diff --git a/ICSE2020_curated_69.txt b/ICSE2020_curated_69.txt deleted file mode 100644 index 69c464a..0000000 --- a/ICSE2020_curated_69.txt +++ /dev/null @@ -1,76 +0,0 @@ -The research paper "Empirical Review of Automated Analysis Tools -on 47,587 Ethereum Smart Contracts" used a version of SB Curated -with the 69 contracts listed below. - -(Link to paper: https://arxiv.org/abs/1910.10601) - - -./dataset/short_addresses/short_address_example.sol -./dataset/unchecked_low_level_calls/king_of_the_ether_throne.sol -./dataset/unchecked_low_level_calls/etherpot_lotto.sol -./dataset/unchecked_low_level_calls/FibonacciBalance.sol [MOVED TO: ./access_control/FibonacciBalance.sol] -./dataset/unchecked_low_level_calls/unchecked_return_value.sol -./dataset/unchecked_low_level_calls/lotto.sol -./dataset/time_manipulation/timed_crowdsale.sol -./dataset/time_manipulation/ether_lotto.sol -./dataset/time_manipulation/roulette.sol -./dataset/time_manipulation/governmental_survey.sol -./dataset/bad_randomness/random_number_generator.sol -./dataset/bad_randomness/blackjack.sol -./dataset/bad_randomness/lucky_doubler.sol -./dataset/bad_randomness/etheraffle.sol -./dataset/bad_randomness/lottery.sol -./dataset/bad_randomness/old_blockhash.sol -./dataset/bad_randomness/smart_billions.sol -./dataset/bad_randomness/guess_the_random_number.sol -./dataset/reentrancy/etherstore.sol -./dataset/reentrancy/reentrancy_dao.sol -./dataset/reentrancy/modifier_reentrancy.sol -./dataset/reentrancy/reentrance.sol -./dataset/reentrancy/reentrancy_simple.sol -./dataset/reentrancy/simple_dao.sol -./dataset/reentrancy/spank_chain_payment.sol -./dataset/other/crypto_roulette.sol -./dataset/other/name_registrar.sol -./dataset/other/open_address_lottery.sol -./dataset/arithmetic/overflow_single_tx.sol -./dataset/arithmetic/tokensalechallenge.sol -./dataset/arithmetic/integer_overflow_minimal.sol -./dataset/arithmetic/integer_overflow_multitx_multifunc_feasible.sol -./dataset/arithmetic/overflow_simple_add.sol -./dataset/arithmetic/BECToken.sol -./dataset/arithmetic/integer_overflow_multitx_onefunc_feasible.sol -./dataset/arithmetic/integer_overflow_mul.sol -./dataset/arithmetic/integer_overflow_benign_1.sol -./dataset/arithmetic/integer_overflow_add.sol -./dataset/arithmetic/integer_overflow_1.sol -./dataset/arithmetic/integer_overflow_mapping_sym_1.sol -./dataset/arithmetic/token.sol -./dataset/arithmetic/timelock.sol -./dataset/denial_of_service/send_loop.sol -./dataset/denial_of_service/dos_number.sol -./dataset/denial_of_service/auction.sol -./dataset/denial_of_service/list_dos.sol -./dataset/denial_of_service/dos_simple.sol -./dataset/denial_of_service/dos_address.sol -./dataset/access_control/multiowned_vulnerable.sol -./dataset/access_control/rubixi.sol -./dataset/access_control/incorrect_constructor_name3.sol -./dataset/access_control/incorrect_constructor_name2.sol -./dataset/access_control/mycontract.sol -./dataset/access_control/wallet_04_confused_sign.sol -./dataset/access_control/phishable.sol -./dataset/access_control/arbitrary_location_write_simple.sol -./dataset/access_control/proxy.sol -./dataset/access_control/simple_suicide.sol -./dataset/access_control/parity_wallet_bug_1.sol -./dataset/access_control/parity_wallet_bug_2.sol -./dataset/access_control/wallet_02_refund_nosub.sol -./dataset/access_control/mapping_write.sol -./dataset/access_control/wallet_03_wrong_constructor.sol -./dataset/access_control/unprotected0.sol -./dataset/access_control/incorrect_constructor_name1.sol -./dataset/front_running/FindThisHash.sol -./dataset/front_running/eth_tx_order_dependence_minimal.sol -./dataset/front_running/ERC20.sol -./dataset/front_running/odds_and_evens.sol diff --git a/dataset/bad_randomness/README.md b/dataset/bad_randomness/README.md deleted file mode 100755 index 3dedcec..0000000 --- a/dataset/bad_randomness/README.md +++ /dev/null @@ -1,38 +0,0 @@ -# Bad Randomness -Also known as nothing is secret. - -Randomness is hard to get right in Ethereum. While Solidity offers functions and variables that can access apparently hard-to-predict values, they are generally either more public than they seem or subject to miners' influence. Because these sources of randomness are to an extent predictable, malicious users can generally replicate it and attack the function relying on its unpredictablility. - -Loss: more than 400 ETH - -## Attack Scenario -A smart contract uses the block number as a source of randomness for a game. -An attacker creates a malicious contract that checks if the current block number is a winner. If so, it calls the first smart contract in order to win; since the call will be part of the same transaction, the block number will remain the same on both contracts. -The attacker only has to call her malicious contract until it wins. - -## Examples -In this first example, a private seed is used in combination with an iteration number and the keccak256 hash function to determine if the caller wins. Even though the seed is private, it must have been set via a transaction at some point in time and thus is visible on the blockchain. -``` -uint256 private seed; - -function play() public payable { - require(msg.value >= 1 ether); - iteration++; - uint randomNumber = uint(keccak256(seed + iteration)); - if (randomNumber % 2 == 0) { - msg.sender.transfer(this.balance); - } -} -``` -In this second example, block.blockhash is being used to generate a random number. This hash is unknown if the blockNumber is set to the current block.number (for obvious reasons), and is thus set to 0. In the case where the blockNumber is set to more than 256 blocks in the past, it will always be zero. Finally, if it is set to a previous block number that is not too old, another smart contract can access the same number and call the game contract as part of the same transaction. -``` -function play() public payable { - require(msg.value >= 1 ether); - if (block.blockhash(blockNumber) % 2 == 0) { - msg.sender.transfer(this.balance); - } -} -``` - -## References -Taken from [DASP TOP10](https://dasp.co/) \ No newline at end of file diff --git a/dataset/bad_randomness/blackjack.sol b/dataset/bad_randomness/blackjack.sol deleted file mode 100644 index fdcd8a0..0000000 --- a/dataset/bad_randomness/blackjack.sol +++ /dev/null @@ -1,308 +0,0 @@ -/* - * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620 - * @source: https://etherscan.io/address/0xa65d59708838581520511d98fb8b5d1f76a96cad#code - * @vulnerable_at_lines: 17,19,21 - * @author: - - */ - - pragma solidity ^0.4.2; - -library Deck { - // returns random number from 0 to 51 - // let's say 'value' % 4 means suit (0 - Hearts, 1 - Spades, 2 - Diamonds, 3 - Clubs) - // 'value' / 4 means: 0 - King, 1 - Ace, 2 - 10 - pip values, 11 - Jacket, 12 - Queen - - function deal(address player, uint8 cardNumber) internal returns (uint8) { - // BAD_RANDOMNESS - uint b = block.number; - // BAD_RANDOMNESS - uint timestamp = block.timestamp; - // BAD_RANDOMNESS - return uint8(uint256(keccak256(block.blockhash(b), player, cardNumber, timestamp)) % 52); - } - - function valueOf(uint8 card, bool isBigAce) internal constant returns (uint8) { - uint8 value = card / 4; - if (value == 0 || value == 11 || value == 12) { // Face cards - return 10; - } - if (value == 1 && isBigAce) { // Ace is worth 11 - return 11; - } - return value; - } - - function isAce(uint8 card) internal constant returns (bool) { - return card / 4 == 1; - } - - function isTen(uint8 card) internal constant returns (bool) { - return card / 4 == 10; - } -} - - -contract BlackJack { - using Deck for *; - - uint public minBet = 50 finney; // 0.05 eth - uint public maxBet = 5 ether; - - uint8 BLACKJACK = 21; - - enum GameState { Ongoing, Player, Tie, House } - - struct Game { - address player; // address игрока - uint bet; // стывка - - uint8[] houseCards; // карты диллера - uint8[] playerCards; // карты игрока - - GameState state; // состояние - uint8 cardsDealt; - } - - mapping (address => Game) public games; - - modifier gameIsGoingOn() { - if (games[msg.sender].player == 0 || games[msg.sender].state != GameState.Ongoing) { - throw; // game doesn't exist or already finished - } - _; - } - - event Deal( - bool isUser, - uint8 _card - ); - - event GameStatus( - uint8 houseScore, - uint8 houseScoreBig, - uint8 playerScore, - uint8 playerScoreBig - ); - - event Log( - uint8 value - ); - - function BlackJack() { - - } - - function () payable { - - } - - // starts a new game - function deal() public payable { - if (games[msg.sender].player != 0 && games[msg.sender].state == GameState.Ongoing) { - throw; // game is already going on - } - - if (msg.value < minBet || msg.value > maxBet) { - throw; // incorrect bet - } - - uint8[] memory houseCards = new uint8[](1); - uint8[] memory playerCards = new uint8[](2); - - // deal the cards - playerCards[0] = Deck.deal(msg.sender, 0); - Deal(true, playerCards[0]); - houseCards[0] = Deck.deal(msg.sender, 1); - Deal(false, houseCards[0]); - playerCards[1] = Deck.deal(msg.sender, 2); - Deal(true, playerCards[1]); - - games[msg.sender] = Game({ - player: msg.sender, - bet: msg.value, - houseCards: houseCards, - playerCards: playerCards, - state: GameState.Ongoing, - cardsDealt: 3 - }); - - checkGameResult(games[msg.sender], false); - } - - // deals one more card to the player - function hit() public gameIsGoingOn { - uint8 nextCard = games[msg.sender].cardsDealt; - games[msg.sender].playerCards.push(Deck.deal(msg.sender, nextCard)); - games[msg.sender].cardsDealt = nextCard + 1; - Deal(true, games[msg.sender].playerCards[games[msg.sender].playerCards.length - 1]); - checkGameResult(games[msg.sender], false); - } - - // finishes the game - function stand() public gameIsGoingOn { - - var (houseScore, houseScoreBig) = calculateScore(games[msg.sender].houseCards); - - while (houseScoreBig < 17) { - uint8 nextCard = games[msg.sender].cardsDealt; - uint8 newCard = Deck.deal(msg.sender, nextCard); - games[msg.sender].houseCards.push(newCard); - games[msg.sender].cardsDealt = nextCard + 1; - houseScoreBig += Deck.valueOf(newCard, true); - Deal(false, newCard); - } - - checkGameResult(games[msg.sender], true); - } - - // @param finishGame - whether to finish the game or not (in case of Blackjack the game finishes anyway) - function checkGameResult(Game game, bool finishGame) private { - // calculate house score - var (houseScore, houseScoreBig) = calculateScore(game.houseCards); - // calculate player score - var (playerScore, playerScoreBig) = calculateScore(game.playerCards); - - GameStatus(houseScore, houseScoreBig, playerScore, playerScoreBig); - - if (houseScoreBig == BLACKJACK || houseScore == BLACKJACK) { - if (playerScore == BLACKJACK || playerScoreBig == BLACKJACK) { - // TIE - if (!msg.sender.send(game.bet)) throw; // return bet to the player - games[msg.sender].state = GameState.Tie; // finish the game - return; - } else { - // HOUSE WON - games[msg.sender].state = GameState.House; // simply finish the game - return; - } - } else { - if (playerScore == BLACKJACK || playerScoreBig == BLACKJACK) { - // PLAYER WON - if (game.playerCards.length == 2 && (Deck.isTen(game.playerCards[0]) || Deck.isTen(game.playerCards[1]))) { - // Natural blackjack => return x2.5 - if (!msg.sender.send((game.bet * 5) / 2)) throw; // send prize to the player - } else { - // Usual blackjack => return x2 - if (!msg.sender.send(game.bet * 2)) throw; // send prize to the player - } - games[msg.sender].state = GameState.Player; // finish the game - return; - } else { - - if (playerScore > BLACKJACK) { - // BUST, HOUSE WON - Log(1); - games[msg.sender].state = GameState.House; // finish the game - return; - } - - if (!finishGame) { - return; // continue the game - } - - // недобор - uint8 playerShortage = 0; - uint8 houseShortage = 0; - - // player decided to finish the game - if (playerScoreBig > BLACKJACK) { - if (playerScore > BLACKJACK) { - // HOUSE WON - games[msg.sender].state = GameState.House; // simply finish the game - return; - } else { - playerShortage = BLACKJACK - playerScore; - } - } else { - playerShortage = BLACKJACK - playerScoreBig; - } - - if (houseScoreBig > BLACKJACK) { - if (houseScore > BLACKJACK) { - // PLAYER WON - if (!msg.sender.send(game.bet * 2)) throw; // send prize to the player - games[msg.sender].state = GameState.Player; - return; - } else { - houseShortage = BLACKJACK - houseScore; - } - } else { - houseShortage = BLACKJACK - houseScoreBig; - } - - // ?????????????????????? почему игра заканчивается? - if (houseShortage == playerShortage) { - // TIE - if (!msg.sender.send(game.bet)) throw; // return bet to the player - games[msg.sender].state = GameState.Tie; - } else if (houseShortage > playerShortage) { - // PLAYER WON - if (!msg.sender.send(game.bet * 2)) throw; // send prize to the player - games[msg.sender].state = GameState.Player; - } else { - games[msg.sender].state = GameState.House; - } - } - } - } - - function calculateScore(uint8[] cards) private constant returns (uint8, uint8) { - uint8 score = 0; - uint8 scoreBig = 0; // in case of Ace there could be 2 different scores - bool bigAceUsed = false; - for (uint i = 0; i < cards.length; ++i) { - uint8 card = cards[i]; - if (Deck.isAce(card) && !bigAceUsed) { // doesn't make sense to use the second Ace as 11, because it leads to the losing - scoreBig += Deck.valueOf(card, true); - bigAceUsed = true; - } else { - scoreBig += Deck.valueOf(card, false); - } - score += Deck.valueOf(card, false); - } - return (score, scoreBig); - } - - function getPlayerCard(uint8 id) public gameIsGoingOn constant returns(uint8) { - if (id < 0 || id > games[msg.sender].playerCards.length) { - throw; - } - return games[msg.sender].playerCards[id]; - } - - function getHouseCard(uint8 id) public gameIsGoingOn constant returns(uint8) { - if (id < 0 || id > games[msg.sender].houseCards.length) { - throw; - } - return games[msg.sender].houseCards[id]; - } - - function getPlayerCardsNumber() public gameIsGoingOn constant returns(uint) { - return games[msg.sender].playerCards.length; - } - - function getHouseCardsNumber() public gameIsGoingOn constant returns(uint) { - return games[msg.sender].houseCards.length; - } - - function getGameState() public constant returns (uint8) { - if (games[msg.sender].player == 0) { - throw; // game doesn't exist - } - - Game game = games[msg.sender]; - - if (game.state == GameState.Player) { - return 1; - } - if (game.state == GameState.House) { - return 2; - } - if (game.state == GameState.Tie) { - return 3; - } - - return 0; // the game is still going on - } - -} diff --git a/dataset/bad_randomness/etheraffle.sol b/dataset/bad_randomness/etheraffle.sol deleted file mode 100644 index 21e0b54..0000000 --- a/dataset/bad_randomness/etheraffle.sol +++ /dev/null @@ -1,174 +0,0 @@ -/* - * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620 - * @source: https://etherscan.io/address/0xcC88937F325d1C6B97da0AFDbb4cA542EFA70870#code - * @vulnerable_at_lines: 49,99,101,103,114,158 - * @author: - - */ - - pragma solidity ^0.4.16; - -contract Ethraffle_v4b { - struct Contestant { - address addr; - uint raffleId; - } - - event RaffleResult( - uint raffleId, - uint winningNumber, - address winningAddress, - address seed1, - address seed2, - uint seed3, - bytes32 randHash - ); - - event TicketPurchase( - uint raffleId, - address contestant, - uint number - ); - - event TicketRefund( - uint raffleId, - address contestant, - uint number - ); - - // Constants - uint public constant prize = 2.5 ether; - uint public constant fee = 0.03 ether; - uint public constant totalTickets = 50; - uint public constant pricePerTicket = (prize + fee) / totalTickets; // Make sure this divides evenly - address feeAddress; - - // Other internal variables - bool public paused = false; - uint public raffleId = 1; - // BAD_RANDOMNESS - uint public blockNumber = block.number; - uint nextTicket = 0; - mapping (uint => Contestant) contestants; - uint[] gaps; - - // Initialization - function Ethraffle_v4b() public { - feeAddress = msg.sender; - } - - // Call buyTickets() when receiving Ether outside a function - function () payable public { - buyTickets(); - } - - function buyTickets() payable public { - if (paused) { - msg.sender.transfer(msg.value); - return; - } - - uint moneySent = msg.value; - - while (moneySent >= pricePerTicket && nextTicket < totalTickets) { - uint currTicket = 0; - if (gaps.length > 0) { - currTicket = gaps[gaps.length-1]; - gaps.length--; - } else { - currTicket = nextTicket++; - } - - contestants[currTicket] = Contestant(msg.sender, raffleId); - TicketPurchase(raffleId, msg.sender, currTicket); - moneySent -= pricePerTicket; - } - - // Choose winner if we sold all the tickets - if (nextTicket == totalTickets) { - chooseWinner(); - } - - // Send back leftover money - if (moneySent > 0) { - msg.sender.transfer(moneySent); - } - } - - function chooseWinner() private { - // BAD_RANDOMNESS - address seed1 = contestants[uint(block.coinbase) % totalTickets].addr; - // BAD_RANDOMNESS - address seed2 = contestants[uint(msg.sender) % totalTickets].addr; - // BAD_RANDOMNESS - uint seed3 = block.difficulty; - bytes32 randHash = keccak256(seed1, seed2, seed3); - - uint winningNumber = uint(randHash) % totalTickets; - address winningAddress = contestants[winningNumber].addr; - RaffleResult(raffleId, winningNumber, winningAddress, seed1, seed2, seed3, randHash); - - // Start next raffle - raffleId++; - nextTicket = 0; - // BAD_RANDOMNESS - blockNumber = block.number; - - // gaps.length = 0 isn't necessary here, - // because buyTickets() eventually clears - // the gaps array in the loop itself. - - // Distribute prize and fee - winningAddress.transfer(prize); - feeAddress.transfer(fee); - } - - // Get your money back before the raffle occurs - function getRefund() public { - uint refund = 0; - for (uint i = 0; i < totalTickets; i++) { - if (msg.sender == contestants[i].addr && raffleId == contestants[i].raffleId) { - refund += pricePerTicket; - contestants[i] = Contestant(address(0), 0); - gaps.push(i); - TicketRefund(raffleId, msg.sender, i); - } - } - - if (refund > 0) { - msg.sender.transfer(refund); - } - } - - // Refund everyone's money, start a new raffle, then pause it - function endRaffle() public { - if (msg.sender == feeAddress) { - paused = true; - - for (uint i = 0; i < totalTickets; i++) { - if (raffleId == contestants[i].raffleId) { - TicketRefund(raffleId, contestants[i].addr, i); - contestants[i].addr.transfer(pricePerTicket); - } - } - - RaffleResult(raffleId, totalTickets, address(0), address(0), address(0), 0, 0); - raffleId++; - nextTicket = 0; - // BAD_RANDOMNESS - blockNumber = block.number; - gaps.length = 0; - } - } - - function togglePause() public { - if (msg.sender == feeAddress) { - paused = !paused; - } - } - - function kill() public { - if (msg.sender == feeAddress) { - selfdestruct(feeAddress); - } - } -} diff --git a/dataset/bad_randomness/guess_the_random_number.sol b/dataset/bad_randomness/guess_the_random_number.sol deleted file mode 100644 index d2c45c5..0000000 --- a/dataset/bad_randomness/guess_the_random_number.sol +++ /dev/null @@ -1,29 +0,0 @@ -/* - * @source: https://capturetheether.com/challenges/lotteries/guess-the-random-number/ - * @author: Steve Marx - * @vulnerable_at_lines: 15 - */ - -pragma solidity ^0.4.21; - -contract GuessTheRandomNumberChallenge { - uint8 answer; - - function GuessTheRandomNumberChallenge() public payable { - require(msg.value == 1 ether); - // BAD_RANDOMNESS - answer = uint8(keccak256(block.blockhash(block.number - 1), now)); - } - - function isComplete() public view returns (bool) { - return address(this).balance == 0; - } - - function guess(uint8 n) public payable { - require(msg.value == 1 ether); - - if (n == answer) { - msg.sender.transfer(2 ether); - } - } -} diff --git a/dataset/bad_randomness/lottery.sol b/dataset/bad_randomness/lottery.sol deleted file mode 100644 index 3e6acb5..0000000 --- a/dataset/bad_randomness/lottery.sol +++ /dev/null @@ -1,68 +0,0 @@ -/* - * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620 - * @source: https://etherscan.io/address/0x80ddae5251047d6ceb29765f38fed1c0013004b7#code - * @vulnerable_at_lines: 38,42 - * @author: - - */ - - //added pragma version - pragma solidity ^0.4.0; - - contract Lottery { - event GetBet(uint betAmount, uint blockNumber, bool won); - - struct Bet { - uint betAmount; - uint blockNumber; - bool won; - } - - address private organizer; - Bet[] private bets; - - // Create a new lottery with numOfBets supported bets. - function Lottery() { - organizer = msg.sender; - } - - // Fallback function returns ether - function() { - throw; - } - - // Make a bet - function makeBet() { - // Won if block number is even - // (note: this is a terrible source of randomness, please don't use this with real money) - // BAD_RANDOMNESS - bool won = (block.number % 2) == 0; - - // Record the bet with an event - // BAD_RANDOMNESS - bets.push(Bet(msg.value, block.number, won)); - - // Payout if the user won, otherwise take their money - if(won) { - if(!msg.sender.send(msg.value)) { - // Return ether to sender - throw; - } - } - } - - // Get all bets that have been made - function getBets() { - if(msg.sender != organizer) { throw; } - - for (uint i = 0; i < bets.length; i++) { - GetBet(bets[i].betAmount, bets[i].blockNumber, bets[i].won); - } - } - - // Suicide :( - function destroy() { - if(msg.sender != organizer) { throw; } - - suicide(organizer); - } - } diff --git a/dataset/bad_randomness/lucky_doubler.sol b/dataset/bad_randomness/lucky_doubler.sol deleted file mode 100644 index ad72d17..0000000 --- a/dataset/bad_randomness/lucky_doubler.sol +++ /dev/null @@ -1,191 +0,0 @@ -/* - * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620 - * @source: https://etherscan.io/address/0xF767fCA8e65d03fE16D4e38810f5E5376c3372A8#code - * @vulnerable_at_lines: 127,128,129,130,132 - * @author: - - */ - - //added pragma version -pragma solidity ^0.4.0; - - contract LuckyDoubler { -//########################################################## -//#### LuckyDoubler: A doubler with random payout order #### -//#### Deposit 1 ETHER to participate #### -//########################################################## -//COPYRIGHT 2016 KATATSUKI ALL RIGHTS RESERVED -//No part of this source code may be reproduced, distributed, -//modified or transmitted in any form or by any means without -//the prior written permission of the creator. - - address private owner; - - //Stored variables - uint private balance = 0; - uint private fee = 5; - uint private multiplier = 125; - - mapping (address => User) private users; - Entry[] private entries; - uint[] private unpaidEntries; - - //Set owner on contract creation - function LuckyDoubler() { - owner = msg.sender; - } - - modifier onlyowner { if (msg.sender == owner) _; } - - struct User { - address id; - uint deposits; - uint payoutsReceived; - } - - struct Entry { - address entryAddress; - uint deposit; - uint payout; - bool paid; - } - - //Fallback function - function() { - init(); - } - - function init() private{ - - if (msg.value < 1 ether) { - msg.sender.send(msg.value); - return; - } - - join(); - } - - function join() private { - - //Limit deposits to 1ETH - uint dValue = 1 ether; - - if (msg.value > 1 ether) { - - msg.sender.send(msg.value - 1 ether); - dValue = 1 ether; - } - - //Add new users to the users array - if (users[msg.sender].id == address(0)) - { - users[msg.sender].id = msg.sender; - users[msg.sender].deposits = 0; - users[msg.sender].payoutsReceived = 0; - } - - //Add new entry to the entries array - entries.push(Entry(msg.sender, dValue, (dValue * (multiplier) / 100), false)); - users[msg.sender].deposits++; - unpaidEntries.push(entries.length -1); - - //Collect fees and update contract balance - balance += (dValue * (100 - fee)) / 100; - - uint index = unpaidEntries.length > 1 ? rand(unpaidEntries.length) : 0; - Entry theEntry = entries[unpaidEntries[index]]; - - //Pay pending entries if the new balance allows for it - if (balance > theEntry.payout) { - - uint payout = theEntry.payout; - - theEntry.entryAddress.send(payout); - theEntry.paid = true; - users[theEntry.entryAddress].payoutsReceived++; - - balance -= payout; - - if (index < unpaidEntries.length - 1) - unpaidEntries[index] = unpaidEntries[unpaidEntries.length - 1]; - - unpaidEntries.length--; - - } - - //Collect money from fees and possible leftovers from errors (actual balance untouched) - uint fees = this.balance - balance; - if (fees > 0) - { - owner.send(fees); - } - - } - - //Generate random number between 0 & max - uint256 constant private FACTOR = 1157920892373161954235709850086879078532699846656405640394575840079131296399; - // BAD_RANDOMNESS - function rand(uint max) constant private returns (uint256 result){ - uint256 factor = FACTOR * 100 / max; - uint256 lastBlockNumber = block.number - 1; - uint256 hashVal = uint256(block.blockhash(lastBlockNumber)); - - return uint256((uint256(hashVal) / factor)) % max; - } - - - //Contract management - function changeOwner(address newOwner) onlyowner { - owner = newOwner; - } - - function changeMultiplier(uint multi) onlyowner { - if (multi < 110 || multi > 150) throw; - - multiplier = multi; - } - - function changeFee(uint newFee) onlyowner { - if (fee > 5) - throw; - fee = newFee; - } - - - //JSON functions - function multiplierFactor() constant returns (uint factor, string info) { - factor = multiplier; - info = 'The current multiplier applied to all deposits. Min 110%, max 150%.'; - } - - function currentFee() constant returns (uint feePercentage, string info) { - feePercentage = fee; - info = 'The fee percentage applied to all deposits. It can change to speed payouts (max 5%).'; - } - - function totalEntries() constant returns (uint count, string info) { - count = entries.length; - info = 'The number of deposits.'; - } - - function userStats(address user) constant returns (uint deposits, uint payouts, string info) - { - if (users[user].id != address(0x0)) - { - deposits = users[user].deposits; - payouts = users[user].payoutsReceived; - info = 'Users stats: total deposits, payouts received.'; - } - } - - function entryDetails(uint index) constant returns (address user, uint payout, bool paid, string info) - { - if (index < entries.length) { - user = entries[index].entryAddress; - payout = entries[index].payout / 1 finney; - paid = entries[index].paid; - info = 'Entry info: user address, expected payout in Finneys, payout status.'; - } - } - - -} diff --git a/dataset/bad_randomness/old_blockhash.sol b/dataset/bad_randomness/old_blockhash.sol deleted file mode 100644 index b44463e..0000000 --- a/dataset/bad_randomness/old_blockhash.sol +++ /dev/null @@ -1,42 +0,0 @@ -/* - * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/weak_randomness/old_blockhash.sol - * @author: - - * @vulnerable_at_lines: 35 - */ - -pragma solidity ^0.4.24; - -//Based on the the Capture the Ether challange at https://capturetheether.com/challenges/lotteries/predict-the-block-hash/ -//Note that while it seems to have a 1/2^256 chance you guess the right hash, actually blockhash returns zero for blocks numbers that are more than 256 blocks ago so you can guess zero and wait. -contract PredictTheBlockHashChallenge { - - struct guess{ - uint block; - bytes32 guess; - } - - mapping(address => guess) guesses; - - constructor() public payable { - require(msg.value == 1 ether); - } - - function lockInGuess(bytes32 hash) public payable { - require(guesses[msg.sender].block == 0); - require(msg.value == 1 ether); - - guesses[msg.sender].guess = hash; - guesses[msg.sender].block = block.number + 1; - } - - function settle() public { - require(block.number > guesses[msg.sender].block); - // BAD_RANDOMNESS - bytes32 answer = blockhash(guesses[msg.sender].block); - - guesses[msg.sender].block = 0; - if (guesses[msg.sender].guess == answer) { - msg.sender.transfer(2 ether); - } - } -} diff --git a/dataset/bad_randomness/random_number_generator.sol b/dataset/bad_randomness/random_number_generator.sol deleted file mode 100644 index 2bbae05..0000000 --- a/dataset/bad_randomness/random_number_generator.sol +++ /dev/null @@ -1,26 +0,0 @@ -/* - * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/weak_randomness/random_number_generator.sol - * @author: - - * @vulnerable_at_lines: 12,18,20,22 - */ - -pragma solidity ^0.4.25; - -// Based on TheRun contract deployed at 0xcac337492149bDB66b088bf5914beDfBf78cCC18. -contract RandomNumberGenerator { - // BAD_RANDOMNESS - uint256 private salt = block.timestamp; - - function random(uint max) view private returns (uint256 result) { - // Get the best seed for randomness - uint256 x = salt * 100 / max; - // BAD_RANDOMNESS - uint256 y = salt * block.number / (salt % 5); - // BAD_RANDOMNESS - uint256 seed = block.number / 3 + (salt % 300) + y; - // BAD_RANDOMNESS - uint256 h = uint256(blockhash(seed)); - // Random number between 1 and max - return uint256((h / x)) % max + 1; - } -} diff --git a/dataset/bad_randomness/smart_billions.sol b/dataset/bad_randomness/smart_billions.sol deleted file mode 100644 index f24e9a3..0000000 --- a/dataset/bad_randomness/smart_billions.sol +++ /dev/null @@ -1,771 +0,0 @@ -/* - * @source: https://etherscan.io/address/0x5ace17f87c7391e5792a7683069a8025b83bbd85#code - * @author: - - * @vulnerable_at_lines: 523,560,700,702,704,706,708,710,712,714,716,718 - */ - -pragma solidity ^0.4.13; - -library SafeMath { - function sub(uint a, uint b) internal returns (uint) { - assert(b <= a); - return a - b; - } - function add(uint a, uint b) internal returns (uint) { - uint c = a + b; - assert(c >= a); - return c; - } -} - -contract ERC20Basic { - uint public totalSupply; - address public owner; //owner - address public animator; //animator - function balanceOf(address who) constant returns (uint); - function transfer(address to, uint value); - event Transfer(address indexed from, address indexed to, uint value); - function commitDividend(address who) internal; // pays remaining dividend -} - -contract ERC20 is ERC20Basic { - function allowance(address owner, address spender) constant returns (uint); - function transferFrom(address from, address to, uint value); - function approve(address spender, uint