BitsLabAI Scanner surpassed many auditors in the auditing competition and won second place.

CN
深潮TechFlow
Follow
6 hours ago

BitslabAI Scanner utilizes an AI-driven scanner to outperform most auditors in the auditing competition.

Introduction

Bitslab has developed a cutting-edge AI auditing agent, BitsLabAI Scanner, specifically designed for analyzing and protecting Web3 applications. We recently tested this technology in the SuiDex public auditing competition, and the results were outstanding. BitslabAI Scanner utilized its AI-driven scanner to outperform most auditors in the competition, helping our team secure second place.

Background

The Web3 ecosystem is expanding at an astonishing rate, and smart contracts are becoming increasingly complex. While this innovation is exciting, it also brings significant security risks, especially in emerging ecosystems like Sui. Auditing smart contracts written in Move is a daunting task due to the lack of sufficient historical vulnerability data and mature tools compared to the EVM world.

To address this critical security gap, Bitslab has developed a cutting-edge AI agent, BitsLabAI Scanner, specifically designed for analyzing and protecting Web3 applications. We recently tested this technology in the SuiDex public auditing competition, and the results were outstanding. BitslabAI Scanner utilized its AI-driven scanner to outperform most auditors in the competition, helping our team secure second place. This demonstrates the powerful capability of BitsLabAI Scanner to discover critical security vulnerabilities that might be overlooked without AI assistance.

Why We Built a Security-First BitsLabAI Scanner

The world of on-chain security is undergoing a radical transformation driven by foundational AI. Although general-purpose large language models (LLMs) now have the capability to perform preliminary analysis of smart contract code, they often lack the specialization and adversarial thinking required for rigorous security audits. These models are great assistants, but they are not auditors.

To bridge this critical gap, we built a security-first multi-layer architecture—BitslabAI Scanner. It is not a single, monolithic model but an integrated system where multiple specialized AI components work together. Each component is specifically tailored to address particular challenges in smart contract security:

Semantic Code Analysis: Understanding the intent and logic of the code, going beyond syntax to grasp the business purpose of the contract.

Vulnerability Detection: Trained on a vast dataset of known vulnerabilities and anti-patterns, covering everything from reentrancy attacks to complex economic manipulation vectors.

Attack Simulation: An advanced component attempts to autonomously generate and validate potential attack paths to confirm whether theoretical vulnerabilities can indeed be exploited.

This integrated approach enables AI to discover complex logical flaws and hidden attack vectors that are easily missed by general AI and human auditors alike. By combining the speed and scale of AI with the precision of security experts, our framework achieves deeper and more comprehensive analysis, proactively providing security assurance for the next generation of Web3 applications.

From Concept to Practice: The True Power of BitslabAI Scanner

The capability of BitslabAI Scanner lies in its ability to break through the limitations of traditional static analysis. It does not merely check whether the code contains a list of known vulnerabilities; it simulates the thought process of a top security researcher. It analyzes not only what the code actually does but also what the code might be forced to do. This includes understanding economic incentives, potential edge cases, and new attack methods that require adversarial thinking to uncover.

This depth and contextual awareness is the cornerstone of our success in the SuiDex audit. AI does not just provide a list of potential issues; it outputs a set of prioritized actionable insights that directly guide audit experts to the most critical vulnerabilities. Here are the core capabilities supporting this analysis, along with specific SuiDex cases:

Automated Vulnerability Detection: Scanning for common and uncommon vulnerabilities in contracts, including reentrancy, integer overflow, access control issues, and precision errors.

Context Understanding: Analyzing interactions between different modules within the contract and external calls, identifying logical flaws that may arise under complex dependencies.

Precision and Accuracy: Minimizing false positives while ensuring high accuracy in identifying real risks.

Scalability: Efficiently auditing large and complex codebases, suitable for various blockchain projects.

Facing Challenges: Key Discoveries that Surpassed Auditors in the SuiDex Auditing Competition

In the AI-driven analysis of the SuiDex protocol, we achieved remarkable results, uncovering multiple vulnerabilities that could jeopardize platform integrity and user funds. Ultimately, we identified 7 critical vulnerabilities and 3 high-risk vulnerabilities, showcasing the depth of our analysis.

While the complete list remains confidential, the following representative cases illustrate the capabilities of AI:

1. Key Discovery: Incompatible Mathematical Systems in Core Arithmetic (SUIDEXCA-122)

Issue: The protocol's fixed-point math library used two incompatible mathematical systems simultaneously. The logic layer performed calculations using binary decomposition (powers of 2), while the protocol's precision standards were based on decimal (powers of 10). Executing binary operations within a decimal framework is akin to mixing meters and feet in the same formula without conversion.

Impact: All non-trivial multiplication and division operations would inevitably produce unpredictable and erroneous results. This is a ticking time bomb that could completely undermine the reliability of the entire AMM, leading to significant financial discrepancies and loss of user trust.

This discovery illustrates AI's ability to identify deep mathematical flaws, not just superficial code vulnerabilities.

2. Key Discovery: Incorrect Swap Logic Flag

Issue: The key function responsible for executing Token A → Token B swaps called an internal library to calculate the required input amount but mistakenly passed a hardcoded parameter, causing the library to believe it was executing the swap in the opposite direction (Token B → Token A).

Impact: This small error could lead to incorrect input amount calculations for each transaction, resulting in unfair transaction prices or outright transaction failures, severely undermining the core functionality of the DEX.

This discovery showcases AI's cross-function contextual analysis capability. It did not isolate the analysis to a single function but traced the complete execution path, identifying a critical logical contradiction.

3. High-Risk Discovery: Infinite Token Release Vulnerability (SUIDEXCA-30)

Issue: The time calculation logic for reward tokens contained a subtle error, failing to correctly limit the issuance cap according to the preset 3-year plan.

Impact: The protocol would indefinitely mint new tokens, far exceeding the established timeline. This would completely disrupt the project's token economic model, trigger inflation, destroy token value, and violate commitments to the community.

This case demonstrates AI's ability to analyze business logic and its long-term economic consequences, thereby safeguarding the financial integrity of the protocol.

Our detailed report has been promptly shared with the SuiDex development team, who have confirmed these findings and taken immediate action to address them.

Not Just Second Place: The Value and Significance Behind BitslabAI Scanner

BitslabAI Scanner's outstanding performance in the SuiDex auditing competition ultimately secured second place and uncovered numerous critical and high-risk vulnerabilities, proving its advanced capabilities. This achievement not only validates the effectiveness of BitslabAI Scanner in smart contract security auditing but also reinforces our commitment to building a decentralized secure future.

As the blockchain ecosystem continues to expand, the demand for powerful and efficient security solutions will only grow, and BitslabAI Scanner is ready to meet this challenge head-on in the future.

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

交易瓜分20,000GT !注册送$10K
Ad
Share To

Related Articles

avatar
avatarTechub News
23 minutes ago
"Trading Star Tuesday" Issue 20 Summary: Hot Discussion on WLFI Launch and Market Outlook
avatar
avatarCoin Gabbar
26 minutes ago
UK Bond Yield Surge Raises Alarm: Is US Next After September Cut?
avatar
avatar律动BlockBeats
47 minutes ago
In 7 days, it amassed 300 million USD. Is TechnoRevenant an insider or a new on-chain king?
avatar
avatarTechub News
1 hour ago
Yunfeng Financial: Has purchased Ethereum (ETH) as a strategic reserve asset and will continue to increase investments in digital assets in the future.
avatar
avatarCoin Gabbar
1 hour ago
Which partner is naming service within the ecosystem? Xenea Quiz
APP

X

Telegram

Facebook

Reddit

CopyLink