- Vulnerability-based Dataset
- Malicious-based Dataset
- Security Analysis Tool
- Crawler
- My Other Awesome Lists
- Contributing
- Contributors
A vulnerable smart contract contains flaws or errors in its code or design that can be exploited by malicious actors, leading to unintended behavior, financial losses, or unauthorized access. Unlike malicious smart contracts, which are designed with ill intent from the start, vulnerable contracts typically arise from programming mistakes, oversights in security practices, or a lack of thorough testing. Common vulnerabilities include reentrancy attacks, integer overflows/underflows, access control issues, and susceptible timestamp dependencies. Once deployed on an immutable blockchain, these flaws become permanent, making it critical for developers to rigorously audit and test contracts before deployment to mitigate potential risks and ensure the security of user funds and data.
- ScrawlD - A Dataset of Real World Ethereum Smart Contracts Labelled with Vulnerabilities
A malicious or dodgy smart contract is a self-executing piece of code on a blockchain that is designed to exploit users, typically by gaining unauthorized access to and spending their digital tokens. These contracts often appear legitimate but contain hidden functionalities that, once interacted with, can lead to the loss of your assets. It's crucial to understand that such contracts generally only endanger the specific tokens you've granted them permission to access, not your entire cryptocurrency portfolio or other unrelated digital assets. If you suspect interaction with a malicious smart contract, immediate action, such as revoking allowances granted to it, is vital to protect your funds.
- Forta Network - This dataset includes malicious and benign smart contracts deployed on Ethereum.
- Mythril - Mythril is a symbolic-execution-based security analysis tool for EVM bytecode. It detects security vulnerabilities in smart contracts built for Ethereum and other EVM-compatible blockchains.
- Slither - Slither is a Solidity & Vyper static analysis framework written in Python3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.
- SmartCheck - SmartCheck – a static analysis tool that detects vulnerabilities and bugs in Solidity programs (Ethereum-based smart contracts).
- Osiris - An analysis tool to detect integer bugs in Ethereum smart contracts.
- Oyente (This project is not maintained anymore) - An Analysis Tool for Smart Contracts
- ChainWalker - ChainWalker is a smart contract scraper which uses RCP/IPC calls to extract the information. A small tool that can help us find contracts, extract the EVM code, and disassemble the opcodes. It allows us to select specific blocks or even specific contract balances.
- awesome-advanced-persistent-threat
- awesome-apk-feature-extractor
- awesome-elf-feature-extractor
- awesome-fileless-malware
- awesome-malware-datasets
- awesome-malware-traffic-analysis
- awesome-malware-traffic-analysis-scientific-research
- awesome-metamorphic-malware
- awesome-online-malware-analysis-tools
- awesome-pcap-feature-extractor
- awesome-pe-feature-extractor
- awesome-polymorphic-malware
- awesome-smartcontract-feature-extractor
- awesome-static-linux-malware-analysis-scientific-research
- awesome-vulnerability-research
- awesome-vulnerable-smart-contract-scientific-research
Contributions of any kind welcome, just follow the guidelines!