公开版Mythos正式上线:解析AI智能合约审计的优势与局限
- Key Point: AI demonstrates advantages in blockchain security audits, such as efficiently uncovering hidden vulnerabilities like storage slot collisions. However, it still has significant shortcomings in cross-protocol composability logic and complex DeFi economic model analysis, requiring collaboration with human experts.
- Key Elements:
- Anthropic released the Claude Opus 4 model, which previously excelled in security vulnerability discovery, rapidly identifying hidden flaws.
- Security researchers, through AI model analysis, discovered a soundness vulnerability in the Zcash Orchard privacy pool that had existed for four years, which could mint an unlimited amount of fake ZEC, causing the ZEC price to plummet by nearly 40%.
- AI performs exceptionally well in storage slot collision vulnerabilities. For example, a contract where `ReentrancyGuard` and the `rewards` mapping conflicted on the same storage slot could be quickly identified by AI, whereas manual audits would struggle to find it.
- AI has clear limitations in cross-protocol composability semantic analysis. Taking the Curve LlamaLend sDOLA incident as an example, Claude Opus 4 failed to identify the complex attack path involving price manipulation via flash loans and subsequent liquidation.
- The current industry trend is the collaboration between AI and security audit experts. This synergy can significantly improve audit efficiency and enhance coverage of both detailed risks and complex business logic.
Original source: Beosin
On June 9, Anthropic officially launched the public version of Mythos, Claude Fable 5. Previously, Mythos had demonstrated outstanding capabilities in security vulnerability discovery, quickly identifying hidden vulnerabilities within systems, drawing significant attention in the cybersecurity field.
The recent Zcash incident is a typical example of AI uncovering blockchain vulnerabilities. Security researcher Taylor Hornby, using the Anthropic Claude Opus 4.8 model, discovered a soundness vulnerability in the Orchard privacy pool that had remained hidden for four years and had gone undetected through multiple prior manual audits. Theoretically, this vulnerability allowed the minting of unlimited, undetectable fake ZEC, directly causing the ZEC price to plummet by nearly 40%.
Currently, AI demonstrates remarkable efficiency in areas such as code pattern matching and batch preliminary screening. Integrating AI into blockchain and smart contract security audit processes is becoming a trend in the Web3 security industry. This article will analyze the advantages and shortcomings of AI in smart contract auditing, combining real vulnerability cases and the measured performance of Fable 5.
Scenarios Where AI Excels in Auditing
Case Study: Storage Slot Collision
A certain contract simultaneously uses the following two components:
1. A custom `rewards` mapping (used to record user claimable rewards)
2. Solady library's `ReentrancyGuard` (to prevent reentrancy attacks)
The storage layouts of these two components conflict.
Specifically, Solady's `ReentrancyGuard`, for extreme gas optimization, uses a fixed, low-numbered storage slot (typically derived to a near-constant slot via specific calculations). The typical logic of the `nonReentrant` modifier is:
// A simplified versionmodifier nonReentrant() { // when entering, write guard slot as 0xff...ff(Sentinel Value) assembly { if eq(sload(REENTRANCY_GUARD_SLOT), 2) { revert(...) } // 2 represents locked sstore(REENTRANCY_GUARD_SLOT, 2) // locked } _; // recover when function finishes assembly { sstore(REENTRANCY_GUARD_SLOT, 1) }}
The custom `rewards` mapping:
mapping(address => uint256) public rewards;
Due to Solidity's storage layout rules (the first slot of a mapping is calculated based on its declaration position), the first slot of the `rewards` mapping is identical to the fixed protected slot of `ReentrancyGuard`.
Attack process (detailed steps):
1. The attacker calls the `getReward()` function.
2. The `nonReentrant` modifier triggers, writing `0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff` (all 1s) to the guard slot.
3. The contract code then reads `rewards[attacker_address]` — but due to the slot collision, it actually reads the massive value `0xff...ff` from the guard slot.
4. The contract assumes there is a "huge reward" and transfers this amount of ETH to the attacker, while attempting to zero out `rewards[attacker]` (but writes back to the same guard slot instead).
5. Because the modifier restores the slot at the end of the function, the process repeats when the attacker calls `getReward()` again.
6. The attacker loops the call 200 times, successfully extracting a fixed amount of ETH each time until the contract's extractable ETH is drained.
It is important to note this is not a traditional "reentrancy attack." Rather, `ReentrancyGuard`'s own protection mechanism is inversely exploited by the storage collision, turning it into a vulnerability for claiming infinite rewards. Manual audits rarely involve line-by-line deep dives into the storage layout of third-party libraries, whereas AI can instantly perform library version comparison and precise storage slot mapping, directly hitting such "hidden collision" vulnerabilities.
Scenarios Where AI Struggles in Auditing
Fable 5 performs excellently in single contracts, pure code syntax analysis, and low-level storage vulnerability detection. However, it still has significant limitations when facing cross-protocol compositional semantics and multi-contract combined attacks. We conducted a re-test using the latest public version of Fable 5 on contracts related to the Curve LlamaLend sDOLA attack incident, and the results confirmed this issue.
The audit involved a series of contracts including: crvUSD Controller.vy, sDOLA.sol, ERC4626.sol, etc. Fable 5 failed to identify the core risk corresponding to this attack:
This incident is a typical cross-protocol composition vulnerability. The syntax and logic of any single contract's code were sound, but the attacker built an attack chain by leveraging multi-protocol interactions:
1. Using flash loan tools to manipulate the price of the Curve pool, maliciously suppressing the asset price of sDOLA (ERC-4626 vault shares).
2. Numerous lending positions collateralized by sDOLA triggered liquidation thresholds.
3. The attacker executed batch liquidations, profiting from the process.
This type of vulnerability relies on the combination of multiple DeFi protocols, testing the AI/auditor's comprehensive analysis capability of the overall business and protocol economic models. Currently, AI auditing still has deficiencies in cross-protocol compositional semantics.
Conclusion
Through testing with real-world cases, it can be seen that Fable 5 effectively uncovers hidden vulnerabilities easily missed in manual audits in standardized, detail-oriented scenarios such as storage slot conflicts, code pattern vulnerabilities, single-contract logic flaws, and batch code screening. However, when dealing with cross-protocol compositional semantics, DeFi economic models, multi-contract attack chains, and complex business logic vulnerabilities, it struggles to understand the nature of on-chain ecosystem operations and discover compositional attack paths. This part still requires analysis led by professional security auditors.
In daily audit work, Beosin has established a mature audit process that synergizes AI and security audit experts. This not only significantly improves audit efficiency but also better identifies potential detail risks and complex business logic vulnerabilities, making audits more efficient, comprehensive, and in-depth.
