SolidityGPT
We built SolidityGPT, a tool that helps non-technical users and novice developers understand, review, and audit smart contracts with the help of AI, fostering transparency and trust in Blockchain dApp
Created on 1st March 2024
•
SolidityGPT
We built SolidityGPT, a tool that helps non-technical users and novice developers understand, review, and audit smart contracts with the help of AI, fostering transparency and trust in Blockchain dApp
The problem SolidityGPT solves
Smart contracts are a crucial component of dApps. However, since they are written in Solidity and published in bytecode, non-technical users frequently struggle to understand the function of the smart contracts they intend to use. These users can only blindly trust the information given by others and hope that the transactions they execute through contracts will not harm them. For example, in the case of airdrop events, users may have to depend on Twitter and Telegram feeds, relying on word of mouth, to judge the reliability of a project, without the ability to directly verify whether the contract is safe or not themselves. This contradicts the vision of decentralization and zero trust in blockchain technology.
Additionally, novice developers encounter difficulties in comprehending existing smart contracts. Even when a contract is made available as open-source, its intricate logic may not be straightforward for developers to grasp. Furthermore, many contracts are neither open-sourced nor verified, complicating the interpretation of their functionalities.
To solve the two problems mentioned above, there is a need for a community platform that allows non-technical users and novice developers to easily understand, review, and audit Solidity smart contracts. This is why we built SolidityGPT. With the help of cutting-edge AI technology, any user can easily read and understand smart contracts on the blockchain with the help of the latest Large Language Models, such as GPT-4, finetuned-GPT-3.5, and Code LLaMA. Moreover, through a community discussion forum, the community can exchange comments and audit reports on smart contracts. If the community finds a contract beneficial, they can also directly send donations to the contract deployer's wallet from the SolidityGPT page.
Moreover, for non-open-sourced contracts, SolidityGPT can convert and beautify the decompiled Solidity-like code into Solidity code, making it more accessible for further reviewing and auditing.
Challenges we ran into
We encountered two main issues. First, the decompilation process is time-consuming. For example, we used Panoramix, which is used by Etherscan at https://github.com/palkeo/panoramix. The panoramix library took more than 15 minutes to decompile a simple contract when running on a server with 24 CPUs. As a result, we had to decompile contracts in advance to use them for our demo. We hope that in the future, the community will develop more real-time decompilation tools, or compile a decompilation API for everyone to integrate.
Second, AI is sometimes not smart enough. Although it can identify common vulnerabilities, such as the Reentrancy Attack, it struggles with more subtle methods, posing a potential risk to users if they over-reliant on AI’s review. This is why we later added a Discussion Forum in our interface, enabling users to view others’ comments and leverage collective intelligence in conjunction with AI to minimize the chances of false negatives. Moreover, we are optimistic that these challenges will diminish as AI's learning parameters expand and are trained with more data.
In sum, although some challenges have not yet been overcome, our project is highly forward-looking. It demonstrates how ordinary non-technical users can be empowered by AI to review and audit the blockchain contracts they will interact with.
Tracks Applied (6)
Impact & Public Goods
Public Goods Funding Platform
Base
Build a Decentralized Social Network Using Web3 and EthStorage
ETHStorage
Build a Decentralized Content Management System Using Web3 and EthStorage
ETHStorage
Building with Injective inEVM
Injective
Build on Linea
Linea
Cheer Project
Cheering for a project means supporting a project you like with as little as 0.0025 ETH. Right now, you can Cheer using ETH on Arbitrum, Optimism and Base.