A new artificial intelligence called ChatGPT lets you ask it any question and get a response. However, the given response might not be accurate. Thus, a skilled human is still required to confirm and improve the response.

ChatGPT has advanced to the point that it has a foundational knowledge of several programming languages, including Solidity. Additionally, it can produce some code snippets in response to your query. Here are example use cases that help with your Solidity development.

Explain code, syntax, and best practice

It is common to use a website such as Tutorialspoint to learn about the basic syntax of a programming language such as Solidity. However, these websites usually don’t contain advanced syntax, best practices, libraries, or patterns.

After you have done practicing developing basic smart contracts. It would help if you looked into the code of popular protocols. While you scan these codes, you will likely see the unfamiliar syntax, patterns, or libraries.

For example, these ECDSA tryRecover function code keywords: “mload” and “byte” aren’t documented on the Tutorialspoint. You may not understand what these keywords do. You can ask ChatGPT to “What is mload in solidity?” and “What is byte in solidity assembly block?”

ChatGPT has done an excellent job of explaining these keywords. ChatGPT also provides a code snippet. However, provided code snippet isn’t entirely correct (Syntax error).

You may still need to understand the context in which these keywords were used in the code. As a consequence, you can ask that ChatGPT explain that code snippet.

If you want to know the use cases, you can ask ChatGPT to “give me use cases on using mload in Solidity language.”

Moreover, you can provide a snippet and ask ChatGPT to list best practices related to this code snippet to learn about best practices. It is very convenient as finding the best practices from Google takes work.

Provide example snippets

ChatGPT is well known for providing example snippets according to your query easier and better than google. It’s similar to StackOverflow, but the code snippet is customized for your query.

The resulting snippet, however, regularly has many flaws and is far from ideal. Professional Solidity developers are still required to identify errors and integrate the generated code snippet into the codebase.

For instance, to have ChatGPT provide an example of using mload to manipulate memory pointers, you can ask it to “Give me an example of using mload to manipulate memory pointers.”

ChatGPT has given an example. However, this code won’t work as a pointer in the Solidity language isn’t defined with “uint256*”. ChatGPT mixes the syntax of another programming language with Solidity. This great example shows that professional humans are still required to correct errors.

We suggest reading this blog to learn more about using generated code snippets to create a complete smart contract in the “Writing Solidity without any previous knowledge” section.

Pair programming

Pair programming is a software development technique in which two programmers work together at a single workstation to develop a single piece of software. One programmer, known as the driver, writes the code while the other programmer, known as the navigator, reviews the code and provides feedback. The roles of the driver and navigator can be switched frequently to allow both programmers to have an equal level of involvement in the development process.

ChatGPT works great as your partner in pair programming. According to this blog on pair programming with ChatGPT on a bash script, ChatGPT acts as the driver who writes the software, and you, a human, act as a navigator who provides feedback to ChatGPT to improve its code. This simple infographic illustrates the process.

There is a video demonstrating pair programming with ChatGPT

Auditing your code to identify bug

In less than a minute, ChatGPT can audit well-known issues and vulnerabilities. ChatGPT, however, frequently generates false positives. Regardless of how excellent it is, ChatGPT cannot investigate complex cases. A professional auditor must still be involved in auditing for the aforementioned reasons. ChatGPT can assist professional auditors in framing the audit process but cannot take their place.

There is an exciting blog showing how ChatGPT is being used to exploit smart contracts. Here we will summarize the main ideas of that blog.

In this tweet, devtooligan asks ChatGPT to identify vulnerabilities in the Vault contract. ChatGPT has identified a vulnerability in the “withdraw” function that allows anyone to specify an arbitrary “from” address to force random people to withdraw without their consent.

This is a well-known issue in real-world cases like the Quix NFT marketplace hack. In this case, ChatGPT correctly identifies the vulnerabilities, describes them, and gives mitigation steps.

When we provide ChatGPT with a more complicated snippet, it will try its best to predict the key topics that are most likely to be used to exploit the given snippet. But most of them are false positives. A topic offered by ChatGPT is suitable for the given snippet.

Insufficient collateral value concern leads to a valid vulnerability, as shown in the Code4rena inverse finance audit.

However, once we provide another snippet from the same contract, it answers like the previous one.

These given topics are not valid at all. However, this snippet has a vulnerability, as shown in the Code4rena inverse finance audit.

Summary

ChatGPT can help Solidity programming in various aspects, including explaining code, syntax, and best practices, providing example snippets, pair programming, and auditing code. However, ChatGPT answers usually have many false positives. So, professional developers must take places to identify and fix errors in ChatGPT’s answers before integrating them into the codebase.