Source: Beosin
On June 9, Anthropic officially launched the public version of Claude Fable 5 under the Mythos brand. Previously, Mythos gained significant attention in the cybersecurity field for its exceptional ability to rapidly uncover hidden vulnerabilities within systems.
The recent Zcash incident is a classic example of AI detecting blockchain vulnerabilities. Security researcher Taylor Hornby used the Anthropic Claude Opus 4.8 model to identify a four-year-old soundness vulnerability in the Orchard privacy pool within hours—a flaw that had eluded multiple previous manual audits. The vulnerability theoretically allowed for the minting of unlimited undetected fake ZEC, causing ZEC’s price to plummet nearly 40%.
AI currently demonstrates remarkable efficiency in code pattern matching and bulk preliminary screening, and integrating AI into blockchain and smart contract security audit processes is becoming a trend in the Web3 security industry. This article will analyze the advantages and limitations of AI in smart contract auditing, using real-world vulnerability cases and Fable 5’s tested performance.
AI audit advantage scenarios
Case Study: Storage Slot Collision
The contract uses the following two components simultaneously:
1. Custom reward mapping (used to record rewards available to users)
2. Solady library's ReentrancyGuard (prevents reentrancy attacks)
The storage layouts of the two components conflicted.
Among them, Solady's ReentrancyGuard achieves极致 gas optimization by using fixed, low-numbered storage slots (typically derived through specific calculations to yield a slot close to a constant). The typical logic of the nonReentrant modifier is:
KuCoin
Custom rewards mapping:
mapping(address => uint256) public rewards;
Due to Solidity's storage layout rules (the first slot of a mapping is calculated based on its declaration position), the first slot of the rewards mapping is identical to the fixed protection slot of ReentrancyGuard.
Attack flow (detailed steps):
1. The attacker calls the getReward() function
2. The nonReentrant modifier triggers, writing 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff (all 1s) to the guard slot.
3. The contract code then reads rewards[attacker's address] — but due to a slot collision, it actually reads the enormous value 0xff...ff from the guard slot.
4. The contract believes there is a "massive reward," so it transfers the ETH to the attacker and attempts to clear rewards[attacker] (but writes back to the same guard slot).
5. Since the modifier restores the slot at the end of the function, the attacker can repeatedly call getReward(), causing the process to repeat.
6. The attacker repeatedly calls the function 200 times, successfully withdrawing a fixed amount of ETH each time until all withdrawable ETH in the contract is exhausted.
Note that this is not a traditional reentrancy attack, but rather a vulnerability where ReentrancyGuard’s own protective mechanism was inversely exploited due to a storage collision, resulting in an infinite reward loophole. Human auditors rarely analyze third-party library storage layouts line by line, whereas AI can instantly compare library versions and precisely map storage slots, directly identifying such “hidden collision” vulnerabilities.
Disadvantages of AI auditing
Fable 5 excels in detecting vulnerabilities in single contracts, pure code syntax, and low-level storage, but still exhibits clear limitations when confronting cross-protocol compositional semantics and multi-contract combination attacks. We employed the latest public version of Fable 5 to retest the contracts related to the Curve LlamaLend sDOLA attack event, and the results confirmed this issue.
This audit covers the following contracts: crvUSD Controller.vy, sDOLA.sol, ERC4626.sol, and related contracts. However, Fable 5 failed to identify the core risk associated with this attack:
This incident is a typical cross-protocol composite vulnerability, where the individual contract code has no syntactic or logical issues, but the attacker exploited the interaction between multiple protocols to construct an attack chain:
1. Using flash loan tools to manipulate the Curve pool price and maliciously depress the asset price of sDOLA (ERC-4626 vault shares);
2. A large number of borrowing positions collateralized with sDOLA have triggered liquidation thresholds;
3. Attackers execute liquidations in bulk to profit from them.
These vulnerabilities arise from combinations of multiple DeFi protocols and test the comprehensive analytical capabilities of AI and audit experts regarding overall business logic and protocol economic models; currently, AI auditing still has limitations in understanding cross-protocol compositional semantics.
Conclusion
Real-world case testing shows that Fable 5 effectively uncovers hidden vulnerabilities often missed by manual audits in standardized, detailed scenarios such as storage slot conflicts, code pattern vulnerabilities, single-contract logic flaws, and initial batch code screening. However, it struggles to understand the business essence of on-chain ecosystems and identify composite attack paths in complex scenarios including cross-protocol compositional semantics, DeFi economic models, multi-contract coordinated attacks, and intricate business logic vulnerabilities—areas that still require professional security auditors to lead the analysis.
In routine audit work, Beosin has established a mature audit process that combines AI with security audit experts, significantly improving audit efficiency while better identifying potential subtle risks and complex business logic vulnerabilities, making audits more efficient, comprehensive, and in-depth.