Vitalik Buterin Floats Idea of AI-Based Code Audits, Ethereum Project Developers Back Him Up

• Ethereum co-founder Vitalik Buterin suggested using AI to improve code audits and reduce bugs in blockchain projects.
• AI-assisted code audits can adapt and learn from new information, making them more effective than current automated tools. Human inspection can be combined with AI systems to create a strong system for detecting vulnerabilities, developers said.
• In 2023, crypto users lost an estimated $2 billion to hacks and scams, with Ethereum experiencing the highest losses due to its extensive ecosystem and high-profile projects.

Code audits may present a possible application for artificial intelligence (AI) projects looking to use the new technology, Ethereum co-founder Vitalik Buterin said in a tweet earlier this week amid a surge in AI-related tokens.

“One application of AI that I am excited about is AI-assisted formal verification of code and bug finding,” Buterin said. “Right now ethereum’s biggest technical risk probably is bugs in code, and anything that could significantly change the game on that would be amazing.”

The AI sector has reemerged as an investment narrative in the past weeks amid new product releases by OpenAI and market-beating results of chipmaker Nvidia (NVDA). Prices of some AI tokens have more than doubled in the past week on the hype, CoinGecko data shows.

AI broadly refers to the simulation of human intelligence using programs that think and act like humans. Popular applications for this technology have so far been limited to chatbots, self-driving cars, optimizing search in online marketplaces and image-generation software.

Buterin’s idea of using AI for code audits could bolster security in an industry known for exploits and scams, two Ethereum-focused developers told CoinDesk this week.

How can AI help code audits?

Blockchain projects already conduct smart contract audits with the help of various automated tools, but a major limitation of these programs is that they are not capable of adapting to new information in the way an AI tool can, one developer explained.

“AI can be trained to recognize and adapt to new information and context, making it more effective at identifying vulnerabilities that may not be covered by static analysis rules,” a TokenFi developer who wished to stay anonymous told CoinDesk in an interview. TokenFi, a sister project of meme coin Floki, is building an AI-assisted code auditing platform.

“AI tools can be updated with new datasets and patterns, and this adaptability is crucial in the rapidly evolving landscape of smart contract security, where zero-day vulnerabilities can emerge, and existing ones can be exploited in novel ways,” they added.

“AI’s ability to learn and improve over time, combined with its capacity for deep analysis and pattern recognition, positions it as a powerful tool for pushing the limitations for human-assisted audits,” the developer explained.

Another developer believes that AI systems could predict vulnerabilities based on historical and forecast data. AI examination, along with human inspection, could ultimately create a strong system check mechanism.

“We can speed up the process by teaching AI systems what to look for based on previous experiences, allowing us to detect potential concerns before they escalate,” explained RJ Ke, developer at Ethereum layer-2 Taiko, in a Telegram chat. “AI may assist with highly technical tasks such as ensuring that the code behaves as expected under various conditions.”

“This combination of artificial intelligence and human inspection not only strengthens our code but also offers us hope for even more exciting advances in the Ethereum ecosystem this year,” Ke noted.

Extent of losses

Crypto users lost an estimated $2 billion to hacks and scams in 2023, as reported, with a large majority of these losses stemming from protocol exploits or attacking poorly coded systems.

Ethereum, the biggest blockchain by active users and value locked, experienced the highest losses, with about $1.35 billion erased in an estimated 170 incidents.

This figure is indicative of Ethereum’s appeal to malicious actors due to its extensive ecosystem and high-profile projects. The largest exploit was July’s $230 million attack on the cross-chain platform Multichain.