value); - event Approval(address indexed owner, address indexed spender, uint value); -} - -contract BasicToken is ERC20Basic { - using SafeMath for uint; - mapping(address => uint) balances; - - modifier onlyPayloadSize(uint size) { - assert(msg.data.length >= size + 4); - _; - } - /** - * @dev transfer token for a specified address - * @param _to The address to transfer to. - * @param _value The amount to be transferred. - */ - function transfer(address _to, uint _value) onlyPayloadSize(2 * 32) { - commitDividend(msg.sender); - balances[msg.sender] = balances[msg.sender].sub(_value); - if(_to == address(this)) { - commitDividend(owner); - balances[owner] = balances[owner].add(_value); - Transfer(msg.sender, owner, _value); - } - else { - commitDividend(_to); - balances[_to] = balances[_to].add(_value); - Transfer(msg.sender, _to, _value); - } - } - /** - * @dev Gets the balance of the specified address. - * @param _owner The address to query the the balance of. - * @return An uint representing the amount owned by the passed address. - */ - function balanceOf(address _owner) constant returns (uint balance) { - return balances[_owner]; - } -} - -contract StandardToken is BasicToken, ERC20 { - mapping (address => mapping (address => uint)) allowed; - - /** - * @dev Transfer tokens from one address to another - * @param _from address The address which you want to send tokens from - * @param _to address The address which you want to transfer to - * @param _value uint the amout of tokens to be transfered - */ - function transferFrom(address _from, address _to, uint _value) onlyPayloadSize(3 * 32) { - var _allowance = allowed[_from][msg.sender]; - commitDividend(_from); - commitDividend(_to); - balances[_to] = balances[_to].add(_value); - balances[_from] = balances[_from].sub(_value); - allowed[_from][msg.sender] = _allowance.sub(_value); - Transfer(_from, _to, _value); - } - /** - * @dev Aprove the passed address to spend the specified amount of tokens on beahlf of msg.sender. - * @param _spender The address which will spend the funds. - * @param _value The amount of tokens to be spent. - */ - function approve(address _spender, uint _value) { - // https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729 - assert(!((_value != 0) && (allowed[msg.sender][_spender] != 0))); - allowed[msg.sender][_spender] = _value; - Approval(msg.sender, _spender, _value); - } - /** - * @dev Function to check the amount of tokens than an owner allowed to a spender. - * @param _owner address The address which owns the funds. - * @param _spender address The address which will spend the funds. - * @return A uint specifing the amount of tokens still avaible for the spender. - */ - function allowance(address _owner, address _spender) constant returns (uint remaining) { - return allowed[_owner][_spender]; - } -} - -/** - * @title SmartBillions contract - */ -contract SmartBillions is StandardToken { - - // metadata - string public constant name = "SmartBillions Token"; - string public constant symbol = "PLAY"; - uint public constant decimals = 0; - - // contract state - struct Wallet { - uint208 balance; // current balance of user - uint16 lastDividendPeriod; // last processed dividend period of user's tokens - uint32 nextWithdrawBlock; // next withdrawal possible after this block number - } - mapping (address => Wallet) wallets; - struct Bet { - uint192 value; // bet size - uint32 betHash; // selected numbers - uint32 blockNum; // blocknumber when lottery runs - } - mapping (address => Bet) bets; - - uint public walletBalance = 0; // sum of funds in wallets - - // investment parameters - uint public investStart = 1; // investment start block, 0: closed, 1: preparation - uint public investBalance = 0; // funding from investors - uint public investBalanceMax = 200000 ether; // maximum funding - uint public dividendPeriod = 1; - uint[] public dividends; // dividens collected per period, growing array - - // betting parameters - uint public maxWin = 0; // maximum prize won - uint public hashFirst = 0; // start time of building hashes database - uint public hashLast = 0; // last saved block of hashes - uint public hashNext = 0; // next available bet block.number - uint public hashBetSum = 0; // used bet volume of next block - uint public hashBetMax = 5 ether; // maximum bet size per block - uint[] public hashes; // space for storing lottery results - - // constants - //uint public constant hashesSize = 1024 ; // DEBUG ONLY !!! - uint public constant hashesSize = 16384 ; // 30 days of blocks - uint public coldStoreLast = 0 ; // block of last cold store transfer - - // events - event LogBet(address indexed player, uint bethash, uint blocknumber, uint betsize); - event LogLoss(address indexed player, uint bethash, uint hash); - event LogWin(address indexed player, uint bethash, uint hash, uint prize); - event LogInvestment(address indexed investor, address indexed partner, uint amount); - event LogRecordWin(address indexed player, uint amount); - event LogLate(address indexed player,uint playerBlockNumber,uint currentBlockNumber); - event LogDividend(address indexed investor, uint amount, uint period); - - modifier onlyOwner() { - assert(msg.sender == owner); - _; - } - - modifier onlyAnimator() { - assert(msg.sender == animator); - _; - } - - // constructor - function SmartBillions() { - owner = msg.sender; - animator = msg.sender; - wallets[owner].lastDividendPeriod = uint16(dividendPeriod); - dividends.push(0); // not used - dividends.push(0); // current dividend - } - -/* getters */ - - /** - * @dev Show length of allocated swap space - */ - function hashesLength() constant external returns (uint) { - return uint(hashes.length); - } - - /** - * @dev Show balance of wallet - * @param _owner The address of the account. - */ - function walletBalanceOf(address _owner) constant external returns (uint) { - return uint(wallets[_owner].balance); - } - - /** - * @dev Show last dividend period processed - * @param _owner The address of the account. - */ - function walletPeriodOf(address _owner) constant external returns (uint) { - return uint(wallets[_owner].lastDividendPeriod); - } - - /** - * @dev Show block number when withdraw can continue - * @param _owner The address of the account. - */ - function walletBlockOf(address _owner) constant external returns (uint) { - return uint(wallets[_owner].nextWithdrawBlock); - } - - /** - * @dev Show bet size. - * @param _owner The address of the player. - */ - function betValueOf(address _owner) constant external returns (uint) { - return uint(bets[_owner].value); - } - - /** - * @dev Show block number of lottery run for the bet. - * @param _owner The address of the player. - */ - function betHashOf(address _owner) constant external returns (uint) { - return uint(bets[_owner].betHash); - } - - /** - * @dev Show block number of lottery run for the bet. - * @param _owner The address of the player. - */ - function betBlockNumberOf(address _owner) constant external returns (uint) { - return uint(bets[_owner].blockNum); - } - - /** - * @dev Print number of block till next expected dividend payment - */ - function dividendsBlocks() constant external returns (uint) { - if(investStart > 0) { - return(0); - } - uint period = (block.number - hashFirst) / (10 * hashesSize); - if(period > dividendPeriod) { - return(0); - } - return((10 * hashesSize) - ((block.number - hashFirst) % (10 * hashesSize))); - } - -/* administrative functions */ - - /** - * @dev Change owner. - * @param _who The address of new owner. - */ - function changeOwner(address _who) external onlyOwner { - assert(_who != address(0)); - commitDividend(msg.sender); - commitDividend(_who); - owner = _who; - } - - /** - * @dev Change animator. - * @param _who The address of new animator. - */ - function changeAnimator(address _who) external onlyAnimator { - assert(_who != address(0)); - commitDividend(msg.sender); - commitDividend(_who); - animator = _who; - } - - /** - * @dev Set ICO Start block. - * @param _when The block number of the ICO. - */ - function setInvestStart(uint _when) external onlyOwner { - require(investStart == 1 && hashFirst > 0 && block.number < _when); - investStart = _when; - } - - /** - * @dev Set maximum bet size per block - * @param _maxsum The maximum bet size in wei. - */ - function setBetMax(uint _maxsum) external onlyOwner { - hashBetMax = _maxsum; - } - - /** - * @dev Reset bet size accounting, to increase bet volume above safe limits - */ - function resetBet() external onlyOwner { - hashNext = block.number + 3; - hashBetSum = 0; - } - - /** - * @dev Move funds to cold storage - * @dev investBalance and walletBalance is protected from withdraw by owner - * @dev if funding is > 50% admin can withdraw only 0.25% of balance weakly - * @param _amount The amount of wei to move to cold storage - */ - function coldStore(uint _amount) external onlyOwner { - houseKeeping(); - require(_amount > 0 && this.balance >= (investBalance * 9 / 10) + walletBalance + _amount); - if(investBalance >= investBalanceMax / 2){ // additional jackpot protection - require((_amount <= this.balance / 400) && coldStoreLast + 4 * 60 * 24 * 7 <= block.number); - } - msg.sender.transfer(_amount); - coldStoreLast = block.number; - } - - /** - * @dev Move funds to contract jackpot - */ - function hotStore() payable external { - houseKeeping(); - } - -/* housekeeping functions */ - - /** - * @dev Update accounting - */ - function houseKeeping() public { - if(investStart > 1 && block.number >= investStart + (hashesSize * 5)){ // ca. 14 days - investStart = 0; // start dividend payments - } - else { - if(hashFirst > 0){ - uint period = (block.number - hashFirst) / (10 * hashesSize ); - if(period > dividends.length - 2) { - dividends.push(0); - } - if(period > dividendPeriod && investStart == 0 && dividendPeriod < dividends.length - 1) { - dividendPeriod++; - } - } - } - } - -/* payments */ - - /** - * @dev Pay balance from wallet - */ - function payWallet() public { - if(wallets[msg.sender].balance > 0 && wallets[msg.sender].nextWithdrawBlock <= block.number){ - uint balance = wallets[msg.sender].balance; - wallets[msg.sender].balance = 0; - walletBalance -= balance; - pay(balance); - } - } - - function pay(uint _amount) private { - uint maxpay = this.balance / 2; - if(maxpay >= _amount) { - msg.sender.transfer(_amount); - if(_amount > 1 finney) { - houseKeeping(); - } - } - else { - uint keepbalance = _amount - maxpay; - walletBalance += keepbalance; - wallets[msg.sender].balance += uint208(keepbalance); - wallets[msg.sender].nextWithdrawBlock = uint32(block.number + 4 * 60 * 24 * 30); // wait 1 month for more funds - msg.sender.transfer(maxpay); - } - } - -/* investment functions */ - - /** - * @dev Buy tokens - */ - function investDirect() payable external { - invest(owner); - } - - /** - * @dev Buy tokens with affiliate partner - * @param _partner Affiliate partner - */ - function invest(address _partner) payable public { - //require(fromUSA()==false); // fromUSA() not yet implemented :-( - require(investStart > 1 && block.number < investStart + (hashesSize * 5) && investBalance < investBalanceMax); - uint investing = msg.value; - if(investing > investBalanceMax - investBalance) { - investing = investBalanceMax - investBalance; - investBalance = investBalanceMax; - investStart = 0; // close investment round - msg.sender.transfer(msg.value.sub(investing)); // send back funds immediately - } - else{ - investBalance += investing; - } - if(_partner == address(0) || _partner == owner){ - walletBalance += investing / 10; - wallets[owner].balance += uint208(investing / 10);} // 10% for marketing if no affiliates - else{ - walletBalance += (investing * 5 / 100) * 2; - wallets[owner].balance += uint208(investing * 5 / 100); // 5% initial marketing funds - wallets[_partner].balance += uint208(investing * 5 / 100);} // 5% for affiliates - wallets[msg.sender].lastDividendPeriod = uint16(dividendPeriod); // assert(dividendPeriod == 1); - uint senderBalance = investing / 10**15; - uint ownerBalance = investing * 16 / 10**17 ; - uint animatorBalance = investing * 10 / 10**17 ; - balances[msg.sender] += senderBalance; - balances[owner] += ownerBalance ; // 13% of shares go to developers - balances[animator] += animatorBalance ; // 8% of shares go to animator - totalSupply += senderBalance + ownerBalance + animatorBalance; - Transfer(address(0),msg.sender,senderBalance); // for etherscan - Transfer(address(0),owner,ownerBalance); // for etherscan - Transfer(address(0),animator,animatorBalance); // for etherscan - LogInvestment(msg.sender,_partner,investing); - } - - /** - * @dev Delete all tokens owned by sender and return unpaid dividends and 90% of initial investment - */ - function disinvest() external { - require(investStart == 0); - commitDividend(msg.sender); - uint initialInvestment = balances[msg.sender] * 10**15; - Transfer(msg.sender,address(0),balances[msg.sender]); // for etherscan - delete balances[msg.sender]; // totalSupply stays the same, investBalance is reduced - investBalance -= initialInvestment; - wallets[msg.sender].balance += uint208(initialInvestment * 9 / 10); - payWallet(); - } - - /** - * @dev Pay unpaid dividends - */ - function payDividends() external { - require(investStart == 0); - commitDividend(msg.sender); - payWallet(); - } - - /** - * @dev Commit remaining dividends before transfer of tokens - */ - function commitDividend(address _who) internal { - uint last = wallets[_who].lastDividendPeriod; - if((balances[_who]==0) || (last==0)){ - wallets[_who].lastDividendPeriod=uint16(dividendPeriod); - return; - } - if(last==dividendPeriod) { - return; - } - uint share = balances[_who] * 0xffffffff / totalSupply; - uint balance = 0; - for(;last=player.blockNum + (10 * hashesSize))){ - return(0); - } - if(block.number BAD_RANDOMNESS - return(betPrize(player,uint24(block.blockhash(player.blockNum)))); - } - if(hashFirst>0){ - uint32 hash = getHash(player.blockNum); - if(hash == 0x1000000) { // load hash failed :-(, return funds - return(uint(player.value)); - } - else{ - return(betPrize(player,uint24(hash))); - } - } - return(0); - } - - /** - * @dev Check if won in lottery - */ - function won() public { - Bet memory player = bets[msg.sender]; - if(player.blockNum==0){ // create a new player - bets[msg.sender] = Bet({value: 0, betHash: 0, blockNum: 1}); - return; - } - if((player.value==0) || (player.blockNum==1)){ - payWallet(); - return; - } - require(block.number>player.blockNum); // if there is an active bet, throw() - if(player.blockNum + (10 * hashesSize) <= block.number){ // last bet too long ago, lost ! - LogLate(msg.sender,player.blockNum,block.number); - bets[msg.sender] = Bet({value: 0, betHash: 0, blockNum: 1}); - return; - } - uint prize = 0; - uint32 hash = 0; - if(block.number BAD_RANDOMNESS - hash = uint24(block.blockhash(player.blockNum)); - prize = betPrize(player,uint24(hash)); - } - else { - if(hashFirst>0){ // lottery is open even before swap space (hashes) is ready, but player must collect results within 256 blocks after run - hash = getHash(player.blockNum); - if(hash == 0x1000000) { // load hash failed :-(, return funds - prize = uint(player.value); - } - else{ - prize = betPrize(player,uint24(hash)); - } - } - else{ - LogLate(msg.sender,player.blockNum,block.number); - bets[msg.sender] = Bet({value: 0, betHash: 0, blockNum: 1}); - return(); - } - } - bets[msg.sender] = Bet({value: 0, betHash: 0, blockNum: 1}); - if(prize>0) { - LogWin(msg.sender,uint(player.betHash),uint(hash),prize); - if(prize > maxWin){ - maxWin = prize; - LogRecordWin(msg.sender,prize); - } - pay(prize); - } - else{ - LogLoss(msg.sender,uint(player.betHash),uint(hash)); - } - } - - /** - * @dev Send ether to buy tokens during ICO - * @dev or send less than 1 ether to contract to play - * @dev or send 0 to collect prize - */ - function () payable external { - if(msg.value > 0){ - if(investStart>1){ // during ICO payment to the contract is treated as investment - invest(owner); - } - else{ // if not ICO running payment to contract is treated as play - play(); - } - return; - } - //check for dividends and other assets - if(investStart == 0 && balances[msg.sender]>0){ - commitDividend(msg.sender);} - won(); // will run payWallet() if nothing else available - } - - /** - * @dev Play in lottery - */ - function play() payable public returns (uint) { - return playSystem(uint(sha3(msg.sender,block.number)), address(0)); - } - - /** - * @dev Play in lottery with random numbers - * @param _partner Affiliate partner - */ - function playRandom(address _partner) payable public returns (uint) { - return playSystem(uint(sha3(msg.sender,block.number)), _partner); - } - - /** - * @dev Play in lottery with own numbers - * @param _partner Affiliate partner - */ - function playSystem(uint _hash, address _partner) payable public returns (uint) { - won(); // check if player did not win - uint24 bethash = uint24(_hash); - require(msg.value <= 1 ether && msg.value < hashBetMax); - if(msg.value > 0){ - if(investStart==0) { // dividends only after investment finished - dividends[dividendPeriod] += msg.value / 20; // 5% dividend - } - if(_partner != address(0)) { - uint fee = msg.value / 100; - walletBalance += fee; - wallets[_partner].balance += uint208(fee); // 1% for affiliates - } - if(hashNext < block.number + 3) { - hashNext = block.number + 3; - hashBetSum = msg.value; - } - else{ - if(hashBetSum > hashBetMax) { - hashNext++; - hashBetSum = msg.value; - } - else{ - hashBetSum += msg.value; - } - } - bets[msg.sender] = Bet({value: uint192(msg.value), betHash: uint32(bethash), blockNum: uint32(hashNext)}); - LogBet(msg.sender,uint(bethash),hashNext,msg.value); - } - putHash(); // players help collecing data - return(hashNext); - } - -/* database functions */ - - /** - * @dev Create hash data swap space - * @param _sadd Number of hashes to add (<=256) - */ - function addHashes(uint _sadd) public returns (uint) { - require(hashFirst == 0 && _sadd > 0 && _sadd <= hashesSize); - uint n = hashes.length; - if(n + _sadd > hashesSize){ - hashes.length = hashesSize; - } - else{ - hashes.length += _sadd; - } - for(;n=hashesSize) { // assume block.number > 10 - hashFirst = block.number - ( block.number % 10); - hashLast = hashFirst; - } - return(hashes.length); - } - - /** - * @dev Create hash data swap space, add 128 hashes - */ - function addHashes128() external returns (uint) { - return(addHashes(128)); - } - - function calcHashes(uint32 _lastb, uint32 _delta) constant private returns (uint) { - // BAD_RANDOMNESS - return( ( uint(block.blockhash(_lastb )) & 0xFFFFFF ) - // BAD_RANDOMNESS - | ( ( uint(block.blockhash(_lastb+1)) & 0xFFFFFF ) << 24 ) - // BAD_RANDOMNESS - | ( ( uint(block.blockhash(_lastb+2)) & 0xFFFFFF ) << 48 ) - // BAD_RANDOMNESS - | ( ( uint(block.blockhash(_lastb+3)) & 0xFFFFFF ) << 72 ) - // BAD_RANDOMNESS - | ( ( uint(block.blockhash(_lastb+4)) & 0xFFFFFF ) << 96 ) - // BAD_RANDOMNESS - | ( ( uint(block.blockhash(_lastb+5)) & 0xFFFFFF ) << 120 ) - // BAD_RANDOMNESS - | ( ( uint(block.blockhash(_lastb+6)) & 0xFFFFFF ) << 144 ) - // BAD_RANDOMNESS - | ( ( uint(block.blockhash(_lastb+7)) & 0xFFFFFF ) << 168 ) - // BAD_RANDOMNESS - | ( ( uint(block.blockhash(_lastb+8)) & 0xFFFFFF ) << 192 ) - // BAD_RANDOMNESS - | ( ( uint(block.blockhash(_lastb+9)) & 0xFFFFFF ) << 216 ) - | ( ( uint(_delta) / hashesSize) << 240)); - } - - function getHash(uint _block) constant private returns (uint32) { - uint delta = (_block - hashFirst) / 10; - uint hash = hashes[delta % hashesSize]; - if(delta / hashesSize != hash >> 240) { - return(0x1000000); // load failed, incorrect data in hashes - } - uint slotp = (_block - hashFirst) % 10; - return(uint32((hash >> (24 * slotp)) & 0xFFFFFF)); - } - - /** - * @dev Fill hash data - */ - function putHash() public returns (bool) { - uint lastb = hashLast; - if(lastb == 0 || block.number <= lastb + 10) { - return(false); - } - uint blockn256; - if(block.number<256) { // useless test for testnet :-( - blockn256 = 0; - } - else{ - blockn256 = block.number - 256; - } - if(lastb < blockn256) { - uint num = blockn256; - num += num % 10; - lastb = num; - } - uint delta = (lastb - hashFirst) / 10; - hashes[delta % hashesSize] = calcHashes(uint32(lastb),uint32(delta)); - hashLast = lastb + 10; - return(true); - } - - /** - * @dev Fill hash data many times - * @param _num Number of iterations - */ - function putHashes(uint _num) external { - uint n=0; - for(;n<_num;n++){ - if(!putHash()){ - return; - } - } - } - -} diff --git a/dataset/front_running/ERC20.sol b/dataset/front_running/ERC20.sol deleted file mode 100644 index 6861897..0000000 --- a/dataset/front_running/ERC20.sol +++ /dev/null @@ -1,129 +0,0 @@ -/* - * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/transaction_order_dependence/ERC20.sol - * @author: - - * @vulnerable_at_lines: 110,113 - */ - -pragma solidity ^0.4.24; - -/** Taken from the OpenZeppelin github - * @title SafeMath - * @dev Math operations with safety checks that revert on error - */ -library SafeMath { - - /** - * @dev Multiplies two numbers, reverts on overflow. - */ - function mul(uint256 a, uint256 b) internal pure returns (uint256) { - // Gas optimization: this is cheaper than requiring 'a' not being zero, but the - // benefit is lost if 'b' is also tested. - // See: https://github.com/OpenZeppelin/openzeppelin-solidity/pull/522 - if (a == 0) { - return 0; - } - - uint256 c = a * b; - require(c / a == b); - - return c; - } - - /** - * @dev Integer division of two numbers truncating the quotient, reverts on division by zero. - */ - function div(uint256 a, uint256 b) internal pure returns (uint256) { - require(b > 0); // Solidity only automatically asserts when dividing by 0 - uint256 c = a / b; - // assert(a == b * c + a % b); // There is no case in which this doesn't hold - - return c; - } - - /** - * @dev Subtracts two numbers, reverts on overflow (i.e. if subtrahend is greater than minuend). - */ - function sub(uint256 a, uint256 b) internal pure returns (uint256) { - require(b <= a); - uint256 c = a - b; - - return c; - } - - /** - * @dev Adds two numbers, reverts on overflow. - */ - function add(uint256 a, uint256 b) internal pure returns (uint256) { - uint256 c = a + b; - require(c >= a); - - return c; - } - - /** - * @dev Divides two numbers and returns the remainder (unsigned integer modulo), - * reverts when dividing by zero. - */ - function mod(uint256 a, uint256 b) internal pure returns (uint256) { - require(b != 0); - return a % b; - } -} - - -contract ERC20 { - - event Transfer( address indexed from, address indexed to, uint256 value ); - event Approval( address indexed owner, address indexed spender, uint256 value); - using SafeMath for *; - - mapping (address => uint256) private _balances; - - mapping (address => mapping (address => uint256)) private _allowed; - - uint256 private _totalSupply; - - constructor(uint totalSupply){ - _balances[msg.sender] = totalSupply; - } - - function balanceOf(address owner) public view returns (uint256) { - return _balances[owner]; - } - - - function allowance(address owner, address spender) public view returns (uint256) - { - return _allowed[owner][spender]; - } - - function transfer(address to, uint256 value) public returns (bool) { - require(value <= _balances[msg.sender]); - require(to != address(0)); - - _balances[msg.sender] = _balances[msg.sender].sub(value); - _balances[to] = _balances[to].add(value); - emit Transfer(msg.sender, to, value); - return true; - } - // FRONT_RUNNING - function approve(address spender, uint256 value) public returns (bool) { - require(spender != address(0)); - // FRONT_RUNNING - _allowed[msg.sender][spender] = value; - emit Approval(msg.sender, spender, value); - return true; - } - - function transferFrom(address from, address to, uint256 value) public returns (bool) { - require(value <= _balances[from]); - require(value <= _allowed[from][msg.sender]); - require(to != address(0)); - - _balances[from] = _balances[from].sub(value); - _balances[to] = _balances[to].add(value); - _allowed[from][msg.sender] = _allowed[from][msg.sender].sub(value); - emit Transfer(from, to, value); - return true; - } -} \ No newline at end of file diff --git a/dataset/front_running/FindThisHash.sol b/dataset/front_running/FindThisHash.sol deleted file mode 100644 index 3eea6f2..0000000 --- a/dataset/front_running/FindThisHash.sol +++ /dev/null @@ -1,20 +0,0 @@ -/* - * @source: https://github.com/sigp/solidity-security-blog - * @author: - - * @vulnerable_at_lines: 17 - */ - -pragma solidity ^0.4.22; - -contract FindThisHash { - bytes32 constant public hash = 0xb5b5b97fafd9855eec9b41f74dfb6c38f5951141f9a3ecd7f44d5479b630ee0a; - - constructor() public payable {} // load with ether - - function solve(string solution) public { - // If you can find the pre image of the hash, receive 1000 ether - // FRONT_RUNNING - require(hash == sha3(solution)); - msg.sender.transfer(1000 ether); - } -} diff --git a/dataset/front_running/README.md b/dataset/front_running/README.md deleted file mode 100755 index 4b42a84..0000000 --- a/dataset/front_running/README.md +++ /dev/null @@ -1,14 +0,0 @@ -# Front Running -Also known as time-of-check vs time-of-use (TOCTOU), race condition, transaction ordering dependence (TOD). - -Since miners always get rewarded via gas fees for running code on behalf of externally owned addresses (EOA), users can specify higher fees to have their transactions mined more quickly. Since the Ethereum blockchain is public, everyone can see the contents of others' pending transactions. This means if a given user is revealing the solution to a puzzle or other valuable secret, a malicious user can steal the solution and copy their transaction with higher fees to preempt the original solution. If developers of smart contracts are not careful, this situation can lead to practical and devastating front-running attacks. - -## Attack Scenario -A smart contract publishes an RSA number (N = prime1 x prime2). -A call to its submitSolution() public function with the right prime1 and prime2 rewards the caller. -Alice successfuly factors the RSA number and submits a solution. -Someone on the network sees Alice's transaction (containing the solution) waiting to be mined and submits it with a higher gas price. -The second transaction gets picked up first by miners due to the higher paid fee. The attacker wins the prize. - -## References -Taken from [DASP TOP10](https://dasp.co/) \ No newline at end of file diff --git a/dataset/front_running/eth_tx_order_dependence_minimal.sol b/dataset/front_running/eth_tx_order_dependence_minimal.sol deleted file mode 100644 index d64ab7c..0000000 --- a/dataset/front_running/eth_tx_order_dependence_minimal.sol +++ /dev/null @@ -1,34 +0,0 @@ -/* - * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite - * @author: Suhabe Bugrara - * @vulnerable_at_lines: 23,31 - */ - -pragma solidity ^0.4.16; - -contract EthTxOrderDependenceMinimal { - address public owner; - bool public claimed; - uint public reward; - - function EthTxOrderDependenceMinimal() public { - owner = msg.sender; - } - - function setReward() public payable { - require (!claimed); - - require(msg.sender == owner); - // FRONT_RUNNING - owner.transfer(reward); - reward = msg.value; - } - - function claimReward(uint256 submission) { - require (!claimed); - require(submission < 10); - // FRONT_RUNNING - msg.sender.transfer(reward); - claimed = true; - } -} diff --git a/dataset/front_running/odds_and_evens.sol b/dataset/front_running/odds_and_evens.sol deleted file mode 100644 index ebee1b9..0000000 --- a/dataset/front_running/odds_and_evens.sol +++ /dev/null @@ -1,53 +0,0 @@ -/* - * @source: http://blockchain.unica.it/projects/ethereum-survey/attacks.html#oddsandevens - * @author: - - * @vulnerable_at_lines: 25,28 - */ - -pragma solidity ^0.4.2; - -contract OddsAndEvens{ - - struct Player { - address addr; - uint number; - } - - Player[2] public players; //public only for debug purpose - - uint8 tot; - address owner; - - function OddsAndEvens() { - owner = msg.sender; - } -// FRONT_RUNNING - function play(uint number) payable{ - if (msg.value != 1 ether) throw; - // FRONT_RUNNING - players[tot] = Player(msg.sender, number); - tot++; - - if (tot==2) andTheWinnerIs(); - } - - function andTheWinnerIs() private { - bool res ; - uint n = players[0].number+players[1].number; - if (n%2==0) { - res = players[0].addr.send(1800 finney); - } - else { - res = players[1].addr.send(1800 finney); - } - - delete players; - tot=0; - } - - function getProfit() { - if(msg.sender!=owner) throw; - bool res = msg.sender.send(this.balance); - } - -} diff --git a/dataset/short_addresses/README.md b/dataset/short_addresses/README.md deleted file mode 100755 index d5d9b73..0000000 --- a/dataset/short_addresses/README.md +++ /dev/null @@ -1,15 +0,0 @@ -# Short Addresses -Also known as or related to off-chain issues, client vulnerabilities. - -Short address attacks are a side-effect of the EVM itself accepting incorrectly padded arguments. Attackers can exploit this by using specially-crafted addresses to make poorly coded clients encode arguments incorrectly before including them in transactions. Is this an EVM issue or a client issue? Should it be fixed in smart contracts instead? While everyone has a different opinion, the fact is that a great deal of ether could be directly impacted by this issue. While this vulnerability has yet to be exploited in the wild, it is a good demonstration of problems arising from the interaction between clients and the Ethereum blockchain. Other off-chain issues exist: an important one is the Ethereum ecosystem's deep trust in specific Javascript front ends, browser plugins and public nodes. An infamous off-chain exploit was used in the hack of the Coindash ICO that modified the company's Ethereum address on their webpage to trick participants into sending ethers to the attacker's address. - -## Attack Scenario -An exchange API has a trading function that takes a recipient address and an amount. -The API then interacts with the smart contract transfer(address _to, uint256 _amount) function with padded arguments: it prepends the address (of an expected 20-byte