Raze | New Tool Aims to Slash LLM Hallucinations in Smart Contract Audits
Edited By
Leo Zhang
A new open-source tool, Raze, seeks to improve the accuracy of smart contract audits by minimizing errors linked to Large Language Models (LLMs). Developed to counter the frequent hallucinationsβwhere AI generates non-existent attacksβthis tool is creating buzz among Solidity developers.
Problem Addressed
The crux of the tool's design stems from a significant flaw in AI auditing processes. When used in auditing smart contracts, LLMs often produce incorrect or irrelevant suggestions. The developer of Raze aims to ensure the AI proves its intent before generating proposals.
Structured Roles Movement
Raze operates through a unique structured role system:
Planner
Attacker
Tester
Runner
Reporter
Each role independently validates the previous one using real contract symbols, effectively filtering out hallucinated functions before they escalate into generated exploit code.
Key Features
Raze includes multiple features tailored to Solidity requirements, notably:
Comprehensive coverage of common vulnerabilities: reentrancy, access control, arithmetic issues, flash loans, and price manipulation.
Regression mode that ensures fixes workβsaving developers from surprises at later stages.
Compatibility with systems like Claude, Cursor, and Codex; no Docker or API key necessary.
"The final output is a Foundry proof scaffold you can run with
forge test," the developer stated.
Community Feedback
Community responses reveal a mixture of optimism and caution. Some users highlighted the tool's current limitations: "Version 1 doesnβt handle cross-function dependencies well. Those bugs require a more holistic view of contracts."
The emphasis on specific well-known vulnerabilities has drawn attention but also sparked requests for further development in identifying complex business logic bugs across contracts.
A curious comment noted, "Does the repo contain reports about the hallucinated and impossible attack vectors that came up in your testing?" This reflects a growing responsibility among developers to ensure robustness in their tools.
Key Points
π First Version addresses well-known smart contract vulnerabilities.
π― Feedback on complex bugs is crucial for future developments.
π οΈ
Future Trajectories for Smart Contract Audits
With Raze's initial rollout, there's a strong probability for its adoption within the Solidity community, especially among developers keen on improving audits. Experts estimate around a 70% chance that subsequent versions will address user feedback on cross-function dependencies, driven by real-world use cases and increasing demands for security. Additionally, the toolβs compatibility with existing systems will likely catalyze wider integration in mainstream platforms, as developers seek to improve accuracy and reduce errors. The current focus on known vulnerabilities may also steer future updates towards a more comprehensive approach, targeting complex business logic bugs.
A Historical Echo of Tool Evolution
Reflecting on history, the rise of Raze conjures memories of early automobile safety innovations in the 1920s, where initial designs prioritized speed over driver and passenger safety. As accidents revealed the shortcomings of these vehicles, manufacturers faced pressures to evolve, leading to safety features like seat belts and crumple zones becoming standard. Similarly, Raze's development hints at a turning point in smart contract auditing, where early missteps in AI-led assessments may drive innovations that prioritize accuracy and security in crypto applications. Just as the auto industry transformed through lessons learned from the road, the smart contract realm might witness significant advancements birthed from a need to correct the course.