Enregistré dans:
Détails bibliographiques
Auteurs principaux: Yashavant, Chavhan Sujeet, Chavda, MitrajSinh, Kumar, Saurabh, Karkare, Amey, Karmakar, Angshuman
Format: Preprint
Publié: 2024
Sujets:
Accès en ligne:https://arxiv.org/abs/2412.09935
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866929628651716608
author Yashavant, Chavhan Sujeet
Chavda, MitrajSinh
Kumar, Saurabh
Karkare, Amey
Karmakar, Angshuman
author_facet Yashavant, Chavhan Sujeet
Chavda, MitrajSinh
Kumar, Saurabh
Karkare, Amey
Karmakar, Angshuman
contents Smart Contracts (SCs) handle transactions in the Ethereum blockchain worth millions of United States dollars, making them a lucrative target for attackers seeking to exploit vulnerabilities and steal funds. The Ethereum community has developed a rich set of tools to detect vulnerabilities in SCs, including reentrancy (RE) and unhandled exceptions (UX). A dataset of SCs labelled with vulnerabilities is needed to evaluate the tools' efficacy. Existing SC datasets with labelled vulnerabilities have limitations, such as covering only a limited range of vulnerability scenarios and containing incorrect labels. As a result, there is a lack of a standardized dataset to compare the performances of these tools. SCRUBD aims to fill this gap. We present a dataset of real-world SCs and synthesized SCs labelled with RE and UX. The real-world SC dataset is labelled through crowdsourcing, followed by manual inspection by an expert, and covers both RE and UX vulnerabilities. On the other hand, the synthesized dataset is carefully crafted to cover various RE scenarios only. Using SCRUBD we compared the performance of six popular vulnerability detection tools. Based on our study, we found that Slither outperforms other tools on a crowdsourced dataset in detecting RE vulnerabilities, while Sailfish outperforms other tools on a manually synthesized dataset for detecting RE. For UX vulnerabilities, Slither outperforms all other tools.
format Preprint
id arxiv_https___arxiv_org_abs_2412_09935
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle SCRUBD: Smart Contracts Reentrancy and Unhandled Exceptions Vulnerability Dataset
Yashavant, Chavhan Sujeet
Chavda, MitrajSinh
Kumar, Saurabh
Karkare, Amey
Karmakar, Angshuman
Cryptography and Security
Smart Contracts (SCs) handle transactions in the Ethereum blockchain worth millions of United States dollars, making them a lucrative target for attackers seeking to exploit vulnerabilities and steal funds. The Ethereum community has developed a rich set of tools to detect vulnerabilities in SCs, including reentrancy (RE) and unhandled exceptions (UX). A dataset of SCs labelled with vulnerabilities is needed to evaluate the tools' efficacy. Existing SC datasets with labelled vulnerabilities have limitations, such as covering only a limited range of vulnerability scenarios and containing incorrect labels. As a result, there is a lack of a standardized dataset to compare the performances of these tools. SCRUBD aims to fill this gap. We present a dataset of real-world SCs and synthesized SCs labelled with RE and UX. The real-world SC dataset is labelled through crowdsourcing, followed by manual inspection by an expert, and covers both RE and UX vulnerabilities. On the other hand, the synthesized dataset is carefully crafted to cover various RE scenarios only. Using SCRUBD we compared the performance of six popular vulnerability detection tools. Based on our study, we found that Slither outperforms other tools on a crowdsourced dataset in detecting RE vulnerabilities, while Sailfish outperforms other tools on a manually synthesized dataset for detecting RE. For UX vulnerabilities, Slither outperforms all other tools.
title SCRUBD: Smart Contracts Reentrancy and Unhandled Exceptions Vulnerability Dataset
topic Cryptography and Security
url https://arxiv.org/abs/2412.09935