Decrypt’s Art, Fashion, and Entertainment Hub.
Smart contracts are the heart of the entire blockchain industry, from meme coins to complex DeFi platforms. These automated programs, however, face the persistent threat of cyberattacks, which often lead to significant financial and reputational losses. The best defense, according to a team of researchers, is artificial intelligence.
“Lightning Cat” is a novel solution that employs deep learning techniques to identify vulnerabilities in smart contracts, proposed in a recent study titled, "Deep learning-based solution for smart contract vulnerabilities detection."
Unlike traditional analysis tools—which are prone to both false positives and negatives—Lightning Cat utilizes deep learning methods to flag possible problems. It’s as if they trained a bot on the Solidity programming language instead of English.
“The results show that the proposed method has more reasonable data preprocessing and model optimization, resulting in better detection performance,” the researchers said, explaining that Lightning Cat is based on three optimized deep learning models: CodeBERT, LSTM, and CNN. These models undergo training on data sets comprising thousands of vulnerable contracts.
Notably, the CodeBERT model outperforms static detection tools, demonstrating an impressive f1-score of 93.53%, accurately capturing the syntax and semantics of the code and proving itself a capable blockchain auditor.
Lightning Cat comes with some risks, however. Researchers call it a “double-edge sword”: While beneficial in enhancing smart contract security, there's potential for malicious actors to exploit this technology, using it to detect bugs and exploit them instead of fixing them. To mitigate this, the researchers encourage coders to consider proper security practices and check their products regularly.
“Developers should regularly conduct code audits and undergo secure coding training as well as adopt responsible vulnerability disclosure policies,” the researchers warn. “It’s encouraged that researchers and developers, upon discovering security vulnerabilities, initially notify the relevant organizations or individuals privately.”
The long history of smart contract breaches underscores the importance of this work. The 2016 DAO attack, where hackers exploited a reentrancy vulnerability, resulted in a $60 million Ethereum theft. This incident led to the Ethereum blockchain's split. The BEC smart contract faced a similar fate in 2018 due to an integer overflow vulnerability, causing its token value to plummet to zero and disrupting the market.
“A number of the hacks were not necessarily on-chain vulnerabilities,” Schwed said in an exclusive interview. “They were standard Web2 security that was just compromised or breached due to poor security practices.”
The Lightning Cat initiative, utilizing AI for detecting code vulnerabilities, is part of a broader trend where AI and blockchain technologies are converging to enhance software security. This trend includes an AI and blockchain-based decentralized software testing system which combines the power of deep learning with the transparency and reliability of blockchain technology.
Proponents say this approach significantly accelerates the vulnerability detection process and is proving especially beneficial in remote work scenarios. Additionally, it incorporates the InterPlanetary File System (IPFS) for efficient data storage, offering a comprehensive solution for secure code development and testing in decentralized environments.