OnchainGuard
Analyze your deployed contracts against the latest vulnerabilities using LLMs
Project Description
OnchainGuard Solution
A protocol can sign up for our service, that checks for vulnerabilities in their smart contracts. We keep a database of known vulnerabilities and exploits. Every time a new report gets added to the websites we are monitoring continuously, we check if any of the registered smart contracts are vulnerable to this issue. For this, we run the description and code of the vulnarebilities, as well as the smart contracts, into LLMs (ChatGPT4, Fine-tuned LLMs on Solidity, etc.). The LLMs then go through these documents and decide whether the smart contrat has this vulnerability or not. If this is the case, the protocol admin will be notified in our front-end.
Objectives
1 - Better use of audit reports which contain a great deal of information
2 - Reassuring users that a protocol's security will be maintened at all times
3- Help projects maintain a safe code
How it's Made
Smart contracts
We created a smart contract registry that can be deployed on any EVM-chain. A user, usually a protocol owner, can register on the platform by paying a fee that is based on the scope of the contracts they want to analyze and a number of scans. At any time, the user can extend their subscription by buying more scans or change the scope of their protocol.
At the time of writing this, the registry is deployed on the following chains / L2s:
- Arbitrum Sepolia
- Linea Sepolia
- Scroll Sepolia
- Zircuit Testnet
We get the source code of the smart contracts that are subscribed to the service using etherscan and match them against the vulnerabilities and exploited kept in our database. We run the scan on every contract whenever we add a new report to our database.
Backend
The contracts and vulnerabilities are run on ChatGPT and other LLMs from HuggingFace stored on Nillion and running locally that have been fine-tuned on Code and especially on Solidity, using Python. We can then imagine a vote being done on the aggregation of decisions made by the LLMs to make the final decision more robust.
Additionally, we generate a hash of the result of our analyzer and post it on the chain. This data can be then retrieved using a subgraph that we have created, so the users can verify a protocol is taking care of the security of their products. In the future, we would like to create ZK Proofs that would show we ran the analyzer and didn't find any vulnerabilities.
Frontend
We are using Plasmic and Typescript to create the frontend app.
