A Curated Solidity Smart Contracts Repository of Metrics and Vulnerability
Authors: 
Giacomo Ibba, Sabrina Aufiero, Rumyana Neykova, Silvia Bartolucci, Marco Ortu, Roberto Tonelli, Giuseppe DestefanisAuthors Info & Claims
Giacomo Ibba, Sabrina Aufiero, Rumyana Neykova, Silvia Bartolucci, Marco Ortu, Roberto Tonelli, Giuseppe DestefanisAuthors Info & ClaimsPages 32 - 41
Abstract
Smart contracts (SCs) significance and popularity increased exponentially with the escalation of decentralised applications (dApps), which revolutionised programming paradigms where network controls rest within a central authority. Since SCs constitute the core of such applications, developing and deploying contracts without vulnerability issues become key to improve dApps robustness to external attacks. This paper introduces a dataset that combines smart contract metrics with vulnerability data identified using Slither, a leading static analysis tool proficient in detecting a wide spectrum of vulnerabilities. Our primary goal is to provide a resource for the community that supports exploratory analysis, such as investigating the relationship between contract metrics and vulnerability occurrences. Further, we discuss the potential of this dataset for the development and validation of predictive models aimed at identifying vulnerabilities, thereby contributing to the enhancement of smart contract security. Through this dataset, we invite researchers and practitioners to study the dynamics of smart contract vulnerabilities, fostering advancements in detection methods and ultimately, fortifying the resilience of smart contracts.
References
[1]
Giuseppe Antonio Pierro and Roberto Tonelli. 2020. PASO: A Web-Based Parser for Solidity Language Analysis. In 2020 IEEE International Workshop on Blockchain Oriented Software Engineering (IWBOSE). 16–21. https://doi.org/10.1109/IWBOSE50093.2020.9050263
[2]
Lexi Brent, Neville Grech, Sifis Lagouvardos, Bernhard Scholz, and Yannis Smaragdakis. 2020. Ethainter: a smart contract security analyzer for composite vulnerabilities. In Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation. 454–469.
[3]
Monika di Angelo, Thomas Durieux, João F. Ferreira, and Gernot Salzer. 2023. Evolution of Automated Weakness Detection in Ethereum Bytecode: a Comprehensive Study. Empirical Software Engineering, to appear
[4]
Thomas Durieux, João F. Ferreira, Rui Abreu, and Pedro Cruz. 2020. Empirical Review of Automated Analysis Tools on 47,587 Ethereum Smart Contracts. In Proceedings of the ACM/IEEE 42nd International conference on software engineering. 530–541.
[5]
Josselin Feist, Gustavo Grieco, and Alex Groce. 2019. Slither: a static analysis framework for smart contracts. In 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB). 8–15.
[6]
Giacomo Ibba, Sabrina Aufiero, Silvia Bartolucci, Rumyana Neykova, Marco Ortu, Roberto Tonelli, and Giuseppe Destefanis. 2024. Mindthedapp: a toolchain for complex network-driven structural analysis of ethereum-based decentralised applications. IEEE Access.
[7]
Giacomo Ibba, Giuseppe Destefanis, Rumyana Neykova, Marco Ortu, Sabrina Aufiero, and Silvia Bartolucci. 2024. DAI: A Dependencies Analyzer and Installer For Solidity Smart Contracts. In 2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER).
[8]
G. Ibba, S. Khullar, E. Tesfai, R. Neykova, S. Aufiero, M. Ortu, S. Bartolucci, and G. Destefanis. 2024. A Preliminary Analysis of Software Metrics in Decentralised Applications. In Proceedings of the Fifth ACM International Workshop on Blockchain-Enabled Networked Sensor Systems (BlockSys ’23). Association for Computing Machinery, New York, NY, USA. 27–33. isbn:9798400704390 https://doi.org/10.1145/3628354.3629533
[9]
Loi Luu, Duc-Hiep Chu, Hrishi Olickel, Prateek Saxena, and Aquinas Hobor. 2016. Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security. 254–269.
