to improve its effectiveness and accuracy.