For Martin Kupka, vibe coding is a game changer.
As an investor at RockawayX, a crypto-focused venture firm, Kupka is constantly under pressure to find promising startups for his firm to back.
So vibe coding — using artificial intelligence to generate code for games, apps, and even crypto and financial products — is a blessing for budding tech founders, and the investors who bet on them.
“Not having enough Web3 developers was always one of the main constraints for the tech and crypto industry to grow,” Kupka told DL News.
“It‘s lowering the technical barrier to entry,” he said. “It allows ideas to take shape much more quickly than ever before.”
Benefits and risks
Yet at the same time, many crypto security experts are warning of the limitations of so-called vibe coding.
For some, the benefits don’t outweigh the risks.
“While these tools can quickly produce functional code, they don’t necessarily produce secure or efficient code,” Adrian Hetman, head of triaging at crypto security platform Immunefi, told DL News.
That could become a big issue as vibe coding finds increased use among those building apps that secure billions of dollars worth of crypto.
Hetman said he’s seen an increase in people using AI and automated tools to generate code for crypto and DeFi projects.
Josef Gattermayer, the co-founder and CEO at crypto auditor Ackee Blockchain, told DL News he believes the surge of AI-generated DeFi code will eventually exceed human auditors’ capacity.
What is vibe coding?
The phrase vibe coding was coined by OpenAI co-founder Andrej Karpathy in February.
Simply put, it means asking AI to write code for you, usually focusing more on the end goal of what the code will do, and less on technical specifications.
“There’s a new kind of coding I call ‘vibe coding’, where you fully give in to the vibes, embrace exponentials, and forget that the code even exists,” Karpathy said in a social media post.
The technique has exploded in popularity.
“For non-technical ‘coders,’ it‘s pretty incredible how quickly they can build simple applications, like a basic website or a small tool, while vibe coding,” Jeremy Frank, chief technical officer of Autonomys Network, a firm that builds infrastructure for AI-powered crypto apps, told DL News.
One popular vibe coder has even used AI to create a flight simulator video game that brings in thousands of dollars a month in ad revenue.
Double-edged sword
The vibes may be good, but as for the code itself? It‘s complicated, Hetman said.
For low stakes applications where there’s not much need to worry about security, vibe coding presents little threat.
But it‘s a different situation in crypto and DeFi, where code bugs have cost investors billions of dollars over the years.
“Generated code often contains unnecessary complexity or redundant logic, which, particularly in DeFi, translates into an increased attack surface,” Hetman said.
Large language models — the algorithms that power AI — are trained on vast swathes of public data. While this gives the programmes a huge breadth of knowledge to draw on, it can be a double-edged sword.
If the code an AI was trained on includes sloppy practices or vulnerabilities, it can easily replicate them, Shaw Walters, founder of ElizaOS, a protocol for creating autonomous AI agents, told DL News.
Additionally, AI might avoid the most common bugs, but it can’t reason about unique issues, Gattermayer said.
Vulnerabilities relating to maximal extractable value, or MEV, and oracle manipulation are two areas AI has difficulty accounting for, he said.
If the vibe coder building such applications doesn’t know or is unable to check for such vulnerabilities, it could cost investors dearly.
In 2022, Solana trading platform Mango Markets was exploited for over $110 million through oracle manipulation. MEV costs DeFi users hundreds of millions of dollars every year.
Costly oversights
While there hasn’t yet been a crypto exploit attributed to AI-generated code, there are plenty of examples of costly oversights elsewhere.
In March, one vibe coder called Leonel Acevedo bragged on social media about using the popular AI-assisted code writing tool Cursor to create several apps.
After the post went viral, hackers piled in, taking advantage of oversights in the AI generated code and Acevedo’s lack of technical understanding to attack the apps and use them for free.
A time and a place
Despite the risks, there is still a time and a place for AI-assisted coding in crypto.
Code auditors are increasingly leveraging AI as part of their toolkit to help catch bugs, analyse codebases, and identify potential vulnerabilities, Immunefi’s Hetman said, but with a caveat.
AI tools are primarily supplementary rather than a replacement for human expertise due to their lack of deep contextual understanding, creativity, and the strategic foresight required to secure complex DeFi protocols, he said.
Autonomys Network’s Frank said his firm’s developers use AI to generate routine code that would normally take hours to write manually. For blockchain protocol development, however, using AI is a bit trickier.
“It depends on what is being built in what context,” Frank said. “For non-technical ‘coders,’ it is best to stick with low-risk projects.”
Tim Craig is DL News’ Edinburgh-based DeFi Correspondent. Reach out with tips at [email protected].
