AI Static Analysis

Accelchain employs Artificial Intelligence (AI) for static analysis on smart contracts, specifically targeting 36 SWC (Smart Contract Weaknesses and Common Vulnerabilities) IDs outlined by the Ethereum.org. This proactive approach ensures the early detection of potential vulnerabilities during the development phase.

Static Analysis Overview

  • Definition: Static analysis involves examining the code structure, relationships, and attributes without executing the program.

  • Purpose: The goal is to identify vulnerabilities by analyzing the code's static properties, offering insights before deployment.

AI Integration for Static Analysis

  • AI-Driven Approach: Accelchain integrates AI algorithms to perform static analysis on smart contracts.

  • SWC ID Focus: The AI is tailored to specifically target the 36 SWC IDs, aligning with Ethereum.org's recognized vulnerabilities.

Ethereum.org's Recognized Vulnerabilities: https://swcregistry.io/

Audit Report Generation

  • Detailed Information: The resulting audit report provides detailed information on identified vulnerabilities.

  • Report Components: SWC Error ID, Error Title, Function with the error, lines containing the error, and severity are included.

  • Severity Levels: Issues are categorized by severity, allowing prioritization based on the criticality of each vulnerability.

  • Confidence Score: Each identified vulnerability is accompanied by a confidence score, indicating the AI's level of certainty regarding the presence of the vulnerability.

Understanding Confidence Scores

  • Scoring Mechanism: Confidence scores are generated based on the AI's evaluation of the code against predefined vulnerability patterns.

  • Interpretation: Higher confidence scores suggest a more robust match with known vulnerability patterns.

The current AI model of Accelchain is focused on the 36 predefined SWC IDs only. The tool may not cover all possible attack vectors or business logic vulnerabilities present in the smart contract.

Audit features for 'Attack Vectors' and 'Business Logic Vulnerabilities' are in the pipeline and should be launched soon!

Last updated