Can AI Audit Smart Contracts Better than Human Auditors?

Smart contracts hold massive potential. But with great power comes great responsibility, and ensuring the security of these smart contracts is critical. This is where auditing comes in. With its superhuman processing power, can AI outperform human auditors in this critical role of keeping smart contracts safe? We’ll discuss the answer in this article.

The Case for AI

• Speed and Scale: AI can analyze massive amounts of code swiftly, identifying patterns and potential vulnerabilities that might take humans weeks. This is crucial in the fast-paced world of blockchain development.
• Machine Learning Advantage: AI can learn from vast datasets of past exploits and successful audits, continuously improving its ability to detect novel threats.
• Reduced Bias: Human auditors are susceptible to biases, but AI can approach audits with cold objectivity.

This is an AI-based report on the audit of a protocol named Lockon, which allows for index investments in crypto. The report was generated in approximately 48 hours. The Lockon team was surprised to learn that this was an AI-based report because they found the points about vulnerabilities to be accurate.

While AI-based audits are not yet perfect, they offer significant benefits for projects looking to reduce audit costs. They are also increasingly used as a “Pre Audit” before engaging traditional audit firms, as identifying critical bugs in advance can reduce the costs paid to audit firms. Moreover, integrating AI-based audit services into the CI/CD process is beginning to be seen as a way to improve code quality.

The Case for Human Auditors

• Understanding Context: Smart contracts don't exist in a vacuum. They interact with complex systems. Unlike humans, AI might need help to grasp the nuances of these interactions and the potential security implications.
• Explainability and Judgment Calls: When an AI flags an issue, explaining the cause and reason for the issue or vulnerability is crucial. Human auditors can interpret the code, assess the risk, and make informed decisions.
• Creativity and Unforeseen Threats: Cybercriminals are constantly innovating. AI might miss new attack vectors, while human auditors can leverage their experience and creativity to consider these possibilities. Many may argue that AI can do this given its machine-learning capabilities, but again, human intelligence has the upper hand.

No doubt, AI is a game-changer for smart contract audits, but it's not a silver bullet. The future lies in collaboration. Imagine AI rapidly scanning code, highlighting potential risks, and freeing up human auditors to focus on complex scenarios and make final judgments. This powerful partnership can ensure the secure and efficient future of smart contracts.

A Quick Comparison

An example of an AI-based audit firm, Bunzz Audit has published a comparison between AI-based audits and human audits.

The Bunzz team states, "Our research and development results have led us to conclude that a database plus AI approach is more suited for detecting vulnerability patterns than humans."

The Future of AI Audits

In February 2024, Vitalik Buterin highlighted the potential of AI in aiding formal verification of code and bug finding. “One application of AI that I am excited about is AI-assisted formal verification of code and bug finding,” he stated, adding:

“Right now, Ethereum’s biggest technical risk probably is bugs in code, and anything that could significantly change the game would be amazing.”

Blockchain projects rely on code, and just like any code, it can have errors. Formal Verification is a tool that helps identify these weaknesses in the logic of blockchain projects. By using Formal Verification, web3 builders can ensure their projects are more reliable and trustworthy.

Imagine a future where Formal Verification is even more powerful. Some experts believe this advancement could be just as significant for blockchain technology as Zero-Knowledge proofs, a different technology that enhances privacy.

However, there's a hurdle. Writing clear and perfect instructions for code, called "specifications," is currently expensive and time-consuming. Here's where things get interesting: some, like Vitalik Buterin, and front-runners like Bunzz Audit. I believe AI  could be the key to making this process cheaper and easier.