DAppSCAN: Building Large-Scale Datasets for Smart Contract Weaknesses in DApp Projects

05/15/2023
by   Zibin Zheng, et al.
0

The Smart Contract Weakness Classification Registry (SWC Registry) is a widely recognized list of smart contract weaknesses specific to the Ethereum platform. In recent years, significant research efforts have been dedicated to building tools to detect SWC weaknesses. However, evaluating these tools has proven challenging due to the absence of a large, unbiased, real-world dataset. To address this issue, we recruited 22 participants and spent 44 person-months analyzing 1,322 open-source audit reports from 30 security teams. In total, we identified 10,016 weaknesses and developed two distinct datasets, i.e., DAppSCAN-Source and DAppSCAN-Bytecode. The DAppSCAN-Source dataset comprises 25,077 Solidity files, featuring 1,689 SWC vulnerabilities sourced from 1,139 real-world DApp projects. The Solidity files in this dataset may not be directly compilable. To enable the dataset to be compilable, we developed a tool capable of automatically identifying dependency relationships within DApps and completing missing public libraries. By utilizing this tool, we created our DAPPSCAN-Bytecode dataset, which consists of 8,167 compiled smart contract bytecode with 895 SWC weaknesses. Based on the second dataset, we conducted an empirical study to assess the performance of five state-of-the-art smart contract vulnerability detection tools. The evaluation results revealed subpar performance for these tools in terms of both effectiveness and success detection rate, indicating that future development should prioritize real-world datasets over simplistic toy contracts.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
05/02/2019

Bug Searching in Smart Contract

With the frantic development of smart contracts on the Ethereum platform...
research
09/11/2023

When ChatGPT Meets Smart Contract Vulnerability Detection: How Far Are We?

With the development of blockchain technology, smart contracts have beco...
research
12/20/2022

AutoMESC: Automatic Framework for Mining and Classifying Ethereum Smart Contract Vulnerabilities and Their Fixes

Due to the risks associated with vulnerabilities in smart contracts, the...
research
08/20/2023

To Healthier Ethereum: A Comprehensive and Iterative Smart Contract Weakness Enumeration

With the increasing popularity of cryptocurrencies and blockchain techno...
research
04/25/2023

Demystifying Random Number in Ethereum Smart Contract: Taxonomy, Vulnerability Identification, and Attack Detection

Recent years have witnessed explosive growth in blockchain smart contrac...
research
12/29/2021

Gas Gauge: A Security Analysis Tool for Smart Contract Out-of-Gas Vulnerabilities

In recent years we have witnessed a dramatic increase in the adoption an...
research
12/21/2022

NFTrig

NFTrig is a web-based application created for use as an educational tool...

Please sign up or login with your details

Forgot password? Click here to reset