Skip to content

tintinweb/smart-contract-vulndb

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

36 Commits

.github/workflows

.github/workflows

Β 
Β 

dataset

dataset

Β 
Β 

examples

examples

Β 
Β 

pages

pages

Β 
Β 

public

public

Β 
Β 

styles

styles

Β 
Β 

.gitignore

.gitignore

Β 
Β 

.nojekyll

.nojekyll

Β 
Β 

README.md

README.md

Β 
Β 

next.config.js

next.config.js

Β 
Β 

package-lock.json

package-lock.json

Β 
Β 

package.json

package.json

Β 
Β 

Repository files navigation

The Creed Rebellion!
[ 🌐 πŸ«‚ ]

Smart Contract VulnDB

An open dataset of publicly available smart contract issues aggregated from various audit reports. The dataset can be accessed at 🌻 vulns.json, is updated once a day, and a live demo is available 🌐 here.

LMK if you're building cool things with this dataset and I'll list them here πŸ˜ŠπŸ™

πŸ”Έ DataSet

⚠️ NOTE: Breaking Change due to GIT Large File Policy Switching from one big vulns.json to files a 25k issues vulns-1.json, vulns-2.json, ...

image

const issue: Issue = {
  title: "<string:title>",
  severity: Severity.Medium,
  body: "<markdown-string:description>",
  dataSource: {
    name: "<string:path-like-report-identifier>",
    repo: "<string:git-or-http-url>",
    url: "<string:url>"
  }
};

To work around GitHub File Size Limits we'll split the database into equal files of 25k issues

πŸ”Έ Live Demo

image

πŸ”Έ Accessing the Latest Snapshot

  • Shell
β‡’  curl https://tintinweb.github.io/smart-contract-vulndb/cache/vulns-1.json
β‡’  curl https://tintinweb.github.io/smart-contract-vulndb/cache/vulns-2.json
  • JavaScript
const all_issues = []
for(let idx=1; idx<10; idx++){
  try {
    const all = await (await fetch(`https://tintinweb.github.io/smart-contract-vulndb/cache/vulns-${idx}.json`)).text();
    for(let line of all.split("\n")){
      if(line.trim().length == 0){
        continue;
      } 
      try{
        all_issues.push(JSON.parse(line))
      } catch(e){
        console.log(line)
        throw e
      }
    }
} catch (e){
    console.log(e)
    break;
  }
}
  • JavaScript Local
const fs = require("fs")
let issues = [];
for(let idx=1; idx<10; idx++){
  if(!fs.existsSync(`./dataset/vulns-${idx}.json`)) {
    break;
  }
  const data = fs.readFileSync(`./dataset/vulns-${idx}.json`, "utf-8");
  const part = data.split('\n').filter(l => l.trim().length > 0).map(l => JSON.parse(l))
  issues = [...issues, ...part]
}
console.log(issues.length)
// 39125
[... new Set(issues.map(i => i.severity))]
/*
[
  'medium',   'minor',
  null,       'major',
  'critical', undefined,
  'info'
]
*/

πŸ€“ For Nerds

First, run the development server:

npm run dev
# or
yarn dev

Open http://localhost:3000 with your browser to see the result.

πŸŽ“ Citation

If you are using this dataset in your research and paper, here's how you can cite this dataset:

  • APA6
Ortner, M. (n.d.). Smart Contract VulnDB. Retrieved from https://github.com/tintinweb/smart-contract-vulndb.
  • LateX (Bib)
 @article{smart_contract_vulndb, 
          title={Smart Contract VulnDB}, 
          url={https://github.com/tintinweb/smart-contract-vulndb}, 
          author={Ortner, Martin}}

About

πŸ‹ An open dataset containing smart contract audit issues from various sources.

tintinweb.github.io/smart-contract-vulndb/

Topics

vulnerabilities smart-contract-security

Resources

Readme
Activity

Stars

150 stars

Watchers

3 watching

Forks

18 forks
Report repository

Contributors 2

Languages