BitsLabAI Scanner ranked second in the audit competition, surpassing numerous auditors
TechFlow Selected TechFlow Selected
BitsLabAI Scanner ranked second in the audit competition, surpassing numerous auditors
BitslabAI Scanner outperforms most auditors in audit competitions using an AI-powered scanner.
Navigating Web3 tides with focused insightsIntroduction
Bitslab has developed a cutting-edge AI audit Agent, BitsLabAI Scanner, specifically designed to analyze and protect Web3 applications. We recently tested this technology in the SuiDex public audit competition with outstanding results. The BitslabAI Scanner leveraged its AI-powered scanner to outperform most human auditors in the competition, helping our team secure second place.
Background
The Web3 ecosystem is expanding at an astonishing pace, and smart contracts are becoming increasingly complex. While this innovation is exciting, it also introduces significant security risks—especially in emerging ecosystems like Sui. Auditing Move-based smart contracts is a challenging task due to the lack of sufficient historical vulnerability data and mature tooling compared to the EVM world.
To address this critical security gap, Bitslab developed a state-of-the-art AI Agent, BitsLabAI Scanner, specifically for analyzing and securing Web3 applications. We recently tested this technology in the SuiDex public audit competition with exceptional results. The BitslabAI Scanner used its AI-driven scanner to outperform most auditors in the competition, helping our team achieve second place. This demonstrates the powerful capability of BitsLabAI Scanner to uncover critical security vulnerabilities that might otherwise be missed without AI assistance.
Why We Built a Security-First BitsLabAI Scanner
The world of on-chain security is undergoing a radical transformation driven by foundational AI. While general-purpose large language models (LLMs) today can perform preliminary analysis of smart contract code, they often lack the specialization and adversarial thinking required for rigorous security audits. These models are good assistants, but they are not auditors.
To bridge this critical gap, we built a security-first multi-layered architecture—BitslabAI Scanner. It is not a single monolithic model, but rather an integrated system where multiple specialized AI components work together. Each component is tailored to specific challenges in smart contract security:
● Semantic Code Analysis: Understanding the intent and logic behind code—not just syntax—but grasping the business purpose of the contract.
● Vulnerability Detection: Trained on extensive datasets of known vulnerabilities and anti-patterns, covering everything from reentrancy attacks to complex economic manipulation vectors.
● Attack Simulation: An advanced component that autonomously generates and validates potential attack paths to confirm whether theoretical vulnerabilities can actually be exploited.
This integrated approach enables the AI to uncover complex logic flaws and hidden attack vectors that both general-purpose AI and manual audits often miss. By combining the speed and scale of AI with the precision of security experts, our framework achieves deeper, more comprehensive analysis, proactively securing next-generation Web3 applications.
From Concept to Practice: The Real Power of BitslabAI Scanner
The strength of BitslabAI Scanner lies in its ability to go beyond the limitations of traditional static analysis. It does not merely check whether code contains entries from a known vulnerability list; instead, it simulates the thought process of a top-tier security researcher. It analyzes not only what the code actually does, but also what it could be forced to do. This includes understanding economic incentives, potential edge cases, and novel attack techniques that require adversarial thinking to detect.
This deep, context-aware methodology was the foundation of our success in the SuiDex audit. The AI did not just provide a list of potential issues—it delivered a set of priority-ranked, actionable insights that directly guided audit experts to the most critical vulnerabilities. Below are the core capabilities underpinning this analysis, illustrated with concrete SuiDex examples:
● Automated Vulnerability Detection: Scanning for common and uncommon vulnerabilities in contracts, including reentrancy, integer overflows, access control issues, and precision errors.
● Contextual Understanding: Analyzing interactions between different modules within a contract and external calls, identifying logical flaws that arise under complex dependencies.
● Precision and Accuracy: Minimizing false positives while maintaining high accuracy in identifying real risks.
● Scalability: Capable of efficiently auditing large and complex codebases, suitable for various blockchain projects.
Meeting the Challenge: Key Findings That Surpassed Human Auditors in the SuiDex Audit Competition
In our AI-driven analysis of the SuiDex protocol, we achieved highly effective results, uncovering multiple vulnerabilities that could jeopardize platform integrity and user funds. Ultimately, we identified 7 critical vulnerabilities and 3 high-risk vulnerabilities, demonstrating the depth of our analysis.
While the full list remains confidential, the following representative cases illustrate the capabilities of our AI:
1. Critical Finding: Incompatible Mathematical Systems in Core Arithmetic (SUIDEXCA-122)
● Issue: The protocol's fixed-point math library simultaneously uses two incompatible mathematical systems. At the logic level, calculations are performed using binary decomposition (powers of 2), while the protocol’s precision standard is based on decimal (powers of 10). Performing binary operations within a decimal framework is akin to mixing meters and feet in the same formula without conversion.
● Impact: All non-trivial multiplication and division operations inevitably produce unpredictable and incorrect results. This is a ticking time bomb that would completely undermine the reliability of the entire AMM, leading to significant financial discrepancies and loss of user trust.
This finding illustrates the AI’s ability to detect deep mathematical flaws, not just surface-level code bugs.
2. Critical Finding: Incorrect Swap Logic Flag
● Issue: A key function responsible for executing Token A → Token B swaps called an internal library to calculate the required input amount but incorrectly passed a hardcoded parameter, causing the library to assume the reverse swap direction (Token B → Token A) was being executed.
● Impact: This small error leads to incorrect calculation of input amounts for every transaction, resulting in unfair pricing or outright transaction failures, severely disrupting the core functionality of the DEX.
This discovery showcases the AI’s cross-function contextual analysis capability. It did not analyze the function in isolation but traced the complete execution path, identifying a critical logical contradiction.
3. High-Risk Finding: Infinite Token Minting Vulnerability (SUIDEXCA-30)
● Issue: A subtle flaw in the reward token timing logic failed to properly enforce the intended three-year issuance cap.
● Impact: The protocol would mint new tokens indefinitely, far exceeding the planned schedule. This would completely destroy the project’s tokenomics, trigger hyperinflation, devalue the token, and break commitments made to the community.
This case demonstrates how the AI can analyze business logic and its long-term economic consequences, thereby safeguarding the financial integrity of the protocol.
Our detailed report has been promptly shared with the SuiDex development team, who have confirmed these findings and taken immediate steps to fix them.
More Than Just Second Place: The Value and Significance Behind BitslabAI Scanner
BitslabAI Scanner’s outstanding performance in the SuiDex audit competition—securing second place and uncovering numerous critical and high-risk vulnerabilities—demonstrates its advanced capabilities. This achievement not only validates the effectiveness of BitslabAI Scanner in smart contract security auditing but also reinforces our commitment to building a decentralized secure future.
As the blockchain ecosystem continues to expand, the demand for robust and efficient security solutions will only grow. BitslabAI Scanner is ready to meet this challenge head-on and shape the future of Web3 security.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
@0xbitslab
