Can AI-based audit services disrupt the auditing industry?

cyptouser1 weeks agoCryptocurrencies News10
25cc9d4a>

 Presented by Bunzz Audit

What are the key challenges in the auditing industry?What exactly does an audit check?The significance of using AI for smart contract auditsAreas Where AI Falls ShortHow to benefit from AI toolsThe Future Evolution of AI Audits

What are the key challenges in the auditing industry?

Decentralized applications (DApps) handle user assets through on-chain transactions, making projects with vulnerabilities in their governing smart contracts susceptible to critical risks, such as unauthorized extraction of user or pooled assets. As a preventive measure, smart contract audits are conducted. However, users of existing major audit firms face several challenges:

The cost of traditional audit firms is very high, ranging from tens to hundreds of thousands of dollars.There’s an overemphasis on obtaining a “stamp of approval” from major audit firms, often sidelining the primary goal of enhancing security.Engaging an audit firm can delay product launches and token listings due to the time taken for audits.The accuracy of reports and communication costs can vary significantly depending on the auditor handling the audit.

These challenges are attributed to the fact that audits are conducted by humans. For instance, a significant portion of the high costs charged by audit firms go toward professional auditors’ fees. Furthermore, human auditors can overlook details, and the process can be time-consuming. As a solution, audit firms powered by artificial intelligence (AI) have started to emerge.

What exactly does an audit check?

The work of audit firms can generally be categorized in two:

A: Identifying vulnerabilities by comparing clients' contracts against known vulnerability patterns.B: Pointing out project-specific logic vulnerabilities and operational inconsistencies.

Normally, humans review the smart contract’s source code to check for vulnerabilities. However, knowledge and detection capabilities of vulnerability patterns vary among auditors, leading to potential oversights due to human error. So, that begs the question: How can AI address these issues?

The significance of using AI for smart contract audits

A: Comprehensiveness of audit perspectives

As a prime example of AI-based audit firms, Bunzz Audit boasts a database covering a vast range of vulnerability patterns, adopting an auditing approach that scans code from every possible angle. This method allows for comprehensiveness and accuracy in pointing out vulnerabilities that would be physically impossible for humans.

The Bunzz team states:

"Our research and development results have led us to conclude that a database plus AI approach is more suited for detecting vulnerability patterns than humans."

Bunzz Audit has published a comparison between AI-based audits and human audits.

This is an AI-based report on the audit of a protocol named Lockon, which allows for index investments in crypto. The report was generated in approximately 48 hours. The Lockon team was surprised to learn that this was an AI-based report because they found the points about vulnerabilities to be accurate.

B: Cost and duration of audits

Traditional audit firms employ dozens of professional auditors, whereas AI-based audit firms do not have “auditors” in the traditional sense. Instead, a few smart contract professionals review the results produced by AI, significantly reducing audit costs to about one-tenth of traditional firms. Audit agencies can complete audits in 24 to 48 hours, compared to about two weeks for traditional firms, thus compressing the audit period by a factor of ten.

However, are AI-based audits the best solution? There are weaknesses as well.

Areas Where AI Falls Short

Audits include pointing out project-specific logic vulnerabilities and operational inconsistencies that pertain to the project’s context. This context is not programmed into the contract’s source code but exists in off-chain information such as white papers and documentation.

Without inputting this into the AI, checks on project-specific logic cannot be conducted. Therefore, some AI-based audit services only address this aspect through human auditors, providing a more comprehensive audit.

How to benefit from AI tools

While AI-based audits are not yet perfect, they offer significant benefits for projects looking to reduce audit costs. They are also increasingly used as a “Pre Audit” before engaging traditional audit firms, as identifying critical bugs in advance can reduce the costs paid to audit firms. Moreover, integrating AI-based audit services into the CI/CD process is beginning to be seen as a way to improve code quality.

The Future Evolution of AI Audits

In February 2024, Vitalik Buterin highlighted the potential of AI in aiding formal verification of code and bug finding. “One application of AI that I am excited about is AI-assisted formal verification of code and bug finding,” he stated, adding:

“Right now, Ethereum’s biggest technical risk probably is bugs in code, and anything that could significantly change the game would be amazing.”

Formal Verification addresses the identification of project-specific logic vulnerabilities and operational inconsistencies. Advancements in Formal Verification technology could make on-chain protocols more trustless.

Trustworthy, automation-based, on-chain ecosystems could evolve significantly, potentially matching the impact of advancements in ZK technology. Overcoming the major barrier of perfecting product specifications, which is costly for humans, could be significantly improved with the use of AI, as believed by Vitalik Buterin and front-runners like Bunzz Audit.

Learn more about Bunzz Audit

Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you with all important information that we could obtain in this sponsored article, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor can this article be considered as investment advice.

The content on this website comes from the Internet. Due to the inconvenience of proofreading the authenticity and accuracy of the copyright or content of some content, it may be temporarily impossible to confirm the authenticity and accuracy of the copyright or content. For copyright issues or other issues caused by this, please Call or email this site. It will be deleted or changed immediately after verification.

related articles

Bitcoin ETF decision may be ‘imminent’ as VanEck, Grayscale file exchange registration form: Bloomberg Analyst

Three hopeful ETF candidates, Grayscale and Fidelity, and VanEck have now filed their form 8-A with...

TrueUSD attributes Binance Launchpool activities to recent stablecoin price deviation

TrueUSD attributes Binance Launchpool activities to recent stablecoin price deviation

Embattled TrueUSD (TUSD) stablecoin attributed the asset’s recent price deviations from the $1 peg t...

AI-powered game brings ‘Waifus’ to life with plans for AR/VR experience

AI-powered game brings ‘Waifus’ to life with plans for AR/VR experience

25cc9d4a˃AI Waifu is a Web3 game that merges player-owned economy and personalized digital companion...

UV-A lights at ApeFest caused eye and skin problems, Yuga Lab confirms

Yuga Labs, the company behind the Bored Ape Yacht Club, said the eye and skin complaints raised by A...

Novogratz’s Galaxy Digital raising $100M to fund crypto startups: Report

Novogratz’s Galaxy Digital raising $100M to fund crypto startups: Report

25cc9d4a˃Mike Novogratz’s crypto conglomerate Galaxy Digital is reportedly in the starting stages of...

New Google cloud sync feature implicated in $15M crypto heist at Ripple-owned Fortress Trust

Software development company Retool has blamed the hack of crypto custodian Fortress Trust on a rece...