Closed Stamp9 closed 2 weeks ago
FYI, a master's thesis at Lund University: https://lup.lub.lu.se/luur/download?func=downloadFile&recordOId=9138646&fileOId=9138647#cite.mwritescodeTool_2022
They used: https://github.com/mwritescode/smart-contracts-vulnerabilities which is also available on https://huggingface.co/datasets/mwritescode/slither-audited-smart-contracts
ScrawlD: A Dataset of Real World Ethereum Smart Contracts Labelled with Vulnerabilities https://arxiv.org/abs/2202.11409 https://github.com/sujeetc/ScrawlD
All the useful results are in this addr: https://github.com/sujeetc/ScrawlD/tree/main/data The paper is poorly written, Goes through ~47K adrs, only ~7K worth using (Question: ever considered using verified EScan APIs? Much much fewer vulnerabilities, but probably higher profile ones if found through smartbugs => Not very relevant to our TRT paper.) I like the majority voting for the vulnerable contract idea (used in TRT too). Meaningful plot for our dataset: Fig. 1: Number of unique Contracts having each Vulnerability (log-scale) => Probably enough for a dataset paper, but it would be interesting to see the Number of unique vulnerabilities (in total) detected by each tool.
https://dl.acm.org/doi/abs/10.1145/3372297.3420015 Towards Using Source Code Repositories to Identify Software Supply Chain Attacks
https://github.com/ASSERT-KTH/related-work/issues/23