[10]
Mark Mossberg, Felipe Manzano, Eric Hennenfent, Alex Groce, Gustavo Grieco, Josselin Feist, Trent Brunson, and Artem Dinaburg. 2019. Manticore: A user-friendly symbolic execution framework for binaries and smart contracts. In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). 1186–1189.
[11]
Tai D Nguyen, Long H Pham, Jun Sun, Yun Lin, and Quang Tran Minh. 2020. sfuzz: An efficient adaptive fuzzer for solidity smart contracts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering. 778–788.
[12]
Martin Ortner and Shayan Eskandari. [n. d.]. Smart Contract Sanctuary. https://github.com/tintinweb/smart-contract-sanctuary
[13]
Jarno Ottati, Giacomo Ibba, and Henrique Rocha. 2023. Comparing smart contract vulnerability detection tools.
[14]
Giuseppe Antonio Pierro, Roberto Tonelli, and Michele Marchesi. 2020. An organized repository of ethereum smart contracts’ source codes and metrics. Future internet, 12, 11 (2020), 197.
[15]
Sergei Tikhomirov, Ekaterina Voskresenskaya, Ivan Ivanitskiy, Ramil Takhaviev, Evgeny Marchenko, and Yaroslav Alexandrov. 2018. Smartcheck: Static analysis of ethereum smart contracts. In Proceedings of the 1st international workshop on emerging trends in software engineering for blockchain. 9–16.
[16]
Christof Ferreira Torres, Julian Schütte, and Radu State. 2018. Osiris: Hunting for integer bugs in ethereum smart contracts. In Proceedings of the 34th annual computer security applications conference. 664–676.
[17]
Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen, Arthur Gervais, Florian Buenzli, and Martin Vechev. 2018. Securify: Practical security analysis of smart contracts. In Proceedings of the 2018 ACM SIGSAC conference on computer and communications security. 67–82.
Index Terms
- A Curated Solidity Smart Contracts Repository of Metrics and Vulnerability
Recommendations
ContractFuzzer: fuzzing smart contracts for vulnerability detection
ASE '18: Proceedings of the 33rd ACM/IEEE International Conference on Automated Software EngineeringDecentralized cryptocurrencies feature the use of blockchain to transfer values among peers on networks without central agency. Smart contracts are programs running on top of the blockchain consensus protocol to enable people make agreements while ...
Empirical vulnerability analysis of automated smart contracts security testing on blockchains
CASCON '18: Proceedings of the 28th Annual International Conference on Computer Science and Software EngineeringThe emerging blockchain technology supports decentralized computing paradigm shift and is a rapidly approaching phenomenon. While blockchain is thought primarily as the basis of Bitcoin, its application has grown far beyond cryptocurrencies due to the ...
EOSFuzzer: Fuzzing EOSIO Smart Contracts for Vulnerability Detection
Internetware '20: Proceedings of the 12th Asia-Pacific Symposium on InternetwareEOSIO is one typical public blockchain platform. It is scalable in terms of transaction speeds and has a growing ecosystem supporting smart contracts and decentralized applications. However, the vulnerabilities within the EOSIO smart contracts have led ...
Comments
Information & Contributors
Information
Published In
July 2024
65 pages
ISBN:9798400706752
DOI:10.1145/3663533
- General Chair:
- Weiyi Shang,
- Program Chairs:
- Maxime Lamothe,
- Zhiyuan Wan
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 10 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
PROMISE '24
Sponsor:
PROMISE '24: 20th International Conference on Predictive Models and Data Analytics in Software Engineering
July 16, 2024
Porto de Galinhas, Brazil
Acceptance Rates
Overall Acceptance Rate 98 of 213 submissions, 46%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 171Total Downloads
- Downloads (Last 12 months)171
- Downloads (Last 6 weeks)93
Reflects downloads up to 16 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in