The role of AI in smart contract security is expanding. For us all uninitiated, a simple answer to what are smart contracts is: smart contracts (SCs) are self-executing agreements created on a blockchain. Wait, what? Well these agreements are coded in the language which the particular blockchain understands.
Let me explain by an example. Ethereum is coded in smart-contract oriented programming language Solidity. Likewise different blockchains use different programming languages to code smart contracts in their blockchain.
Artificial Intelligence (AI) can be used for the detection of any anomalies or unusual activity which indicates a security breach. AI algorithms can be used to examine large stacks of code and find flaws in them to increase the safety of SCs. While doing so, the AI technology identifies patterns and abnormalities in the code. These algorithms can be eventually trained to identify such weaknesses in the smart contracts, which can then be fixed in subsequent iterations/updates of the particular contract.
A smart contract, once coded, is verified and audited in a very conventional manner you know which may be via code review and formal verification. These methods are extremely time consuming and costly. It’s not just that though. After all this, a code/smart contract can have the possibility to be left with vulnerabilities and undetected bugs.
This list of concerns doesn’t end there. Another major problem being faced by smart contracts is the attacks they face such as Denial of Service (DoS), reentrancy attacks, 51% assaults, etc. So do you now understand why the use of Artificial Intelligence (AI) and Machine Learning (ML) models to perform smart contract audits have been on the rise lately?
In this article our aim is to address the impact of AI in finding smart contract vulnerabilities/bugs and its ability to maintain smart contract security.
What is the need for Smart Contract Security at all?
Smart contract security is not a one-time thing you know. Smart contracts are always open to vulnerabilities the very moment they are coded and yes once the smart contract has been coded, it constantly needs to be reviewed and verified on a continuous basis even after it has been implemented.
These contracts contain sensitive data such as identities and sensitive data of millions of dollars worth financial asset transactions. Even the minutest of the minor vulnerabilities can be exploited by malicious actors.
This can ultimately lead to not only heavy financial losses but also compromise of data privacy of users like you and me. That is why it is stated that the need for an advanced method to perform smart contract audits is now more than ever!
Care to consider some other tough reasons?
Financial Losses
As we previously talked about, hackers can steal funds and assets stored within smart contracts. The victims of these substantial financial losses done by hackers usually are hardworking individuals, businesses and even sometimes entire projects.
Let me share a few examples like the DAO hack in 2016, where over $50 million was stolen and the Binance Smart Chain exploits in 2021 which had ultimately turned in the theft of hundreds of millions of dollars.
Data Breaches
Well again as discussed above smart contracts can store very sensitive user information such as personal details or financial data. And so, smart contract security weaknesses can allow unauthorized access to this data which can potentially cause major privacy breaches as well as reputational damage.
Feasibility
There is a strong reason why conventional methods are no longer feasible to many companies? It’s due to the high cost of human capital required for line-by-line code review and formal verification. In that context, the corresponding AI-based methods work on automation and are very easily feasible.
Prone to Human Errors
Isn’t this obvious? The susceptibility to human errors will always remain high while performing formal verification when compared to the use of AI-based models. The code can be flawed if there are mistakes in translation to formal language or the logic system is inadequate.
Time-Consuming
When it comes to smart contract auditing, the traditional methods of auditing are quite tedious and long drawn out due to the manual nature of the work you know. A code review for example includes a line-by-line code review which can be tedious and slow.
Now in this era of less attention span, we notice the world turning away from the conventional methods to artificial intelligence tools to perform these so-called smart contract audits.
Want an example? With the mixed use of static & dynamic analysis tools such as MythX and Harvey it becomes atleast tolerable, if not super easy for an auditor to perform a check on the smart contract’s code for vulnerabilities and flaws.
Let’s get a better understanding of how these AI tools help in detecting vulnerabilities in smart contracts, shall we?
How AI Helps in Vulnerability Detection and Securing a Smart Contract?
Now that we have established the importance of smart contract security let’s hope on to understanding the role of AI in turning around this situation.
No smart contracts are not smart enough to detect their vulnerabilities. Guess what enters the picture? That’s right-artificial intelligence! AI brings a new level of sophistication to solving the issues related to smart contract security.
It’s only good sense that a smart contract needs to be verified and reviewed continuously. This is part of the whole life cycle of creating and implementing a smart contract on a blockchain network and getting it to run.
Traditionally speaking, programming meant that humans manually type the code which also naturally meant defining all the rules and logic for the computer to follow. What’s the difference with AI & ML then?
Well with machine learning the computer system analyses an extremely large set of data and learns the rules as well as logic all by itself. What does it mean? It means the computer can rapidly adapt to new codes/information and understand the logic.
As we have already seen AI reduces the tasks for humans to define and change the logic, this keeps the AI softwares already ahead of the curve. Now to eliminate vulnerabilities and make the smart contract security high AI does–
Constant Pattern Recognition
Open-source AI tools such as say “Slither” absolutely excel in identifying patterns from large data. This process basically enables developers to analyse vast amounts or a huge stack of data and identify the patterns in them, logic and vulnerabilities.
Thanks to this process, AI automatically identifies recurring patterns in codes associated with these vulnerabilities in future and flag potential issues in new smart contracts for further review.
Identifying Vulnerabilities
Once the AI algorithms are trained on the patterns of a code and the language associated with the smart contract, developers should use them as a torch in the jungle of code to identify any flaws in the code.
