Are One-Click AI dApps Safe? Solana-Based Dappslap Raises Questions

DappSlap enables AI-powered dApp creation on Solana, but unverified smart contracts raise security concerns.

A green artificial human giant emerging from under the green countryside.
Created by Gabor Kovacs from DailyCoin
  • DappSlap automates dApp creation using AI.
  • Unverified smart contracts raise concerns. 
  • LLMs make mistakes, raising concerns for dApps.

Since the launch of ChatGPT, there has been a real frenzy for Artificial intelligence (AI) applications. Large language models, like GPT-4, can output meaningful text, generate images, and even write code. Potential applications are endless, and the crypto industry is trying to leverage AI for its own ends.

A Solana-based protocol, Dappslap, recently released a platform that lets users generate dApps in one click using AI. However, the experience with AI shows potential serious security vulnerabilities with these highly sensitive applications. 

How Dappslap Works

Creating dApps has never been easier, at least in theory. Launched on September 10, Dappslap allows users to create dApps without any code knowledge. All they have to do is write a prompt and submit it.  

Sponsored

Once submitted, users on the platform can look at the prompt and decide if it looks interesting. If it does, they can buy the underlying token. The system then uses a bonding curve to determine if there is enough interest in the dApp. If there is, Dappslapโ€™s AI generates the entire application, complete with its smart contract, a DAO, and a website. 

Risks with Dappslap Apps

So far, most apps and prompts on Dappslap are innocuous, many of which are simple games. Several of these have to handle potentially sensitive user information or credentials. Others enable users to connect their wallets, which creates even more vulnerabilities. 

For instance, one user submitted a โ€œrizzler appโ€ that was supposed to teach users social skills. However, this app would likely have to handle user input, which might be sensitive. In that case, the usersโ€™ prompt did not include any privacy references or instruct the AI on handling sensitive data. 

One token, which escaped the bonding curve, features an AI-generated image and an Apple logo. Aside from the obvious copyright issues, itโ€™s more concerning that the app enables users to connect their wallets.  

AI-generated app on Dappslap.
Source: Dappslap

Connecting wallets to an unvetted dApp is always risky, as dApps can contain malicious code. This is even more true for AI-generated applications, which could contain bugs that can lead to total losses for traders. 

Can AI Really Create Functioning Apps? 

Whether or not AI will be able to create functioning apps on its own one day is an interesting question. What we do know is that this is currently not the case. LLMs can, and often do, make mistakes. 

As soon as ChatGPT launched, developers used AI in their workflows. However, as most revealed, the LLM is not a replacement for an experienced developer. Even as a tool, not all agree about its effectiveness. 

Some experienced developers have already ditched Github Copilot in their workflow. Others cautioned beginners from over-relying on it. 

Using AI as a development tool involves code review, fixing issues, and sometimes redoing the prompts. However, all these steps are absent in Dappslap. For that reason, the AI-generated dApps may not work or work unpredictably.  

Can Hackers Use Dappslap? 

The Dappslap website does not provide information about whether it enables users to edit code directly. However, according to several sponsored posts, the company plans to enable DAO participants to use AI to change the app. 

Enabling users to directly edit code in unvetted dApps and their websites is probably a good design choice. For one, malicious users could edit the smart contract with wallet-draining features. On the front end, the malicious owners could edit the website to connect to malicious smart contracts, draining accounts. 

On the Flipside

  • Despite the drawbacks, AI has significant potential in crypto. For one, a potential application is revealing existing vulnerabilities in smart contracts. 
  • Many traders have tried to use ChatGPT or similar tools for trading. However, the tool is still not at the point where it can enable beginners to trade professionally.  

Why This Matters

AI-generated dApps, not vetted by humans, present significant risks for traders. Smart contract vulnerabilities, bugs, and other issues can hurt users interacting with them.  

Read more about ChatGPT and crypto:ย 
ChatGPT and Crypto: Blockchain Booster or Artificial Intelligence Nightmare?

Read more about Crtl Walletโ€™s investors:ย 
Ctrl Wallet Venture Investors Lock Up 32% Tokens, Showing Commitment

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
David Marsanic

David Marsanic is DailyCoinโ€™s journalist, focusing on Solana and crypto exchanges. David currently doesnโ€™t hold any crypto.

Read more