The open-source Wake Framework is extended with private detectors that enhance its analysis capabilities. These detectors combine Wake's precise static analysis with AI to enable further detection of complex vulnerability patterns and reduce false positives.
The AI layer augments Wake's detection capabilities by leveraging comprehensive knowledge of both the framework's documentation and the analyzed codebase. This understanding enables additional interpretation of findings, providing audience with contextual analysis of the discovered issues.
AI detectors that extend the Wake Framework are kept private, but we demonstrate on one example the direction and possibilities of AI in static analysis.
The keccak256 private AI Wake detector validates storage slot computations where developers document their hash calculations in code comments. While these comments vary in format, LLMs can interpret them and verify the implementation.
For example, when encountering code like:
// slot = keccak256(abi.encode(POSITION_MANAGER_STORAGE_POSITION))
bytes32 private constant POSITION_MANAGER_STORAGE_SLOT = 0x9994c8b75655dd4c31c9655065b829358f4b10699505a627bacfb3faa3f9e2d2;The detector:
Extracts the computation description from comments
Understands the intended calculation
Performs the actual keccak256 computation
Compares with the implemented constant
Flags any mismatches for review
This validation is particularly important for storage slot management and proxy implementations where incorrect hash values could lead to storage collisions. It demonstrates the new AI possibilities in static analysis. This approach was presented at ETH Prague 2024.
Last updated