What are the primary obstacles facing the auditing industry?
What is the scope of an audit examination?
The importance of utilizing AI for audits of smart contracts
Limitations of AI in certain areas
How to leverage AI tools for maximum benefit
The Future of AI Audits
What are the primary obstacles facing the auditing industry?
Decentralized applications (DApps) facilitate the management of user assets through on-chain transactions. However, projects with vulnerabilities in their governing smart contracts are at risk of critical threats, such as unauthorized extraction of user or pooled assets. To mitigate these risks, smart contract audits are conducted. However, users of established audit firms encounter several challenges:
The cost of traditional audit firms is exorbitant, ranging from tens to hundreds of thousands of dollars.
There is an excessive focus on obtaining a “stamp of approval” from major audit firms, often overshadowing the primary objective of enhancing security.
Engaging an audit firm can cause delays in product launches and token listings due to the time-consuming nature of audits.
The accuracy of reports and communication costs can vary significantly depending on the auditor conducting the audit.
These challenges arise from the fact that audits are currently conducted by human auditors. For example, a significant portion of the high costs associated with audit firms is attributed to the fees of professional auditors. Furthermore, human auditors may overlook certain details, and the process itself can be time-consuming. As a solution, audit firms powered by artificial intelligence (AI) have emerged.
What is the scope of an audit examination?
The work of audit firms generally falls into two categories:
A: Identifying vulnerabilities by comparing clients’ contracts against known patterns of vulnerabilities.
B: Identifying project-specific logic vulnerabilities and operational inconsistencies.
Typically, human auditors review the source code of smart contracts to identify vulnerabilities. However, the knowledge and detection capabilities of vulnerability patterns can vary among auditors, leading to potential oversights due to human error. This leads to the question: How can AI address these issues?
The importance of utilizing AI for audits of smart contracts
A: Comprehensive audit perspectives
An exemplary AI-based audit firm,
Bunzz Audit,
maintains a database that encompasses a wide range of vulnerability patterns, adopting an auditing approach that scrutinizes code from all possible angles. This methodology enables the identification of vulnerabilities with comprehensiveness and accuracy that would be physically impossible for humans.
The Bunzz team states:
Bunzz Audit has published a comparison
between AI-based audits and human audits.
This report, which is based on AI,
shows the results of an audit conducted on a protocol called Lockon, which enables index investments in cryptocurrencies. The report was generated in approximately 48 hours. The Lockon team was surprised to discover that this was an AI-generated report, as they found the vulnerabilities identified to be accurate.
B: Cost and duration of audits
Traditional audit firms employ numerous professional auditors, whereas AI-based audit firms do not rely on traditional auditors. Instead, a small number of smart contract professionals review the results produced by AI, significantly reducing audit costs to approximately one-tenth of traditional firms. Audit agencies can complete audits in 24 to 48 hours, compared to approximately two weeks for traditional firms, thus reducing the audit period by a factor of ten.
However, are AI-based audits the ultimate solution? They do have their limitations.
Limitations of AI in certain areas
Audits involve the identification of project-specific logic vulnerabilities and operational inconsistencies that are relevant to the context of the project. This context is not programmed into the contract’s source code but exists in off-chain information such as white papers and documentation.
Without inputting this context into the AI, checks on project-specific logic cannot be conducted. Therefore, some AI-based audit services address this aspect by incorporating human auditors, providing a more comprehensive audit.
How to leverage AI tools for maximum benefit
While AI-based audits are not flawless, they offer significant advantages for projects seeking to reduce audit costs. They are increasingly used as a “Pre-Audit” before engaging traditional audit firms, as identifying critical bugs in advance can lower the costs associated with audit firms. Additionally, integrating AI-based audit services into the CI/CD process is viewed as a means to enhance code quality.
The Future of AI Audits
In February 2024, Vitalik Buterin
highlighted the potential of AI
in facilitating the formal verification of code and identifying bugs. He stated, “One application of AI that I am excited about is AI-assisted formal verification of code and bug finding,” and further added:
Formal Verification addresses the identification of project-specific logic vulnerabilities and operational inconsistencies. Advancements in Formal Verification technology could make on-chain protocols more trustless.
By achieving trustworthy, automation-based, on-chain ecosystems, significant advancements can be made, potentially rivaling the impact of advancements in ZK technology. Overcoming the major challenge of perfecting product specifications, which is costly for humans, can be greatly improved with the utilization of AI, as believed by Vitalik Buterin and pioneers like
Bunzz Audit.
Learn more about
Bunzz Audit
Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim to provide you with all the relevant information that we have obtained in this sponsored article, readers should conduct their own research before making any decisions related to the company and assume full responsibility for their actions. This article should not be considered as investment advice.
Is it possible for AI-driven audit services to revolutionize the auditing sector?