Monero logs

14:12:08 sgp_: Just in case anyone suggests an AI-driven security audit of Monero in the future: https://magicgrants.org/2026/03/09/AI-Not-Ready-for-Ethereum-Audits

14:12:08 sgp_: We tried a specialized smart contract auditing AI tool. It made up a bug and suggested introducing the same critical vulnerability to fix it.

17:12:35 rbrunner7: @sgp_:monero.social: Thanks for the interesting info. But IMHO you won't be able to stop that, using rational arguments and examples where it already went wrong. Somebody will try with Monero. When the bursting of the AI bubble will be nearing, it might be that desperate companies with AI products will even sponsor such work with bounties ...

17:26:36 sgp_: I know someone will try it (and I can't stop them!) but I'm personally very skeptical of those attempts

17:27:26 sgp_: I made the post to help explain not only can they be wrong and a waste of time, but they can also actively suggest adding new vulnerabilities lol

17:28:13 sgp_: I'm not 100% against AI use but it should always be assumed to be wrong

20:20:29 kiersten5821:matrix.org: why is the version you sent to v12 not the same as the version on github? there is no transferOut function in Router.sol https://github.com/serai-dex/serai/blob/develop/networks/ethereum/contracts/Router.sol > <@sgp_> Just in case anyone suggests an AI-driven security audit of Monero in the future: https://magicgrants.org/2026/03/09/AI-Not-Ready-for-Ethereum-Audits

20:21:44 hooftly:matrix.org: Lol

20:22:08 kiersten5821:matrix.org: you didn't post the version of the code that you sent to v12 anywhere in your blog

20:24:49 321bob321: Job creation > <@sgp_> Just in case anyone suggests an AI-driven security audit of Monero in the future: https://magicgrants.org/2026/03/09/AI-Not-Ready-for-Ethereum-Audits

20:25:32 kiersten5821:matrix.org: actually the contract hasn't been updated in 2 years? Did you send a version of the contract more than two years old to the review?

20:29:02 sgp_: @kiersten5821:matrix.org: https://github.com/serai-dex/serai/tree/next-polkadot-sdk

20:29:09 sgp_: different branch

20:30:18 sgp_: this is what I specifically connected to V12: https://github.com/justin-v12-zellic/serai/tree/next-polkadot-sdk

20:30:38 kiersten5821:matrix.org: @sgp_: thanks, yeah i found it in the commit that was in the trail of bits review as well. though i guess yours is newer as well https://github.com/serai-dex/serai/blob/19422de231592690ac324edb57e32ba1517d1db4/processor/ethereum/router/contracts/Router.sol You should update the blog, it will confuse anyone who tries to verify it

20:30:57 kiersten5821:matrix.org: it is very confusing to have the default branch without this code, and then just talk about how you sent it, and nowhere did you link to the code you actually sent in the blog

20:32:32 sgp_: ok: https://github.com/MAGICGrants/MagicGrants.org/commit/5fa64b87917376efe2e1a634d7f53069f65d6f39

20:35:08 sgp_: I made a separate GitHub account because to use V12, you need to give it control over the GitHub account that you link

20:37:10 sgp_: maybe we should have asked qubic for an audit

20:41:39 kiersten5821:matrix.org: good blog btw, seems factually correct to me. good to keep in mind that very skilled devs heavily filtering ai outputs have gotten large bounties though, best not to dismiss usage outright

20:45:12 sgp_: for bounty programs submissions are just the AI output without verifying it actually is what AI claims, which makes administering those programs hard. It's essentially free to spam and sometimes difficult to verify, or at least a disproportionate amount of effort to review

20:46:27 sgp_: and then they argue about not receiving their $100k for a fake issue

20:49:15 kiersten5821:matrix.org: yes ai spam is a problem, there are multiple teams which have received more than $100k multiple times for ai-discovered bugs they reviewed and filtered though (and they brag that it was ai). it's like complaining that 99.9% of people on twitter are stupid. well you're there to learn from the 0.1%. just need to find better ways to skip the 99.9