This AI chatbot is either an exploiter's dream or their nightmare

Published at: Dec. 2, 2022

The online crypto community has discovered a new Artificial Intelligence (AI)-powered chatbot that can either be used to warn developers of smart contracts vulnerabilities or teach hackers how to exploit them. 

ChatGPT, a chatbot tool built by AI research company OpenAI, was released on Nov. 30 and was designed to interact “in a conversational way” with the ability to answer follow-up questions and even admit mistakes, according to the company.

However, some Twitter users have come to realize that the bot could potentially be used for both good and evil, as it can be prompted to reveal loopholes in smart contracts.

Stephen Tong, co-founder of smart contract auditing firm Zellic asked ChatGPT to help find an exploit, presenting a piece of smart contract code.

OMG WTF pic.twitter.com/I2hE0e5ppq

— cts (@gf_256) December 1, 2022

The bot responded by noting the contract had a reentrancy vulnerability where an exploiter could repeatedly withdraw the funds from the contract and provided an example of how to fix the issue.

This similar type of exploit was used in May by the attacker of the Decentralized finance (DeFi) platform Fei Protocol who made off with $80 million.

Others have shared results from the chatbot after prompting it with vulnerable smart contracts. Twitter user devtooligan shared a screenshot of ChatGPT, which provided the exact code needed to fix a Solidity smart contract vulnerability commenting “we're all gonna be out of a job.”

omg. seriously mind-blown we're all gonna be out of a job pic.twitter.com/iwjjOTPDLY

— devtooligan (@devtooligan) December 1, 2022

With the tool, Twitter users have already begun to jest they’re able to now start businesses for security auditing simply by using the bot to test for weaknesses in smart contracts.

Excited to announce I'm raising for my new smart contract security consulting company.It's gonna be me just be throwing ChatGPT to fuzz your code. https://t.co/gSFyABd9M6

— eddie (⬅️,) (@0x_eddie) December 1, 2022

Cointelegraph tested ChatGPT and found it can also create an example smart contract from a prompt using simple language, generating code that could apparently provide staking rewards for Ethereum-based nonfungible tokens (NFTs).

Despite the chatbot's ability to test smart contract functionality, it wasn’t solely designed for that purpose and many on Twitter have suggested some of the smart contracts it generates have issues.

The tool also might provide different responses depending on the way it’s prompted, so it isn't perfect.

Related: Secret Network resolves network vulnerability following white hat disclosure

OpenAI CEO Sam Altman tweeted that the tool was “an early demo” and is “very much a research release.”

He opined that “language interfaces are going to be a big deal” and tools such as ChatGPT will “soon” have the ability to answer questions and give advice with later iterations completing tasks or even discovering new knowledge.

Tags
Technology
Blockchain
Hacks
Smart Contracts
Bot
Ai
Related Posts
How do DeFi protocols get hacked?
The decentralized finance sector is growing at a breakneck pace. Three years ago, the total value locked in DeFi was a mere $800 million. By February 2021, the figure had grown to $40 billion; in April 2021, it attained a milestone of $80 billion; and now it stands at above $140 billion. Such rapid growth in a new market could not but attract the attention of all manner of hackers and fraudsters. According to a report by crypto research company, since 2019, the DeFi sector has lost about $284.9 million to hacks and other exploit attacks. Hacks of blockchain ecosystems …
Technology / Aug. 14, 2021
Port of Rotterdam testing blockchain and AI for renewables trading
The Port of Rotterdam's blockchain subsidiary, Blocklab, has been trialing a decentralized electricity trading system to help lower costs and optimize the use of renewables on its microgrid. The system, called Distro, has been jointly developed by Blocklab and S&P Global Platts and has been operational as a trial for two months. Distro uses blockchain technology, smart contracts and artificial intelligence to support the decentralized, high-frequency trading of renewable energy by commercial consumers looking to optimize and manage their energy use. It matches demand with the intermittent power generated from different sources, specifically solar and battery storage. Each market participant …
Technology / Oct. 6, 2020
How Blockchain Tech Is Revolutionizing Traditional Lotteries
In today’s evolving business world, industry leaders across the globe are turning to blockchain technology to revolutionize their respective industries. Although blockchain is still a relatively new concept, a growing number of companies are now investing in it. Blockchain has quickly gained a reputation for providing greater transparency, enhanced security, improved traceability, increased efficiency and low costs. One niche area that could be poised to benefit greatly from it is lotteries. Problems with traditional lotteries Although many global economies were soaring prior to the COVID-19 pandemic, the inefficiencies of mature industries can still be addressed by implementing blockchain technology. The …
Technology / May 28, 2020
Smart contract exploits are more ethical than hacking... or not?
There has been a lot of talk about the recent “hacks” in the decentralized finance realm, particularly in the cases of Harvest FInance and Pickle Finance. That talk is more than necessary, considering hackers stole more than $100 million from DeFi projects in 2020, accounting for 50% of all hacks this year, according to a CipherTrace report. Related: Roundup of crypto hacks, exploits and heists in 2020 Some point out that the occurrences were merely exploits that shined a light on the vulnerabilities of the respective smart contracts. The thieves didn’t really break into anything, they just happened to casually …
Technology / April 18, 2021
Tornado Cash says it's using Chainalysis oracles to block access from OFAC sanctioned addresses
On Friday, Tornado Cash announced that it was using oracle contracts from Chainalysis to block wallet addresses sanctioned by the U.S. Office of Foreign Assets Control, or OFAC. The move comes after the U.S. Department of the Treasury linked North Korean cybercriminal Lazarus Group as an alleged perpetrator for the recent $600 million+ Ronin Bridge exploit. As told by blockchain analytics firm Elliptic, the hackers have sent approximately $80.3 million worth of Ether (ETH) through Tornado Cash. "Maintaining financial privacy is essential to preserving our freedom; however, it should not come at the cost of non-compliance," said the Tornado Cash …
Technology / April 15, 2022