Spyglass is an AI-based web3 security tool that automates detecting security vulnerabilities.
Spyglass is an AI-based web3 security tool that streamlines the creation and chaining of security vulnerability detectors. It simplifies the process of writing rules to identify smart contract vulnerabilities, making it more accessible for developers to automate security work. This is especially significant in addressing the existing lack of security tools for emerging languages and ecosystems.
Stylus, for example, is a new paradigm for developing smart contracts in non-web3 languages. Because of the niche application of web3 in these languages, there is a significant lack of security tools, and developers cannot access the same security benefits as a web3 native language. Spyglass unlocks security analysis for contracts made for Stylus.
Spyglass works by providing boilerplate templates for writing automated security detectors (using AI, AST walking, dynamic testing, and regex pattern matching), executing the created rules against the user's code base, and allowing the chaining of multiple rules to create powerful and complex security detectors. This lowers the barrier to entry for creating simple automated security checks, while also enabling users to build more powerful tools than possible today - all with minimal code and no necessary infrastructure.
Spyglass is a React app that uses local browser storage to persist rules built by users. OpenAI GPT-4 is used to provide AI detectors. Basic libraries are used for regex matching and solidity AST parsing.
The front-end enables users to build and run basic security detectors, chain them together into more complex rules, and share rule sets with others.
OpenAI prompts were specially crafted to ensure a consistent output and format that matches a security detector and allows users to transparently write AI detectors without significant AI knowledge.
For the scope of this hackathon, we focused mainly on the Stylus use case, writing example rules for wasm language smart contracts.