length) with 12 zero bytes to make it 32-byte long -Bob (0x3bdde1e9fbaef2579dd63e2abbf0be445ab93f00) asks Alice to transfer him 20 tokens. He maliciously gives her his address truncated to remove the trailing zeroes. -Alice uses the exchange API with the shorter 19-byte address of Bob (0x3bdde1e9fbaef2579dd63e2abbf0be445ab93f). -The API pads the address with 12 zero bytes, making it 31 bytes instead of the 32 bytes. Effectively stealing one byte from the following _amount argument. -Eventually, the EVM executing the smart contract's code will remark that the data is not properly padded and will add the missing byte at the end of the _amount argument. Effectively transfering 256 times more tokens than thought. - -## References -Taken from [DASP TOP10](https://dasp.co/) \ No newline at end of file diff --git a/dataset/short_addresses/short_address_example.sol b/dataset/short_addresses/short_address_example.sol deleted file mode 100644 index effaf93..0000000 --- a/dataset/short_addresses/short_address_example.sol +++ /dev/null @@ -1,29 +0,0 @@ -/* - * @source: https://ericrafaloff.com/analyzing-the-erc20-short-address-attack/ - * @author: - - * @vulnerable_at_lines: 18 - */ - - pragma solidity ^0.4.11; - - contract MyToken { - mapping (address => uint) balances; - - event Transfer(address indexed _from, address indexed _to, uint256 _value); - - function MyToken() { - balances[tx.origin] = 10000; - } - // SHORT_ADDRESSES - function sendCoin(address to, uint amount) returns(bool sufficient) { - if (balances[msg.sender] < amount) return false; - balances[msg.sender] -= amount; - balances[to] += amount; - Transfer(msg.sender, to, amount); - return true; - } - - function getBalance(address addr) constant returns(uint) { - return balances[addr]; - } - } diff --git a/dataset/time_manipulation/README.md b/dataset/time_manipulation/README.md deleted file mode 100755 index b5382b8..0000000 --- a/dataset/time_manipulation/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# Time Manipulation -Also known as timestamp dependence. - -From locking a token sale to unlocking funds at a specific time for a game, contracts sometimes need to rely on the current time. This is usually done via block.timestamp or its alias now in Solidity. But where does that value come from? From the miners! Because a transaction's miner has leeway in reporting the time at which the mining occurred, good smart contracts will avoid relying strongly on the time advertised. Note that block.timestamp is also sometimes (mis)used in the generation of random numbers as is discussed in #6. Bad Randomness. - -## Attack Scenario -A game pays out the very first player at midnight today. -A malicious miner includes his or her attempt to win the game and sets the timestamp to midnight. -A bit before midnight the miner ends up mining the block. The real current time is "close enough" to midnight (the currently set timestamp for the block), other nodes on the network decide to accept the block. - -## Examples -The following function only accepts calls that come after a specific date. Since miners can influence their block's timestamp (to a certain extent), they can attempt to mine a block containing their transaction with a block timestamp set in the future. If it is close enough, it will be accepted on the network and the transaction will give the miner ether before any other player could have attempted to win the game: -``` -function play() public { - require(now > 1521763200 && neverPlayed == true); - neverPlayed = false; - msg.sender.transfer(1500 ether); -} -``` - -## References -Taken from [DASP TOP10](https://dasp.co/) \ No newline at end of file diff --git a/dataset/time_manipulation/ether_lotto.sol b/dataset/time_manipulation/ether_lotto.sol deleted file mode 100644 index 4dfe6ee..0000000 --- a/dataset/time_manipulation/ether_lotto.sol +++ /dev/null @@ -1,59 +0,0 @@ -/* - * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620 - * @source: https://etherscan.io/address/0xa11e4ed59dc94e69612f3111942626ed513cb172#code - * @vulnerable_at_lines: 43 - * @author: - - */ - - pragma solidity ^0.4.15; - -/// @title Ethereum Lottery Game. - -contract EtherLotto { - - // Amount of ether needed for participating in the lottery. - uint constant TICKET_AMOUNT = 10; - - // Fixed amount fee for each lottery game. - uint constant FEE_AMOUNT = 1; - - // Address where fee is sent. - address public bank; - - // Public jackpot that each participant can win (minus fee). - uint public pot; - - // Lottery constructor sets bank account from the smart-contract owner. - function EtherLotto() { - bank = msg.sender; - } - - // Public function for playing lottery. Each time this function - // is invoked, the sender has an oportunity for winning pot. - function play() payable { - - // Participants must spend some fixed ether before playing lottery. - assert(msg.value == TICKET_AMOUNT); - - // Increase pot for each participant. - pot += msg.value; - - // Compute some *almost random* value for selecting winner from current transaction. - // TIME_MANIPULATION - var random = uint(sha3(block.timestamp)) % 2; - - // Distribution: 50% of participants will be winners. - if (random == 0) { - - // Send fee to bank account. - bank.transfer(FEE_AMOUNT); - - // Send jackpot to winner. - msg.sender.transfer(pot - FEE_AMOUNT); - - // Restart jackpot. - pot = 0; - } - } - -} diff --git a/dataset/time_manipulation/governmental_survey.sol b/dataset/time_manipulation/governmental_survey.sol deleted file mode 100644 index ec7981a..0000000 --- a/dataset/time_manipulation/governmental_survey.sol +++ /dev/null @@ -1,53 +0,0 @@ -/* - * @source: http://blockchain.unica.it/projects/ethereum-survey/attacks.html#governmental - * @author: - - * @vulnerable_at_lines: 27 - */ - -//added pragma version -pragma solidity ^0.4.0; - -contract Governmental { - address public owner; - address public lastInvestor; - uint public jackpot = 1 ether; - uint public lastInvestmentTimestamp; - uint public ONE_MINUTE = 1 minutes; - - function Governmental() { - owner = msg.sender; - if (msg.value<1 ether) throw; - } - - function invest() { - if (msg.value TIME_MANIPULATION - lastInvestmentTimestamp = block.timestamp; - } - - function resetInvestment() { - if (block.timestamp < lastInvestmentTimestamp+ONE_MINUTE) - throw; - - lastInvestor.send(jackpot); - owner.send(this.balance-1 ether); - - lastInvestor = 0; - jackpot = 1 ether; - lastInvestmentTimestamp = 0; - } -} - -contract Attacker { - - function attack(address target, uint count) { - if (0<=count && count<1023) { - this.attack.gas(msg.gas-2000)(target, count+1); - } - else { - Governmental(target).resetInvestment(); - } - } -} diff --git a/dataset/time_manipulation/lottopollo.sol b/dataset/time_manipulation/lottopollo.sol deleted file mode 100644 index 7868d74..0000000 --- a/dataset/time_manipulation/lottopollo.sol +++ /dev/null @@ -1,33 +0,0 @@ -/* - * @source: https://github.com/seresistvanandras/EthBench/blob/master/Benchmark/Simple/timestampdependent.sol - * @author: - - * @vulnerable_at_lines: 13,27 - */ - -pragma solidity ^0.4.0; -contract lottopollo { - address leader; - uint timestamp; - function payOut(uint rand) internal { - // TIME MANIPULATION - if ( rand> 0 && now - rand > 24 hours ) { - msg.sender.send( msg.value ); - - if ( this.balance > 0 ) { - leader.send( this.balance ); - } - } - else if ( msg.value >= 1 ether ) { - leader = msg.sender; - timestamp = rand; - } - } - function randomGen() constant returns (uint randomNumber) { - // TIME MANIPULATION - return block.timestamp; - } - function draw(uint seed){ - uint randomNumber=randomGen(); - payOut(randomNumber); - } -} \ No newline at end of file diff --git a/dataset/time_manipulation/roulette.sol b/dataset/time_manipulation/roulette.sol deleted file mode 100644 index dc6c91d..0000000 --- a/dataset/time_manipulation/roulette.sol +++ /dev/null @@ -1,25 +0,0 @@ -/* - * @source: https://github.com/sigp/solidity-security-blog - * @author: - - * @vulnerable_at_lines: 18,20 - */ - -pragma solidity ^0.4.25; - -contract Roulette { - uint public pastBlockTime; // Forces one bet per block - - constructor() public payable {} // initially fund contract - - // fallback function used to make a bet - function () public payable { - require(msg.value == 10 ether); // must send 10 ether to play - // TIME_MANIPULATION - require(now != pastBlockTime); // only 1 transaction per block - // TIME_MANIPULATION - pastBlockTime = now; - if(now % 15 == 0) { // winner - msg.sender.transfer(this.balance); - } - } -} diff --git a/dataset/time_manipulation/timed_crowdsale.sol b/dataset/time_manipulation/timed_crowdsale.sol deleted file mode 100644 index 73ab703..0000000 --- a/dataset/time_manipulation/timed_crowdsale.sol +++ /dev/null @@ -1,15 +0,0 @@ -/* - * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/timestamp_dependence/timed_crowdsale.sol - * @author: - - * @vulnerable_at_lines: 13 - */ - -pragma solidity ^0.4.25; - -contract TimedCrowdsale { - // Sale should finish exactly at January 1, 2019 - function isSaleFinished() view public returns (bool) { - // TIME_MANIPULATION - return block.timestamp >= 1546300800; - } -} diff --git a/scripts/get_vulns_lines.js b/scripts/get_vulns_lines.js deleted file mode 100644 index eea88a1..0000000 --- a/scripts/get_vulns_lines.js +++ /dev/null @@ -1,92 +0,0 @@ -#!