ChatGPT, a new model launched by OpenAI on 30 November this year, has suddenly taken the Internet by storm!

The conversational interaction between users and ChatGPT currently includes general chat, information consultation, writing poems and essays, modifying code, etc., and has even led users to wonder whether ChatGPT can replace search engines such as Google.

Today, we're going to look into what the trending ChatGPT really is and whether it can detect smart contract vulnerabilities.

We'll start by letting the AI introduce itself.

Let's see if it can write a smart contract.

It looks like it knows something about smart contracts, so let's ask if it can detect vulnerabilities.

Although it says it has no ability to detect vulnerabilities in smart contracts, we gave ChatGPT a vulnerable smart contract and asked it to give it a try. We took some screenshots to show this.

Although ChatGPT was able to successfully detect most of these problems, there were some problems that were incorrectly determined.

Point 4 was misjudged. The ‘doTransfer’ function can transfer to itself resulting in minting more tokens.

Point 5 was misjudged. The ‘permitApprove’ function does not determine the nonce of the account, which allows the signature to be reused.

After our multiple rounds of tests, we found that ChatGPT does not solve all the problems. Many vulnerabilities still require manual audits by audit experts to find more comprehensive issues.

Beosin's audit process is standardised to include more than five audit steps, combining automated code security scanning with manual audits by security experts and formal verification specialists. Each step is cross-checked by multiple security experts and formal verification experts to minimise human error.

After a round of auditing, Beosin will issue a Feedback with a description of the vulnerability, how it was found, and recommendations for fixing it, which will then be submitted to the project and assist them in completing the fix. We have a large library of security vulnerabilities combining with our security experts' extensive experience in code security auditing. We can directly tell the project owner what to do to fix the code. This is much better than ChatGPT!

Finally, the formal verification experts abstracted the security issues condensed by the security audit experts into reusable security property invariants using strict mathematical logic, and gave them to the hybrid machine engine for automated detection, testing and verification. These reusable security property invariants can be effective in discovering new subtle vulnerabilities in smart contracts.

It doesn't look like we'll be replaced by ChatGPT's bots for now.

Contact

If you have need any blockchain security services, please contact us:

Website Email Official Twitter Alert Telegram LinkedIn