BitsLab AI Detector Uncovers and Helps Patch High-Risk Vulnerability in Bluefin’s PerpDEX
Silicon Valley, United States, August 27th, 2025, Chainwire
BitsLab, a Web3 security organization specializing in AI-augmented auditing, announced that its multi-layer AI security framework, BitsLab AI, identified four issues—including a high-risk logic flaw—in Bluefin’s perpetual DEX (PerpDEX) during a public audit contest. The findings were responsibly disclosed, and Bluefin promptly remediated the issues following receipt of the technical report.
“DeFi systems demand reliability under real market stress. Our framework combines deterministic static analysis with grounded AI to reduce noise and surface the risks that actually move money,” said by Zorrot, Cheif Scientist at BitsLab. “This Bluefin case validates our thesis: reliable Web3 security requires AI that is grounded, reviewed, and deep.”
The high-risk flaw resided in comparison logic that underpins core financial operations such as position ordering and profit-and-loss calculations. Bluefin’s signed number helper represents values as { value: u64, sign: bool }. In the lt (“less than”) function, the branch responsible for handling comparisons between numbers of opposite sign returned an incorrect result: when comparing a negative value with a positive one, the code returned a.sign rather than the correct !a.sign. Under certain conditions, this inversion could misorder positions, distort PnL, and increase the risk of erroneous liquidations. The remediation is straightforward—ensure the different-sign branch returns !a.sign so that a negative value is always evaluated as less than a positive one.
“What sets BitsLab AI apart is the combination of a curated domain knowledge base, a rigorous internal review pipeline, and context-aware static analysis,” said by Luis Lu, CEO of BitsLab. “The framework ‘cites its sources’ through retrieval-augmented generation, cross-checks findings with specialized reviewer models, and prioritizes by business impact—so engineering time goes where it matters most.”
BitsLab AI is designed for reliability at scale. Before any assertion reaches a human auditor, the system grounds its reasoning against an expert-curated corpus of exploits, secure patterns, and language-specific guidance through Retrieval-Augmented Generation. Candidate findings are then verified by a multi-level review stack that includes cross-reference, auditor, and impact-prioritization models to suppress hallucinations and reduce false positives. To achieve deep coverage, deterministic static analysis first constructs a protocol-wide map of control flow, state variables, and inter-contract dependencies. On top of this map, a swarm of specialized agents—covering areas such as access control, re-entrancy, and arithmetic/logic—collaborates to uncover cross-contract and edge-case vulnerabilities that traditional “copilot” tools often miss.
For Web3 engineering teams, the implications are practical and immediate. Grounded reasoning and multi-stage review cut through alert fatigue, deep protocol mapping exposes logic-level risks that matter to users and markets, and impact-aware triage helps teams sequence fixes so that the most consequential issues are addressed first. In high-stakes, on-chain environments, this blend of precision and depth is fast becoming a baseline expectation rather than a luxury.
Notes to editors: The affected component is a signed number comparison helper used by Bluefin’s financial engine. The incorrect behavior appeared in the code path handling comparisons between values of different signs, where the function returned the sign of the left-hand operand instead of the logical negation required to preserve the ordering of negative and positive values. Following responsible disclosure, Bluefin acknowledged the issue and deployed a fix that restores correct ordering semantics.
Original Research (Full Write-Up): shorturl.at/Zp0Fy
About BitsLab
BitsLab is a Web3 security organization focused on infrastructure security and AI-augmented smart contract auditing across emerging ecosystems, including Move-based protocols. BitsLab AI combines curated domain data, Retrieval-Augmented Generation, a multi-level review stack, and specialized AI agents atop deterministic static analysis to deliver reliable, scalable security insights. BitsLab’s brands include MoveBit, ScaleBit, and TonBit.
Users can learn more at bitslab.xyz