[Grant Application]: Eiger - Training a ML model to audit Solidity contract

[dtuzi]

Project Description

At Eiger we are developing an advanced analytical framework designed to audit Solidity smart contracts across all EVM enviroments. Utilizing a combination of Abstract Syntax Trees (AST), Intermediate Representation (IR) and machine learning models, this system will systematically evaluate smart contract codebases for potential vulnerabilities. By identifying and rectifying these susceptibilities, we aim to bolster the integrity and security of decentralised applications, ensuring their robustness in real-world applications and safeguarding them against potential breaches. Possible features:

• Vulnerability Detection: Analyse and identify vulnerabilities in Solidity smart contracts, providing actionable insights for developers to rectify them.
• API Integration: Offer both HTTP and gRPC endpoints, ensuring flexibility and broad compatibility across different platforms and use cases.
• Contract Classification: Determine the type of contract (e.g., proxy, token, or NFT) and identify if it extends popular platforms like SushiSwap, Uniswap, or PancakeSwap.
• Documentation & Web Interface: Provide comprehensive API documentation and a user-centric platform for easy interaction and understanding of the system's capabilities.
• Privacy-First Approach: Allow customers the option to receive anonymous vulnerability reports, ensuring data confidentiality and user privacy.
• Customizable Rate Limiting: Allow users to adjust the rate of API requests to suit their specific needs, ensuring optimal performance without overloading the system.

Category

AI Integration

Timeline

Milestone	Description	Duration
Extended Parsing Capabilities	Completion of all extended functionalities.	4 weeks
Data Collection, Preprocessing and Model Training	Successful training of basic models with preprocessed data	4 weeks
API Development and Integration	Successful deployment and testing of the developed API	2 weeks
Documentation and Web Interface Development	Launch of the website and release of comprehensive API documentation	2 weeks

Project Plan

1. Initialization & Setup: Begin by setting up the necessary development environment and tools. This includes integrating with the open-source project for Solidity parsing capabilities.
2. Extended Parsing Capabilities: Develop and enhance the Solidity parser, focusing on AST, IR, ABI, Ethereum Proposals and the most important syntax vulnerability detection.
3. Data Collection & Storage: Use the sanctuary repository to gather a vast collection of Solidity smart contracts. Store these contracts in a structured database for efficient access and management.
4. Data Preprocessing: Implement the detection system that preprocess the stored smart contracts, ensuring they are in the optimal format for model training.
5. Model Training & Refinement: Train basic machine learning models on the preprocessed data. Continuously test and refine these models to ensure peak performance and accuracy.
6. API Development: Design and deploy a set of API endpoints adhering to the OpenAPI standard. Implement dual API integration, supporting both HTTP and gRPC protocols.
7. Documentation & Web Interface: Develop comprehensive API documentation to guide developers. Simultaneously, create a user-centric website using Next.JS and Tailwind UI to showcase the platform's capabilities.
8. Testing & Quality Assurance: Conduct rigorous testing of all developed components, ensuring their reliability, security, and efficiency.
9. Launch & Community Engagement: Officially launch the platform, engage with the community for feedback, and make necessary refinements based on the feedback received.
10. Ongoing Maintenance & Support: Provide continuous support, address any issues, and roll out periodic updates to enhance the platform's features and capabilities.

Project Impact

This project, in its entirety, is much bigger than these few months of initial work to prove the concept. We are approaching multiple ecosystems to find early partners who have the vision to spearhead this work by supporting it at this early phase. Even though the solution would be beneficial to all EVM supporting networks eventually, Taiko would get early integration to its developer tools. This might incentivize undecided developers/institutions who would like to utilize an AI assistant to audit their contracts to choose Taiko instead of another environment without that integration.

Team Information

We help leading technology companies to scale and develop their core technologies to gain an edge by providing expert teams in the most critical areas of modern web3 development.
Eiger is part of the Equilibrium group.

Nevio Vesic (Github, Linkedin), a Software Engineer currently employed at Eiger, possesses an extensive background in the field of software development, spanning over 15 years. His professional portfolio reflects a diverse range of experience across multiple industries. This includes large-scale corporations and venture capital-backed startups, with a particular emphasis on the networking, telecommunication, and blockchain sectors. Nevio’s technical expertise is grounded in the Go programming language. Beyond his professional commitments, he dedicates his personal time to the exploration and development of syntactic analysis tools. Additionally, he has a keen interest in constructing tools designed to facilitate the efficient extraction of various datasets from blockchain networks.

Point of Contact

daren@eiger.co

Previous Work

We work with Fireblocks, Polygon, Aleo, Forte, Ripple, Starknet, Zcash, Celestia, Dfinity, Polkadot and more helping them build low level core implementations, from full nodes to specific components in the stack, from developer tooling to institutional integrations.

Additional Information

Grant Request (in USD):
$100,000

Agreement

• I agree to comply with the terms and conditions of the grants program