AI-powered Auditor for Solidity & Cairo Smart Contracts
ETH Global Showcase | Demo Video
Gecko is an autonomous multi-agent AI auditor that combines LLM’s with custom security tools like fuzzers and static analysers to replicate a hacker's intuition and detect vulnerabilities in Solidity and Cairo smart contracts.
- Custom GPT Vulnerability Research Engine
- Solidity Grammar Parser
- Modified Caracal
- LLM powered Solidity Fuzzer
Prerequisites:
- Open AI Key (gpt-4o-mini)
- PostgreSQL
-
Clone the Gecko repository:
https://github.com/nkoorty/gecko-singapore -
Install necessary dependencies and run the frontend (Google or GitHub login required)
npm i npm run dev
Dataset based on scraped etherscan small contracts
- Implement multi-file uploads
- Import GitHub repositories and automatically scan all files for vulnerabilities
- Automated report generation at each PR/push
- JJ: ex-Binance ex-Intellegence Security Researcher, interested in AI for offensive security
- Artemiy: Imperial College London Graduate, ex-Austrian Gov.
Based on research from:
- LLM4FUZZ: Guided Fuzzing of Smart Contract with Large Language Models
- Large Language Monkeys: Scaling Inference Compute with Repeated Sampling
- CONFUZZIUS: A Data Dependency-Aware Hybrid Fuzzer for Smart Contracts
Help us build Gecko! Gecko is an open-source software licensed under the MIT License.