TRON AI ScannerBot by StrandGeek - TRON Smart Contract Code Analysis using AI

ScannerBot Banner800×500 18.6 KB

Project Name: TRON AI ScannerBot

Project Track: AI

Team Name: StrandGeek

Team Member(s): 1 - @strandgeek

HackerEarth Project Link: strandgeek_fdb6 - HackaTRON Season 5 - Submission | HackerEarth Hackathons

Project Goal: TRON AI ScannerBot employs state-of-the-art AI algorithms to conduct a comprehensive analysis of TRON smart contracts, identifying potential vulnerabilities and bugs.

Project Value: TRON AI Scanner offers a unique value proposition tailored specifically to TRON smart contracts. What sets it apart is its in-depth understanding of the intricate nuances of the TRON ecosystem, including the TVM.

Project Info:

ScannerBot Presentation (PDF).pdf (348.8 KB)

Project Website: https://scannerbot.xyz/

Project Test Instructions:

1 - Go to the live demo: https://scannerbot.xyz/
2 - Create an account
3 - Create a Project
4 - Click on "Setup Instructions. You can see your project token
5 - On your TronBox project, run the command:

npx @scannerbot/cli --project-token YOUR_PROJECT_TOKEN

6 - Go to the “Scans” page on ScannerBot UI and check the scan result

Project Details:

Smart Contract Links: N/A (This is a tool)

Project Milestones:

For HackaTRON Season 5:

• Create the ScannerBOT API
• Create the ScannerBOT CLI
• Create the ScannerBOT Webapp
• Integrate project with Slither
• Create the TVM solc executable with the expected output from Slither
• Integrate the OpenAI with the results from Slither using GPT models
• Create a pipeline and wrap up all the flow to have a smoothly experience for UX

Post-HackaTRON:

• Implement a payment system (Stripe) for the Cloud plan
• Implement Notification configurations for the detected severities

Welcome to hackatronS5 ! If i am getting this right, TRON AI ScannerBot is basically like an auditor of smart contracts?

Hello TRON AI SCANNER BOT.

Welcome to Tron Dao forum,
Welcome to HACKATHON session 5.

Good you made it to the AI track.

About your project, just some quick questions.

• How will the AI scanner bots be used to protect privacy and security?

• How will the AI scanner bots be used to improve efficiency and productivity?

• What are the potential risks of using AI scanner bots?

• What are the specific tasks that the AI scanner bots will be able to perform, or any limitations using it?

Do have a lovely building days in this Hackathon.

Welcome to HackaTRON S5, wishing you all the best. Thank you for building this, I think one of us has suggested this on the forum before and I am glad someone is working on it this season. As my bro @HODL asked, will this work as smart contract auditor?

Hey buddy welcome to Grand Hackathon Season 5, wishing you all the best

Hello @HODL @Gordian @Prince-Onscolo and @Nweke-nature1.com !

Good to see you guys here in this Season 5! You guys are always present on community.

Answering your questions:

How will the AI scanner bots be used to protect privacy and security?

The TRON AI ScannerBot will take care of privacy and security by employing LLM (Large Language Model) models from trusted third-party vendors that have built-in privacy protections. (but of course it can bring some risks). In terms of security, TRON AI ScannerBot focuses on providing actionable insights and recommendations to improve code quality and security. It will identify areas in the code that can be enhanced and suggest specific changes or improvements based on the analysis. To ensure the integrity of the suggestions, the bot will reference official source-code and documentation from trusted resources.

How will the AI scanner bots be used to improve efficiency and productivity?

In summary, the TRON AI ScannerBot will improve efficiency and productivity by automating code analysis, providing real-time feedback, and leveraging AI capabilities to detect vulnerabilities and programming errors. By reducing manual effort and enabling rapid identification of security risks, developers can focus their time and resources more effectively, resulting in faster development cycles and higher-quality smart contracts.

What are the potential risks of using AI scanner bots?

