Ethereum co-founder Vitalik Buterin says artificial intelligence (AI) could be crucial to solving one of Ethereum’s “biggest technical” risks: bugs buried deep within its code.
In a Feb. 18poston X, Buterin shared his excitement for AI-powered auditing to identify and fix buggy code in the Ethereum network, describing it as the “biggest technical risk” to the network.
One application of AI that I am excited about is AI-assisted formal verification of code and bug finding.
— vitalik.eth (@VitalikButerin)February 19, 2024
Right now ethereum's biggest technical risk probably is bugs in code, and anything that could significantly change the game on that would be amazing.
Buterin’s comments come as Ethereum closes in on implementing its long-awaited Dencun upgrade, which iscurrently slated for launchon March 13. Dencun was implemented on the Goerli testnet on Jan. 17, but a bug in Prsym prevented the network from finalizing on the testnet for four hours. Upgrades to the Ethereumnetwork are crucial to the long-term roadmapof the blockchain.
However, not everyone agrees that AI is areliable tool to detect bugsin Ethereum-based code.
In July 2023, OpenZeppelinconducted a series of experimentsthat utilized OpenAI’s GPT-4 to identify security issues in Solidity smart contracts — the native language of Ethereum code.
During these experiments, GPT-4 successfully identified vulnerabilities in 20 out of 28 challenges.
ChatGPT analyzes a smart contract. Source: OpenZeppelinWhen GPT-4 failed to identify flaws, it could often be prompted to correct its mistakes quickly. However, at other times, OpenZeppelin found that the AI had actually invented a vulnerability that had never existed in the first place.
Similarly, Kang Li, the chief security officer at CertiK, told Cointelegraph that using AI-powered tools — such as ChatGPT — in codingoften creates more security issuesthan it solves.
Overall, Li recommends that AI assistantsshould be used onlyas assistants to experienced coders, as they can be helpful in quickly explaining to developers what a line of code means.
“I think ChatGPT is a great helpful tool for people doing code analysis and reverse engineering. It’s definitely a good assistant, and it’ll improve our efficiency tremendously.”
While Buterin is largely optimistic about the future of AI, he has previously warned developersto exercise cautionwhen implementing AI with blockchain technology, particularly when deploying it alongside “high-risk” applications, such as oracles.
“It is important to be careful: if someone builds e.g. a prediction market or a stablecoin that uses an AI oracle, and it turns out that the oracle is attackable, that’s a huge amount of money that could disappear in an instant.”