Problem Toucan AI Solves

Security vulnaribilities in Smart Contract contributted to a staggering loss of over $1.1B. With approximately 100 security auditing firms in the space and over 500 active protocols on Ethereum alone with over 100k TVL auditing for security vulnerabilities becomes increasingly important in both speed and reliability. Toucan AI streamlines the initial security vulnerability scanning for new and existing contracts by leveraging AI to produce scripts that exploit the vulnerable code and creates a detailed report outlining the issues and provide mitigation strategies.

Challenges Faced

• Some contract vulnerabilities are revealed only in contract to contract calls. This is challenging to fully automate as the AI needs to write and deploy the attacker contract while also being able to write a script to initiate the exploit
• 1 shot learning is hard in security vulnerability testing thus continuous iterating until an exploit is found makes the result production slower
• Creating a perfect, majestic toucan is always hard

Technologies Utilized

• Development:
  • Hardhat
  • Typescript
• AI Model:
  • Open AI GPT-4o
• Smart Contract:
  • Solidity

Links

• Demo: https://www.youtube.com/watch?v=lyfHjudRXo4
• Github: https://github.com/TheHackingToucans/toucan-ai

Authors

Julia, Stefano, Tom, Vlad, Sandoche

License

Apache 2.0