DeepAI AI Chat
Log In Sign Up

AutoMESC: Automatic Framework for Mining and Classifying Ethereum Smart Contract Vulnerabilities and Their Fixes

by   Majd Soud, et al.
Reykjavik University
Corporation de l'ecole Polytechnique de Montreal

Due to the risks associated with vulnerabilities in smart contracts, their security has gained significant attention in recent years. However, there is a lack of open datasets on smart contract vulnerabilities and their fixes that allows for data-driven research. Towards this end, we propose an automated method for mining and classifying Ethereum's smart contract vulnerabilities and their corresponding fixes from GitHub and from the Common Vulnerabilities and Exposures (CVE) records in the National Vulnerability Database. We implemented the proposed method in a fully automated framework, which we call AutoMESC. AutoMESC uses seven of the most well-known smart contract security tools to classify and label the collected vulnerabilities based on vulnerability types. Furthermore, it collects metadata that can be used in data-intensive smart contract security research (e.g., vulnerability detection, vulnerability classification, severity prediction, and automated repair). We used AutoMESC to construct a sample dataset and made it publicly available. Currently, the dataset contains 6.7K smart contracts' vulnerability-fix pairs written in Solidity. We assess the quality of the constructed dataset in terms of accuracy, provenance, and relevance, and compare it with existing datasets. AutoMESC is designed to collect data continuously and keep the corresponding dataset up-to-date with newly discovered smart contract vulnerabilities and their fixes from GitHub and CVE records.


page 1

page 7


Bug Searching in Smart Contract

With the frantic development of smart contracts on the Ethereum platform...

CVEfixes: Automated Collection of Vulnerabilities and Their Fixes from Open-Source Software

Data-driven research on the automated discovery and repair of security v...

OpenSCV: An Open Hierarchical Taxonomy for Smart Contract Vulnerabilities

Smart contracts are nowadays at the core of most blockchain systems, as ...

DAppSCAN: Building Large-Scale Datasets for Smart Contract Weaknesses in DApp Projects

The Smart Contract Weakness Classification Registry (SWC Registry) is a ...

Vulnerability and Transaction behavior based detection of Malicious Smart Contracts

Smart Contracts (SCs) in Ethereum can automate tasks and provide differe...

Automatic Generation of Precise and Useful Commutativity Conditions (Extended Version)

Reasoning about commutativity between data-structure operations is an im...