Ethereum’s Buterin envisions AI as a remedy for code vulnerabilities

Ethereum co-founder Vitalik Buterin

19th February 2024 – (New York) Ethereum co-founder Vitalik Buterin has pinpointed artificial intelligence as a potential linchpin in addressing one of the platform’s most daunting challenges: the detection and rectification of deeply embedded code bugs. Buterin’s insights were articulated in a recent post dated February 18, underscoring his confidence in AI’s capacity to augment the auditing process for the Ethereum network’s codebase.

This revelation arrives at a critical juncture as Ethereum approaches the pivotal launch of its Dencun upgrade, a milestone event scheduled for 13th March. The upgrade, which is integral to Ethereum’s strategic development trajectory, had its mettle tested on the Goerli testnet on 17th January. However, a glitch in the Prysm client caused a notable delay of four hours in the testnet’s finalization process.

Buterin’s statement coincides with experiments conducted by blockchain security firm OpenZeppelin in July 2023. Utilising OpenAI’s GPT-4, the team undertook the task of pinpointing security flaws within Solidity smart contracts—a core component of Ethereum’s programming framework. Out of 28 test cases, the AI model successfully identified vulnerabilities in 20. Notably, though, GPT-4 did have instances of presenting false positives, misidentifying non-existent security flaws.

Kang Li, Chief Security Officer at CertiK, has voiced a more cautious stance regarding the deployment of AI in coding practices. Speaking to Cointelegraph, Li warned of the potential risks AI tools might incur, suggesting that their role should remain supplementary to human expertise. He highlighted the benefits of AI in enhancing the efficiency of code analysis and reverse engineering, yet maintained that reliance on such technologies demands a measured approach.

Buterin himself has previously communicated a balanced view on the synergy between AI and blockchain, expressing optimism about AI’s prospects while also advocating for prudence, especially in high-stakes applications like oracles, which could be susceptible to exploitation. He stressed the significance of exercising vigilance, as the ramifications of an attack could lead to substantial financial losses.