Automated Analysis of Code
The best part about using AI is that these tools can automate the analysis of smart contract code. Searching for common vulnerabilities like reentrancy bugs, integer overflows, and logic errors becomes an automated process.
Tools such as Manticore and Mythril use the formal verification method to mathematically prove the correctness of a code. Additionally, these tools perform automated analysis with a high degree of accuracy. This the need for manual audits by human experts gives us directly more complex aspects of security assessments.
Continuous Monitoring
This infinite loop of continuous monitoring of deployed smart contracts is where AI comes in handy. The wow factor about this involves analyzing transaction patterns and identifying anomalies (or you know deviations) that might actually indicate potential exploits or suspicious activities.
Giving you an example for this will be platforms such as Security Boulevard that offer services of continuously monitoring smart contracts that have been already deployed. So you know this basically offers a proactive approach that allows for early detection and mitigation of threats before they can cause any significant damage.
Natural Language Processing (NLP) -Tools
Well there’s got to be a way wherein computers can understand and interact with human. And this is it. It is obvious that softwares equipped with algorithms like the ‘Natural Language Processing’ are some of the best tools. Programmers leverage NLP techniques to understand the intent and natural language of the smart contract. Once they analyse the natural language used in the code, NLP tools help in starring the flaws that might otherwise go unnoticed.
AI Methods/Techniques Adopted to Find Vulnerabilities in Smart Contracts
You know when we talk about the attack on Ronin Network or let’s say the one on CreamFinance during August 2022, well these particular attacks took place in different smart-contract use-cases that actually exploit different vulnerabilities in the code.
To fight these smart contract security threats/vulnerabilities and not let the attackers damage the reputation of a blockchain network, researchers are using various AI techniques. The extensive paper on “Strengthening the Security of Smart Contracts through the Power of Artificial Intelligence” provide some of these following AI techniques to identify those vulnerabilities in smart contracts:
Graph Neural Networks (GNNs)
If you look want to imagine a smart contracts then let me tell you that they are like networks. The different parts of the code such as functions and variables are interconnected. So GNNs are the best tool to analyse these interconnected network you know.
The information related to vulnerabilities and code behavior is passed along and it allows the network to learn from the entire code structure. With that, GNNs really helps identify those suspicious looking patterns or code sections that might be vulnerable to attacks like for example reentrancy or integer overflows.
Transformer Structure/BERT
We discussed NLP tools earlier, didn’t we? Well these transformer structures/BERT are advanced Natural Language Processing (NLP) techniques. These are you know particularly useful for processing code which can be seen as a type of language with its own syntax and structure.
This technique works by breaking down the code into smaller units like keywords, variables and operators almost very similar to how words are separated in a sentence, right. Going forward, well they assign numerical representations to each token and then capture their meaning along with position within the code.
Believe it or not this technique can even use attention mechanisms for the purpose of identifying the relation of different codes to each other. You know very similar to how grammar relates words in order to present us meaning in natural language.
And this is how by literally analyzing these interconnected relationships and encoded information, they can identify potential vulnerabilities based on known attack patterns or suspicious code structures.
Deep Learning (DL)-based approach
Let’s nerd about this final technique, yeah? DL is a subset of ML and uses AI neural networks to almost mime the way human brain works. What’s more? Well the trained DL models can label new code sections into potential vulnerabilities with high accuracy.
I think it is well understood that the next attack cannot be predicted right and also the attack method cannot be predicted too. But you know the best thing about the DL-based approach is that as new attack methods emerge, DL models can be continuously updated on new data. This is how deep learning approach of identifying smart contract vulnerabilities adapt.
What does the World Believe about the Future of AI in Smart Contract Security?
For years and years, smart contracts have promised a revolution in secure and automated transactions. And yet these being victim to attacks definitely casts a shadow over their ultimate potential. Many have already turned to Artificial Intelligence as a potential saviour but does the world truly believe in its abilities?
Let’s take it from them, shall we?
One application of AI that I am excited about is AI-assisted formal verification of code and bug finding. Right now ethereum’s biggest technical risk probably is bugs in code, and anything that could significantly change the game on that would be amazing.
Vitalik Buterin, Ethereum co-founder (tweeted)
AI can be trained to recognize and adapt to new information and context, making it more effective at identifying vulnerabilities that may not be covered by static analysis rules… AI tools can be updated with new datasets and patterns, and this adaptability is crucial in the rapidly evolving landscape of smart contract security, where zero-day vulnerabilities can emerge, and existing ones can be exploited in novel ways.
TokenFi developer (anonymous told Coindesk in an interview)
We can speed up the process by teaching AI systems what to look for based on previous experiences, allowing us to detect potential concerns before they escalate… This combination of artificial intelligence and human inspection not only strengthens our code but also offers us hope for even more exciting advances in the Ethereum ecosystem this year.
RJ Ke, developer at Ethereum layer-2 Taiko ( stated in a telegram chat)
Conclusion: Role of AI in Smart Contract Security
In this article we have had a journey/ during this journey we understood that security is a crucial aspect for any DeFi project to function properly right? But for the uninitiated, know that the decentralized ecosystem still lacks sufficient regulation. This drawback is the roots of making it vulnerable to malicious attacks on smart contracts. While some consider this a serious flaw, others see it as a benefit.
Bring it all home we have also established in this article that Artificial Intelligence (AI) can play a vital role in securing smart contracts and to a great extent improve their security. Having said that I won’t deny that human expertise remains essential for designing, implementing and interpreting the results of AI-powered audits.
