Skip to content
/ l3x Public
forked from VulnPlanet/l3x

AI-driven Static Analyzer. Supports Rust and Smart contracts: Solana based on Rust, Ethereum based on Solidity.

vulnplanet.com/
0 stars 9 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jg8481/l3x

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
etc
etc
 
 
l3x
l3x
 
 
README.md
README.md
 
 

Repository files navigation

L3X - AI-driven Smart Contract Static Analyzer

L3X detects vulnerabilities in Smart Contracts based on patterns and AI code analysis. Various LLMs act as validators for vulnerabilities detected by patterns and validate each other's results in AI code analysis. Vulnerabilities are confirmed when they receive confirmation from a majority of validators. As a result, a report with validated vulnerabilities and detected safe patterns is generated.

Smart Contract Support

  • Solana based on Rust
  • Ethereum based on Solidity

Design

design

How It Works

  • Vulnerability Patterns Analysis: Analysis of smart contract code for
  • AI Code Analysis: Analysis of smart contract code for vulnerabilities using Language Model validators (LLMs).
  • LLM Validators: Potential vulnerabilities detected are passed on to multiple LLM validators for confirmation. Three different models are utilized: GPT-4, Gemini, and Claude 2.
  • Validation Process: Each validator independently assesses potential vulnerabilities. Detected vulnerabilities undergo a validation check.
  • Decision Making:
    • Valid: A vulnerability is confirmed as valid when at least two LLM validators agree.
    • False Positive: A finding is marked as a false positive when identified as such by at least two validators.
  • Cross-Validation: Each LLM performs a cross-validation check during the AI Code Analysis phase.
  • Report Generation: A report is generated that compiles all confirmed vulnerabilities, with duplicates removed.

Current limitations

Currently it's MVP

  1. Vulnerabilities detects only based on vuln patterns
  2. GPT-3.5 act as validators for vulnerabilities detected by patterns

LLM supported

  • GPT-3.5
  • GPT-4 (Soon)
  • Claude (Planned)
  • Gemini (Planned)

Set API Keys

Set the openai api key as an environment variable OPENAI_KEY in your operating system

Linux/Mac

export OPENAI_KEY=sk-ApiKeyExample

Windows

set OPENAI_KEY=sk-ApiKeyExample

How to Use ❓

  1. Build
cargo build
  1. Compile
cargo run
  1. Run
l3x smart-contracts-folder-to-analyse

Usage Example 🏁

exec!

gif!

Report example - Solana

Report example - Ethereum

Roadmap 🗓️

  • Design
  • MVP concept
  • GPT-4 Integration 🔜
  • Claude Integration
  • Gemini Integration
  • AI Code Analysis
  • AI Code Analysis - Cross-Validation
  • Refactor
  • Accuracy Comparison

Contact 📧

All suggestions write to contact [email protected]

About

AI-driven Static Analyzer. Supports Rust and Smart contracts: Solana based on Rust, Ethereum based on Solidity.

vulnplanet.com/

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Rust 57.3%
  • HTML 42.7%