five

A benchmark dataset of Solidity smart contracts

收藏
Zenodo2024-08-28 更新2026-05-26 收录
下载链接:
https://zenodo.org/record/7744053
下载链接
链接失效反馈
官方服务:
资源简介:
A benchmark dataset contains 4,364 real-world Solidity smart contracts, which are manually labeled with ten types of vulnerabilities. DC (DelegateCall). The <em>address.delegatecall() </em>function allows a smart contract to dynamically load external contracts from <em>address</em> at runtime. If the attacker can control the external contract and affect the current contract status, the contract is vulnerable to DC. IOU (Arithmetic/Integer Overflow and Underflow). An arithmetic overflow or underflow, often called Integer Overflow or Underflow (IOU), occurs when an arithmetic operation attempts to create a numeric variable value that is larger than the maximum value or smaller than the minimum value of the variable type. If the arithmetic operation may pass a variable type’s maximum or minimum value and is performed without using SafeMath, the contract is vulnerable to IOU. NC (Nested Call). The function containing the loop has a high risk of exceeding its gas limitation and causing an out-of-gas error. If the attacker can control the loop iteration and causes the out-of-gas error, the contract is vulnerable to NC, RE (Reentrancy). The contract vulnerable to RE uses the <em>call()</em> function to transfer ether to an external contract. The external contract can reenter the vulnerable contract by fallback function. If the state variable change is after the <em>call()</em> function, the reentrance will cause status inconsistency. TD (Timestamp Dependency). The contract uses the <em>timestamp</em> as the deciding factor for critical operations, e.g., sending ether. If the attacker can get ether from the contract by manipulating the timestamp or affecting the critical operations, the contract is vulnerable to TD. TO (TxOrigin). If the contract only uses <em>tx.origin</em> to verify the caller's identification for critical operations, it is vulnerable to TO. TOD (Transaction Order Dependency). The contract may send out ether differently according to different values of a global state variable or different balance values of the contract. If the attackers can get ether from the contract by manipulating the transaction sequences, the contract is vulnerable to TOD. UcC (Unchecked Call). The contract uses the function <em>call()</em> or <em>send()</em> without result checking. If the <em>send()</em> or <em>call() </em> function fails and leads to status inconsistency, the contract is vulnerable to UcC. Unprotected Suicide). If an attacker can self-destruct the contract by calling the <em>selfdestruct</em>(address) function, the contract is vulnerable to UpS. FE (Frozen Ether). If the contract can receive ether but cannot transfer it by itself, it is vulnerable to FE. <br> <strong>For the purpose of protection for smart contracts, the dataset can be available after request.</strong>
提供机构:
Zenodo
创建时间:
2023-03-17
二维码
社区交流群
二维码
科研交流群
商业服务