公开版Mythos正式上线:解析AI智能合约审计的优势与局限
- 核心观点:AI在区块链安全审计中展现出高效挖掘存储槽碰撞等隐蔽漏洞的优势,但在跨协议组合逻辑和复杂DeFi经济模型分析上仍有明显短板,需与人工专家协同工作。
- 关键要素:
- Anthropic发布Claude Fable 5模型,此前其在安全漏洞挖掘领域表现突出,能迅速发现隐蔽漏洞。
- 安全研究员通过AI模型分析,发现Zcash Orchard隐私池存在潜伏四年的soundness漏洞,可铸造无限假ZEC,导致ZEC价格暴跌近40%。
- AI在存储槽碰撞类漏洞中表现优异,如某合约因ReentrancyGuard与rewards映射存储槽冲突,可被AI快速识别,而人工审计难以发现。
- AI在跨协议组合语义分析中存在明显局限,以Curve LlamaLend sDOLA事件为例,Fable 5未能识别利用闪电贷操纵价格和清算的复杂攻击路径。
- 目前行业趋势为AI+安全审计专家协同,可大幅提升审计效率,完善对细节风险与复杂业务逻辑的覆盖。
Original Source: Beosin
On June 9, Anthropic officially launched the public version of Mythos, Claude Fable 5. Previously, Mythos has demonstrated outstanding capabilities in security vulnerability mining, quickly identifying hidden vulnerabilities within systems, drawing significant attention in the cybersecurity field.
The recent Zcash incident stands as a typical example of AI uncovering blockchain vulnerabilities. Security researcher Taylor Hornby, using the Anthropic Claude Opus 4.8 model, discovered a soundness vulnerability in the Orchard privacy pool within just a few hours. This vulnerability had remained latent for four years, undetected despite multiple manual audits. Theoretically, it could have been exploited to mint unlimited, untraceable counterfeit ZEC, directly causing the price of ZEC to plummet by nearly 40%.
Currently, AI demonstrates remarkable efficiency in code pattern matching and batch preliminary screening. Integrating AI into the security audit processes for blockchain and smart contracts is becoming a trend in the Web3 security industry. This article will analyze the advantages and limitations of AI in smart contract auditing, combining real-world vulnerability cases and the measured performance of Fable 5.
Advantageous Scenarios for AI Auditing
Case Study: Storage Slot Collision
A certain contract utilized the following two components simultaneously:
1. A custom `rewards` mapping (used to record user-claimable rewards)
2. Solady library's ReentrancyGuard (prevents reentrancy attacks)
Critically, a conflict occurred between the storage layouts of the two components.
Solady's ReentrancyGuard, for extreme gas optimization, uses a fixed, low-numbered storage slot (typically derived from a specific calculation resulting in a near-constant slot). The typical logic of its `nonReentrant` modifier is:
// A simplified versionmodifier nonReentrant() { // when entering, write guard slot as 0xff...ff (Sentinel Value) assembly { if eq(sload(REENTRANCY_GUARD_SLOT), 2) { revert(...) } // 2 represents locked sstore(REENTRANCY_GUARD_SLOT, 2) // locked } _; // recover when function finishes assembly { sstore(REENTRANCY_GUARD_SLOT, 1) }}
The custom `rewards` mapping:
mapping(address => uint256) public rewards;
Due to Solidity's storage layout rules (the first slot of a mapping is calculated from its declaration position), the first slot of the `rewards` mapping was identical to the fixed protection slot of the ReentrancyGuard.
Attack Flow (Detailed Steps):
1. The attacker calls the `getReward()` function.
2. The `nonReentrant` modifier triggers, writing `0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff` (all 1s) into the guard slot.
3. The contract code then reads `rewards[attackerAddress]` — but due to the slot collision, it actually reads the enormous value `0xff...ff` from the guard slot.
4. Believing there is a "massive reward," the contract transfers this amount of ETH to the attacker and attempts to reset `rewards[attacker]` to zero (which, however, writes back to the same guard slot).
5. As the modifier restores the slot's value at the function's end, the process repeats when the attacker calls `getReward()` again.
6. The attacker loops this call 200 times, successfully extracting a fixed amount of ETH each time until the withdrawable ETH in the contract is drained.
It is important to note that this is not a traditional "reentrancy attack." Instead, the ReentrancyGuard's own protective mechanism was reverse-exploited by the storage collision, turning it into a vulnerability allowing infinite reward claims. Manual audits rarely involve line-by-line deep dives into third-party library storage layouts, whereas AI can instantly perform library version comparison plus precise storage slot mapping, directly hitting such "hidden collision" vulnerabilities.
Disadvantageous Scenarios for AI Auditing
While Fable 5 excels in detecting vulnerabilities related to single contracts, pure code syntax, and low-level storage issues, it still shows significant limitations when facing cross-protocol composition semantics and multi-contract composite attacks. We conducted retests using the latest public version of Fable 5 on contracts related to the Curve LlamaLend sDOLA attack incident, and the results confirmed this limitation.
The audit scope included contracts such as crvUSD Controller.vy, sDOLA.sol, and ERC4626.sol. Fable 5 failed to identify the core risk exploited in this attack:
This incident is a typical cross-protocol composition vulnerability. The code syntax and logic of any single contract were not flawed. However, the attacker constructed an attack chain by leveraging the interaction of multiple protocols:
1. Using flash loans to manipulate the price in Curve's liquidity pools, maliciously depressing the asset price of sDOLA (ERC-4626 vault shares).
2. Triggering liquidation thresholds for numerous loan positions collateralized by sDOLA.
3. The attacker executed liquidation operations in bulk, profiting from the process.
This type of vulnerability relies on the combination of multiple DeFi protocols, challenging the comprehensive analytical ability of AI/auditors regarding the overall business logic and protocol economic models. Currently, AI auditing still exhibits deficiencies in understanding cross-protocol composition semantics.
Conclusion
Real-world case testing shows that Fable 5 can effectively uncover hidden vulnerabilities often missed by manual audits in standardized, detail-oriented scenarios such as storage slot conflicts, code pattern vulnerabilities, single-contract logic flaws, and batch code screening. However, when dealing with cross-protocol composition semantics, DeFi economic models, multi-contract linked attacks, and complex business logic vulnerabilities, it struggles to grasp the business essence of on-chain ecosystems and explore composite attack paths. This area still requires leading analysis by professional security auditors.
In daily audit work, Beosin has established a mature audit process integrating AI and security audit experts. This synergy not only significantly improves audit efficiency but also enables better identification of potential detail risks and complex business logic vulnerabilities, making audit work more efficient, comprehensive, and in-depth.
