In a post dated February 18 on X, Buterin underscores the importance of AI-powered audits to detect and rectify vulnerable code segments within the Ethereum network, recognizing it as the primary technical risk that could impact the network.
One application of AI that I am excited about is AI-assisted formal verification of code and bug finding.
— vitalik.eth (@VitalikButerin) February 19, 2024
Right now ethereum's biggest technical risk probably is bugs in code, and anything that could significantly change the game on that would be amazing.
Ethereum's Upcoming Dencun Upgrade and Technical Challenges
As Ethereum approaches the launch of its eagerly anticipated Dencun upgrade on March 13, Buterin’s remarks gain prominence. The upgrade, tested on the Goerli testnet on Jan. 17, encountered a four-hour delay due to a bug in Prsym. The successful implementation of network upgrades is crucial to Ethereum's long-term development.
Despite Buterin's optimism, some skepticism exists regarding the reliability of AI in detecting Ethereum code bugs.
OpenZeppelin's GPT-4 Experiments and Security Challenges
In July 2023, OpenZeppelin conducted experiments using OpenAI’s GPT-4 to identify security issues in Solidity smart contracts, the native language of Ethereum code. GPT-4 successfully detected vulnerabilities in 20 out of 28 challenges. However, concerns arose when the AI occasionally created non-existent vulnerabilities or struggled to rectify its errors promptly.
Similarly, Kang Li, Chief Security Officer at CertiK, warns against over-reliance on AI tools like ChatGPT in coding, suggesting they can introduce security issues rather than solve them. Li recommends using AI assistants as aids to experienced coders for efficient code analysis and reverse engineering.
Balancing Caution and Innovation in Blockchain Technology
While Buterin remains optimistic about AI's potential, he urges developers to exercise caution when integrating AI with blockchain technology, especially in "high-risk" applications like oracles. He emphasizes the need for careful consideration, as vulnerabilities in AI oracles could lead to significant financial losses, particularly in areas such as prediction markets or stablecoins.