AI Accuracy in Smart Contracts: Why Hallucinations Cost Millions

AI hallucinations don't just produce bad essays. In smart contracts, they produce exploitable code.

You've probably seen the headlines: AI models generating fake citations, confidently stating false facts, or producing code that looks right but doesn't work.

For most applications, this is annoying. For smart contracts, it's catastrophic.

The Problem

Large language models are trained on vast datasets of code. They can generate Solidity that looks syntactically correct. They can produce function signatures that match common patterns. They can even explain complex DeFi mechanics accurately.

But they also generate code that shouldn't exist — functions that reference variables that were never declared, access control patterns that don't actually restrict anything, math operations that overflow under specific conditions.

The model doesn't know it's wrong. It genuinely believes this code is correct. That's what makes it a hallucination.

What We've Seen

In our audit work, we've identified a growing pattern: projects that used AI coding assistants during development, then deployed code that looked clean but contained subtle logic errors.

These aren't the obvious bugs that scanners catch. They're the kind of errors that require understanding the intent behind the code — which is exactly what AI models struggle with.

Some examples from recent audits:

• A vesting function that used the wrong token decimals, effectively locking 30% of supply permanently
• An access control modifier that appeared to restrict admin functions but actually allowed anyone to call them
• A price oracle that would return stale data under specific network conditions, enabling flash loan attacks

In every case, the code looked reasonable. In every case, the AI model that helped write it had no idea something was wrong.

The Real Risk

Here's what most people don't consider: AI models are trained on past code. They understand what smart contracts looked like in 2021 and 2022. They don't understand the specific attack vectors that emerged in 2024 and 2025.

When an AI model generates code today, it's generating code based on yesterday's threats. The novel exploits that haven't been published yet — those are invisible to the model.

This is why AI-assisted code review is different from AI-generated code. A human auditor using AI as a tool can spot where the model is wrong. The model itself has no way to know.

What You Can Do

If you're building onchain:

1. Don't trust AI-generated code blindly. Every line should be reviewed by someone who understands what it's supposed to do.
2. Use AI for productivity, not accuracy. AI writes boilerplate fast. Humans catch logic errors.
3. Get a professional audit. Not because your code is bad — because AI assistance introduces specific failure modes that need specific scrutiny.
4. Test edge cases explicitly. AI models test what they can conceive. Humans need to stress-test what they can't.

The Bottom Line

AI coding assistants are genuinely useful. They speed up development, reduce boilerplate, and help developers think through complex logic.

But they're tools, not experts. And in a space where a single bug can cost millions and code is immutable once deployed, you need more than a useful tool.

You need expert eyes. Human ones.