Ethereum co-founder Vitalik Buterin believes that artificial intelligence (AI) could play a vital role in addressing one of Ethereum’s major technical risks: hidden bugs within its code.
In a post on X dated February 18, Buterin expressed his enthusiasm for AI-powered auditing as a means to identify and resolve problematic code on the Ethereum network, citing it as the network’s biggest technical risk.
Buterin’s remarks come at a time when Ethereum is nearing the implementation of its highly anticipated Dencun upgrade, scheduled for launch on March 13. While Dencun was successfully implemented on the Goerli testnet on January 17, a bug in Prsym prevented the network from finalizing on the testnet for four hours. Upgrades to the Ethereum network are crucial for its long-term development roadmap.
Nevertheless, not everyone shares the view that AI is a reliable tool for detecting bugs in Ethereum-based code. In July 2023, OpenZeppelin conducted a series of experiments using OpenAI’s GPT-4 to identify security issues in Solidity smart contracts, the native language of Ethereum code. During these experiments, GPT-4 successfully identified vulnerabilities in 20 out of 28 challenges. However, there were instances where GPT-4 failed to identify flaws or even created vulnerabilities that didn’t exist.
Similarly, Kang Li, the chief security officer at CertiK, stated that using AI-powered tools in coding often introduces more security issues than it resolves. Li recommends that AI assistants should only be used as aids to experienced coders, helping them quickly understand the meaning of a line of code.
While Buterin remains optimistic about the future of AI, he has previously cautioned developers to be cautious when integrating AI with blockchain technology, especially in high-risk applications such as oracles. He emphasized the importance of exercising caution to avoid potential financial losses if an AI oracle were to be compromised.
In conclusion, while AI shows promise in addressing Ethereum’s technical risks, it should be used judiciously alongside human expertise to mitigate potential security issues.