This project provides an AI-powered engine for smart contract vulnerability mining, targeting security auditors and developers. It leverages large language models (LLMs) with task-driven and prompt-engineering approaches to identify vulnerabilities without requiring pre-trained knowledge bases or fine-tuning, aiming to reduce manual audit effort and improve bug bounty discovery.

How It Works

The engine utilizes a task-driven and prompt-driven methodology, focusing on sophisticated prompt design to guide LLMs in vulnerability analysis. It strategically employs "deception" and hallucination as mechanisms to uncover potential security flaws. The system supports multiple LLM providers and models, with configurable scan modes and iteration counts to optimize results and cost.

Quick Start & Requirements

• Installation: Place project in src/dataset/agent-v1-c4.
• Prerequisites: PostgreSQL database, OpenAI API access.
• Configuration: Set up datasets.json and .env file with database credentials, API keys, model selections (e.g., gpt-4-turbo, claude-3-5-sonnet), and scan modes (e.g., COMMON_PROJECT_FINE_GRAINED).
• Resources: Estimated scan time for medium projects is 2-3 hours, with costs around $20-30 for 10 iterations.
• Documentation: [Not explicitly linked, but configuration details are in README.]

Highlighted Details

• Discovered over $60,000 in bug bounties as of May 2024.
• Supports Solidity, Rust, Python, Move, Cairo, Tact, Func, Java, and Pseudo-Solidity.
• Offers configurable scan modes including COMMON_PROJECT_FINE_GRAINED for detailed analysis.
• Utilizes separate models for scanning (Claude 3.5 Sonnet recommended) and confirmation (DeepSeek recommended).

Maintenance & Community

• Project renamed to finite-monkey-engine in August 2024.
• Version 1.0 released November 2024, validating LLM-based auditing feasibility.
• Contributing via Pull Requests is welcomed.

Licensing & Compatibility

• Licensed under Apache License 2.0.
• Permissive license suitable for commercial use and integration with closed-source projects.

Limitations & Caveats

The engine excels at logic vulnerability mining but is weaker in detecting control flow vulnerabilities. The current false positive rate ranges from 30-65%, depending on project size. While GPT-4 Turbo is recommended for best results, Claude 3.5 Sonnet offers a balance of performance and cost.