ZKasino smart contracts review done through ChatGPT by OpenAI
ZKasino’s audit by CertiK is currently underway. Progress can be tracked on https://www.certik.com/projects/zkasino. While awaiting the results, ZKasino presents a pre-audit done through the revolutionary source of wisdom: ChatGPT.
ZKasino’s infrastructure consists of game contracts that interact with the bankroll. The bankroll has an infrastructure on its own with multiple contracts. ChatGPT has been asked to explain what every contract does and if there are any security issues. Access controls are also described.
First the bankroll infrastructure was reviewed since the game contracts depend on the bankroll and interact with it. After that, the game contracts were reviewed while keeping the bankroll infrastructure in mind. Finally, ZKasino gives its own conclusion on ChatGPT’s pre-audit.
Overview of contracts under audit:
├── CoinFlip.sol
├── Common.sol
├── Dice.sol
├── Mines.sol
├── Plinko.sol
├── RockPaperScissors.sol
├── Slots.sol
├── VideoPoker.sol
└── bankroll
├── facets
│ └── BankrollFacet.sol
├── libraries
│ └── LibStorage.sol
└── vendor
├── Diamond.sol
├── libraries
│ └── LibDiamond.sol
└── upgradeInitializers
└── DiamondInit.solBankroll infrastructure
Infrastructure explained
All code related to the bankroll infrastructure was sent into ChatGPT in separate messages. Then ChatGPT was asked to give a review on the bankroll structure and to explain how each contract works.
Security issues in bankroll structure?
After this review, ChatGPT was asked to look for any security issues in each contract belonging to the bankroll infrastructure.
Diamond and BankrollFacet contracts
Following, the Diamond and BankrollFacet contracts were individually reviewed and any security issues were investigated, since these contracts are most important in the bankroll infrastructure.
Diamond contract in detail
BankrollFacet explained
Access Controls
The access controls can be found in the BankrollFacet.sol contract. ChatGPT was asked to describe the access control functions:
The relevant access control functions were already documented and can be found in the docs: https://docs.zkasino.io/developer/infrastructure#access-controls.
Game Contracts
After CertiK’s audit, ZKasino will launch on Polygon and BNB Chain with 7 games. The game contracts all use the Common.sol contract since that contract has functions that every game uses. The Common.sol contract has been reviewed first by ChatGPT, followed by the games: CoinFlip, Dice, Mines, Plinko, RockPaperScissors, Slots and VideoPoker.
Common.sol
ChatGPT reviewed the Common.sol contract. First was asked what the contract does:
Next up, ChatGPT looked for any security issues in the Common.sol contract:
ZKasino will now address ChatGPT’s points. Regarding the VRF, Chainlink has been the most used and battle tested VRF with no known randomness manipulation events, which leads to believe its security is foolproof. The VRF fees are calculated in the frontend according to what is asked by the smart contract. Worst case scenario the transaction will be reverted, never leaving any costumer funds at risk. The tokens allowed for betting can only be set by the multi-sig (see Access Controls) that controls that bankroll.
After the Common.sol contract, all games were reviewed.
CoinFlip
Dice
Plinko
Rock Paper Scissors
Slots
Conclusion on ChatGPT’s review
Although ChatGPT has not explicitly identified any immediate security issues with the smart contracts used by ZKasino, we believe it is essential to conduct a more thorough audit to ensure the contracts are bulletproof and immutable. While ChatGPT’s opinion is certainly valuable, it is important to consider the significant amount of funds that ZKasino will be processing, and to take every precaution to ensure the security and reliability of the contracts.
Despite this recommendation, it is worth acknowledging the usefulness of ChatGPT’s pre-audit. The fact that ZKasino has been live on multiple chains for two months without any issues is a promising sign that the contracts are relatively safe. However, a full audit by a reputable company like CertiK can provide added assurance and give players confidence in the security of the contracts.
In addition to its value for ZKasino, we also recommend that other projects consider performing pre-audits with ChatGPT. While it may only take a few minutes of work, a pre-audit has the potential to save a project from a costly exploit that could have devastating consequences. Even though ChatGPT is still in the early stages of development, the future looks bright for the potential of artificial intelligence. It’s exciting to think about what GPT-4’s capabilities might be, and how it could further enhance the security and reliability of smart contracts in the future.
Currently live on testnet!
ZKasino is currently live on 5 testnet chains, including the ZK-Rollup zkSync 2.0. Head over to the dApp to start playing https://play.zkasino.io/ to get yourself familiar before the mainnet launch.
Also, be sure to follow us on Twitter and join the Discord or Telegram servers to stay up-to-date.