While AI scanner bots provide valuable assistance in code analysis and security auditing, there are potential risks to consider:

1. False Positives or False Negatives: AI scanner bots rely on algorithms and predefined rules to detect vulnerabilities and security issues. There is a possibility of false positives, where the bot identifies an issue that is not actually a vulnerability, or false negatives, where it fails to detect a genuine vulnerability. Developers should exercise their judgment and conduct additional manual reviews to validate the bot’s findings.

2. Limited Scope of Detection: AI scanner bots have specific rules and patterns they follow to identify vulnerabilities. They may not capture all possible security issues, especially novel or unknown vulnerabilities that do not fit within the established patterns. Developers should be aware that the bot’s analysis has limitations and should consider comprehensive security practices beyond the bot’s capabilities.

3. Reliance on Third-Party Software: AI scanner bots often utilize underlying technologies or models developed by third-party vendors. There is a risk of relying on software that may have vulnerabilities or pose security risks itself. It is crucial to select reputable and trusted AI scanner bots from reliable sources and ensure regular updates and security patches to mitigate these risks.

4. False Sense of Security: While AI scanner bots provide valuable insights, it is important to remember that they are not infallible. Developers should not solely rely on the bot’s analysis and recommendations. Applying security best practices, conducting manual code reviews, and engaging in thorough testing are essential for ensuring the overall security and reliability of smart contracts.

What are the specific tasks that the AI scanner bots will be able to perform, or any limitations using it?

TRON AI ScannerBot takes into account the unique nuances of the TRON Virtual Machine (TVM), which differs from the Ethereum Virtual Machine (EVM) in certain aspects. This specialized knowledge allows the bot to provide accurate analysis and tailored recommendations specific to the TRON ecosystem. By understanding the differences between TVM and EVM, TRON AI ScannerBot ensures that developers receive insights that align with the specific requirements and best practices of TRON smart contract development.

This is a great idea @strandgeek I think dextools has something similar where it tracks smart contracts for honeypots, concentration of holdings, and other malicious actions (draining of wallet permissions/ Owner wallet permissions) that could affect people using the blockchain and or trading.

Security for consumers/devs is always needed.

Are you targeting Developers or smart contract users? both?

THANKS for this clarification, bit by bit I will understand more.

All the best to your project.
Keep building

AI scanner bots on the security and privacy aspect is not 100%.

Welcome to the HackaTRON Season 5. I have Just a few questions for you.

What type of AI algorithms will be used in the TRON AI ScannerBot?

What are the potential vulnerabilities and bugs that the ScannerBot will be looking for?

How will the TRON AI ScannerBot be able to provide a unique value proposition in the TRON ecosystem?

Hi,
How much would it cost to use the scanner?
Do you pay by line of code? Is it free of charge?

Thanks

I think it’s targeted for developers. Users can use it too maybe

Welcome to Season 5, not alot of information being disclosed here in-forum though it’s exciting to see this in the AI builders track, also find it quite fascinating that the Bot is used to analyze Tron Smart contracts. Hence, I got just one question;

How does the TRON AI ScannerBot utilize AI algorithms to analyze TRON smart contracts? What specific AI techniques are employed?

I’m targeting the development team. The goal is provide a security insights during the development of the Smart Contract

My plan for this project is combining 3 elements:

• Statical Analysis
• Semantic Inference Analysis
• LLM Analysis

Hi @fabsltsa , for now the main idea is the SaaS business model where the user can select a plan with a limit of lines of code per month. About pricing, I still need to finalize the MVP to be able to estimate it since it depends on computational costs

@manfred_jr I think this answers your question.

The main idea is combine those 3 elements and the most important: taking into account the TVM once the focus is develop and provide a toolset for TRON developers.

Thank you for providing more information about your plan for the TRON AI ScannerBot project. But to quench my arousing curiosity, I’ve a question;

Considering the dynamic nature of smart contracts, what specific techniques or approaches will you employ to handle runtime behaviors and potential interactions with external contracts within the TRON ecosystem?

What about projects that don’t need a monthly plan but just to verify some contracts one time and then they are good to go?

Pay-As-You-Go would be good.