Skip to content
Branch: master
Find file History

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
access_control
arithmetic
bad_randomness
denial_of_service
front_running
other
reentrancy
short_addresses
time_manipulation
unchecked_low_level_calls
ICSE2020_curated_69.txt
README.md
vulnerabilities.json

README.md

SB Curated: A Curated Dataset of Vulnerable Solidity Smart Contracts

SB Curated is a dataset for research in automated reasoning and testing of smart contracts written in Solidity, the primary language used in Ethereum. It is part of the executional framework SmartBugs, which allows the possibility to integrate tools easily, so that they can be automatically compared (and their results reproduced). To the best of our knowledge, SmartBugs is the largest dataset of its kind.

Description

This is the directory where all the contracts are located. The directory is organized according to the DASP taxonomy. Each class of vulnerability may include:

  • Brief description of the vulnerability
  • Attack scenarios to exploit the vulnerability
  • Methods of mitigation
  • Examples of real world exploitation

Vulnerabilities

SmartBugs provides a collection of vulnerable Solidity smart contracts organized according to the DASP taxonomy:

Vulnerability Description Level
Reentrancy Reentrant function calls make a contract to behave in an unexpected way Solidity
Access Control Failure to use function modifiers or use of tx.origin Solidity
Arithmetic Integer over/underflows Solidity
Unchecked Low Level Calls call(), callcode(), delegatecall() or send() fails and it is not checked Solidity
Denial Of Service The contract is overwhelmed with time-consuming computations Solidity
Bad Randomness Malicious miner biases the outcome Blockchain
Front Running Two dependent transactions that invoke the same contract are included in one block Blockchain
Time Manipulation The timestamp of the block is manipulated by the miner Blockchain
Short Addresses EVM itself accepts incorrectly padded arguments EVM
You can’t perform that action at this time.