Cover photo

How To: Audit a Smart Contract with the ChainGPT AI

Source: https://www.chaingpt.org/blog/how-to-audit-smart-contract


Audits are a notoriously time consuming and tedious process that require tremendous attention to detail and deep technical knowledge. Rightfully so, as security in the world of crypto is the most important aspect of a healthy project. Luckily, through the aggregation of years of standardizations, industry practices and artificial intelligence, ChainGPT has configured an automated solution that can streamline auditing.

Whether you are a non-technical individual that simply wants to better understand the code you are working with better or you are a master programmer that needs to speed up their internal processes while controlling costs, ChainGPT’s Smart Contract Auditor can help!

Quick Start Guide:
1) Go to the ChainGPT AI app: https://app.chaingpt.org/
2) Select “Solidity Auditor” on the bottom Menu
3) Input the code of a contract as a prompt that you want audited
4) Click the “Audit Smart Contract”
5) Wait 1–2 minutes for the AI to complete the Audit
6) Review, implement, or continue with a deeper analysis.

Step 1:

Navigate to the ChainGPT application interface.

Open the ChainGPT App Interface

The best way to make sure you are interacting with the official application and avoiding any potential phishing sites is by heading directly to the ChainGPT.org website and clicking on the very top-right of the page where it says “try our Proto-type”.

Alternatively, you can hop straight into the app via https://app.chaingpt.org/. Then bookmark it for peace of mind and easy access.

Step 2:

Select the “Solidity Auditor” option located at the bottom menu bar.

Select Solidity Auditor

Step 3:

Fill in the input prompt box with the smart contract code you like like for ChainGPT to Audit.

Input contract code as prompt

Step 4:

After providing the code you wanted audited, submit your request by clicking the “Audit Smart Contract”

Click “Audit Smart Contract”

Step 5:

Allow 1–2 minutes for the ChaingGPT auditor time to process your request.

Wait for Smart Contract Audit to be Processed

Step 6:

Review the output that ChainGPT provides.

Review Audit output

The Audit will is composed of four segments containing an overview, a breakdown, an optimizations recommendation, and “final thoughts”.

The Overview provides a high-level description of what the contract does.

The Breakdown will compartmentalize each individual function/element within the contract and provide an explanation of its status.

The Optimizations is a prescription of suggested actions that can potentially improve the security and logic of the contract.

The Final Thoughts section is a synopsis that tells you the severity of the contracts flaws and its implications, along with a desirable plan of actions.

If you want the AI to expand on any individual section or conduct a deeper analysis you are able to continue the conversation directly in the application prompt chat.

Example Smart Contract

Prompted Contract to Audit:

  pragma solidity ^0.8.0;
  contract MyToken {
    string public name;
    string public symbol;
    uint256 public totalSupply;
    mapping(address => uint256) public balances;
    
    constructor() {
        name = "TokenTest";
        symbol = "TT";
        totalSupply = 5000000;
        balances[msg.sender] = totalSupply;
    }
    
    function transfer(address _to, uint256 _value) public returns (bool success) {
        require(balances[msg.sender] >= _value, "Insufficient balance");
        balances[msg.sender] -= _value;
        balances[_to] += _value;
        emit Transfer(msg.sender, _to, _value);
        return true;
    }
  
    event Transfer(address indexed _from, address indexed _to, uint256 _value);
}

Response:

MyToken

1. Overview:
— The contract represents a simple ERC20-like token named “TokenTest” with the symbol “TT”.
— The total supply is 5,000,000 tokens, initially assigned to the contract creator.
— The contract includes a transfer function, enabling the transfer of tokens between addresses.

2. Recommendations and potential security issues:
2.1. No decimals property
— The contract does not include a “decimals” property, which is a standard property for ERC20 tokens.
— This may cause issues with wallets and exchanges that assume a certain number of decimal places for tokens.
— Recommendation: Add a “uint8 public decimals” property and set it to the desired number of decimal places in the constructor.
2.2. Not fully ERC20 compliant
— The contract does not fully implement the ERC20 standard, as it is missing some functions like allowance, approve, and transferFrom.
— Recommendation: Implement the full ERC20 interface to ensure compatibility with wallets, exchanges, and other smart contracts.
2.3. Integer Overflow
— The contract does not check for integer overflow in the transfer function when updating balances.
— Recommendation: Use the SafeMath library or Solidity’s built-in checks for arithmetic operations to prevent integer overflow issues.
2.4. Missing return value in transfer function
— The transfer function returns a boolean “success” value, but the ERC20 standard does not require this.
— Recommendation: Remove the return value from the transfer function to adhere more closely to the ERC20 standard.

3. Optimizations:
3.1. Use IERC20 interface
— To ensure full compliance with the ERC20 standard, consider using the IERC20 interface provided by OpenZeppelin.
— This will ensure your contract follows the correct function signatures and event definitions.
3.2. Gas optimization
— The constructor can be optimized by directly setting the initial values of the state variables when they are declared.
— For example, string public name = “TokenTest”; instead of setting the value in the constructor.

4. Final thoughts:
— The contract is relatively simple and does not have any major security flaws.
— However, it is recommended to make the contract fully ERC20 compliant and use the SafeMath library or Solidity’s built-in checks for arithmetic operations to ensure security and compatibility.

Please let us know if you need further clarification or have any questions.

Ask and you Shall Receive.

Try it out for yourself 👉 https://app.chaingpt.org/#auditor


General Resources:
🌐 Website | 📧 Contact | 📃 Whitepaper

Connect with us and Join the community:
Twitter | Telegram | Discord | Instagram | LinkedIn | Youtube | TikTok

ChainGPT logo
Subscribe to ChainGPT and never miss a post.
#chaingpt#cgpt#audit#smart contracts#ai#artificial intelligence#blockchain