/usr/bin/env node - -(async () => { - const fs = require('fs') - - const getSolidityFiles = (dir, filelist) => { - files = fs.readdirSync(dir) - filelist = filelist || [] - files.forEach(function(file) { - file_type = file.split(".").pop() - if (fs.statSync(dir + '/' + file).isDirectory()) { - filelist = getSolidityFiles(dir + '/' + file, filelist) - } - else if (file_type == "sol") { - const contract_dir = dir + '/' + file - const vuln_cat = dir.split("/").pop() - const params = { - name: file, - path: contract_dir, - cat: vuln_cat - } - filelist.push(params) - } - }) - return filelist - } - - const getResults = () => { - const results = [] - const contracts = getSolidityFiles('dataset') - contracts.forEach(contract => { - let vulnerabilities = [] - let result = { - name: contract.name, - path: contract.path, - source: '', - vulnerabilities: vulnerabilities - } - const contract_lines = fs.readFileSync(contract.path).toString().split("\n") - contract_lines.forEach(line => { - let contract_source, vuln_at_lines - - //get source - if (line.includes('@source:')) { - contract_source = line.split("@source:").pop() - result.source = contract_source.trim() - return - } - //get vuln lines - if (line.includes('@vulnerable_at_lines')) { - vuln_at_lines = line.split("@vulnerable_at_lines: ").pop() - const lines = vuln_at_lines.split(",") - - for (let index = 0; index < lines.length; index++){ - let vuln - let vuln_flow = [] - if((parseInt(lines[index]) + 1) === parseInt(lines[index + 1])){ - while((parseInt(lines[index]) + 1) === parseInt(lines[index + 1])){ - vuln_flow.push(parseInt(lines[index])) - index+=1 - } - vuln_flow.push(parseInt(lines[index])) - vuln = { - lines: vuln_flow, - category: contract.cat - } - } - - else{ - vuln_flow.push(parseInt(lines[index])) - vuln = { - lines: vuln_flow, - category: contract.cat - } - } - vulnerabilities.push(vuln) - } - - return - } - - }) - - results.push(result) - }) - return results - } - - const result = getResults() - fs.writeFileSync('vulnerabilities.json', JSON.stringify(result)) - process.exit() - })() diff --git a/vulnerabilities.json b/vulnerabilities.json deleted file mode 100644 index 4bffe41..0000000 --- a/vulnerabilities.json +++ /dev/null @@ -1,2260 +0,0 @@ -[ - { - "name": "FibonacciBalance.sol", - "path": "dataset/access_control/FibonacciBalance.sol", - "source": "https://github.com/sigp/solidity-security-blog", - "vulnerabilities": [ - { - "lines": [ - 31 - ], - "category": "access_control" - }, - { - "lines": [ - 38 - ], - "category": "access_control" - } - ] - }, - { - "name": "arbitrary_location_write_simple.sol", - "path": "dataset/access_control/arbitrary_location_write_simple.sol", - "source": "https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-124#arbitrary-location-write-simplesol", - "vulnerabilities": [ - { - "lines": [ - 27 - ], - "category": "access_control" - } - ] - }, - { - "name": "incorrect_constructor_name1.sol", - "path": "dataset/access_control/incorrect_constructor_name1.sol", - "source": "https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol", - "vulnerabilities": [ - { - "lines": [ - 20 - ], - "category": "access_control" - } - ] - }, - { - "name": "incorrect_constructor_name2.sol", - "path": "dataset/access_control/incorrect_constructor_name2.sol", - "source": "https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-118#incorrect-constructor-name1sol", - "vulnerabilities": [ - { - "lines": [ - 18 - ], - "category": "access_control" - } - ] - }, - { - "name": "incorrect_constructor_name3.sol", - "path": "dataset/access_control/incorrect_constructor_name3.sol", - "source": "https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-118#incorrect-constructor-name2sol", - "vulnerabilities": [ - { - "lines": [ - 17 - ], - "category": "access_control" - } - ] - }, - { - "name": "mapping_write.sol", - "path": "dataset/access_control/mapping_write.sol", - "source": "https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-124#mapping-writesol", - "vulnerabilities": [ - { - "lines": [ - 20 - ], - "category": "access_control" - } - ] - }, - { - "name": "multiowned_vulnerable.sol", - "path": "dataset/access_control/multiowned_vulnerable.sol", - "source": "https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/solidity/unprotected_critical_functions/multiowned_vulnerable/multiowned_vulnerable.sol", - "vulnerabilities": [ - { - "lines": [ - 38 - ], - "category": "access_control" - } - ] - }, - { - "name": "mycontract.sol", - "path": "dataset/access_control/mycontract.sol", - "source": "https://consensys.github.io/smart-contract-best-practices/recommendations/#avoid-using-txorigin", - "vulnerabilities": [ - { - "lines": [ - 20 - ], - "category": "access_control" - } - ] - }, - { - "name": "parity_wallet_bug_1.sol", - "path": "dataset/access_control/parity_wallet_bug_1.sol", - "source": "https://github.com/paritytech/parity-ethereum/blob/4d08e7b0aec46443bf26547b17d10cb302672835/js/src/contracts/snippets/enhanced-wallet.sol#L216", - "vulnerabilities": [ - { - "lines": [ - 223 - ], - "category": "access_control" - }, - { - "lines": [ - 437 - ], - "category": "access_control" - } - ] - }, - { - "name": "parity_wallet_bug_2.sol", - "path": "dataset/access_control/parity_wallet_bug_2.sol", - "source": "https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-106#walletlibrarysol", - "vulnerabilities": [ - { - "lines": [ - 226 - ], - "category": "access_control" - }, - { - "lines": [ - 233 - ], - "category": "access_control" - } - ] - }, - { - "name": "phishable.sol", - "path": "dataset/access_control/phishable.sol", - "source": "https://github.com/sigp/solidity-security-blog", - "vulnerabilities": [ - { - "lines": [ - 20 - ], - "category": "access_control" - } - ] - }, - { - "name": "proxy.sol", - "path": "dataset/access_control/proxy.sol", - "source": "https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-112#proxysol", - "vulnerabilities": [ - { - "lines": [ - 19 - ], - "category": "access_control" - } - ] - }, - { - "name": "rubixi.sol", - "path": "dataset/access_control/rubixi.sol", - "source": "https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/Rubixi_source_code/Rubixi.sol", - "vulnerabilities": [ - { - "lines": [ - 23, - 24 - ], - "category": "access_control" - } - ] - }, - { - "name": "simple_suicide.sol", - "path": "dataset/access_control/simple_suicide.sol", - "source": "https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/unprotected_critical_functions/simple_suicide.sol", - "vulnerabilities": [ - { - "lines": [ - 12, - 13 - ], - "category": "access_control" - } - ] - }, - { - "name": "unprotected0.sol", - "path": "dataset/access_control/unprotected0.sol", - "source": "https://github.com/trailofbits/not-so-smart-contracts/blob/master/unprotected_function/Unprotected.sol", - "vulnerabilities": [ - { - "lines": [ - 25 - ], - "category": "access_control" - } - ] - }, - { - "name": "wallet_02_refund_nosub.sol", - "path": "dataset/access_control/wallet_02_refund_nosub.sol", - "source": "https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-105#wallet-02-refund-nosubsol", - "vulnerabilities": [ - { - "lines": [ - 36 - ], - "category": "access_control" - } - ] - }, - { - "name": "wallet_03_wrong_constructor.sol", - "path": "dataset/access_control/wallet_03_wrong_constructor.sol", - "source": "https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-105#wallet-03-wrong-constructorsol", - "vulnerabilities": [ - { - "lines": [ - 19, - 20 - ], - "category": "access_control" - } - ] - }, - { - "name": "wallet_04_confused_sign.sol", - "path": "dataset/access_control/wallet_04_confused_sign.sol", - "source": "https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-105#wallet-04-confused-signsol", - "vulnerabilities": [ - { - "lines": [ - 30 - ], - "category": "access_control" - } - ] - }, - { - "name": "BECToken.sol", - "path": "dataset/arithmetic/BECToken.sol", - "source": "https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-101#bectokensol", - "vulnerabilities": [ - { - "lines": [ - 264 - ], - "category": "arithmetic" - } - ] - }, - { - "name": "insecure_transfer.sol", - "path": "dataset/arithmetic/insecure_transfer.sol", - "source": "https://consensys.github.io/smart-contract-best-practices/known_attacks/#front-running-aka-transaction-ordering-dependence", - "vulnerabilities": [ - { - "lines": [ - 18 - ], - "category": "arithmetic" - } - ] - }, - { - "name": "integer_overflow_1.sol", - "path": "dataset/arithmetic/integer_overflow_1.sol", - "source": "https://github.com/trailofbits/not-so-smart-contracts/blob/master/integer_overflow/integer_overflow_1.sol", - "vulnerabilities": [ - { - "lines": [ - 14 - ], - "category": "arithmetic" - } - ] - }, - { - "name": "integer_overflow_add.sol", - "path": "dataset/arithmetic/integer_overflow_add.sol", - "source": "https://github.com/ConsenSys/evm-analyzer-benchmark-suite/blob/master/benchmarks/integer_overflow_add.sol", - "vulnerabilities": [ - { - "lines": [ - 17 - ], - "category": "arithmetic" - } - ] - }, - { - "name": "integer_overflow_benign_1.sol", - "path": "dataset/arithmetic/integer_overflow_benign_1.sol", - "source": "https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/integer_overflow_and_underflow/integer_overflow_benign_1.sol", - "vulnerabilities": [ - { - "lines": [ - 17 - ], - "category": "arithmetic" - } - ] - }, - { - "name": "integer_overflow_mapping_sym_1.sol", - "path": "dataset/arithmetic/integer_overflow_mapping_sym_1.sol", - "source": "https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/integer_overflow_and_underflow/integer_overflow_mapping_sym_1.sol", - "vulnerabilities": [ - { - "lines": [ - 16 - ], - "category": "arithmetic" - } - ] - }, - { - "name": "integer_overflow_minimal.sol", - "path": "dataset/arithmetic/integer_overflow_minimal.sol", - "source": "https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/integer_overflow_and_underflow/integer_overflow_minimal.sol", - "vulnerabilities": [ - { - "lines": [ - 17 - ], - "category": "arithmetic" - } - ] - }, - { - "name": "integer_overflow_mul.sol", - "path": "dataset/arithmetic/integer_overflow_mul.sol", - "source": "https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/integer_overflow_and_underflow/integer_overflow_mul.sol", - "vulnerabilities": [ - { - "lines": [ - 17 - ], - "category": "arithmetic" - } - ] - }, - { - "name": "integer_overflow_multitx_multifunc_feasible.sol", - "path": "dataset/arithmetic/integer_overflow_multitx_multifunc_feasible.sol", - "source": "https://github.com/ConsenSys/evm-analyzer-benchmark-suite", - "vulnerabilities": [ - { - "lines": [ - 25 - ], - "category": "arithmetic" - } - ] - }, - { - "name": "integer_overflow_multitx_onefunc_feasible.sol", - "path": "dataset/arithmetic/integer_overflow_multitx_onefunc_feasible.sol", - "source": "https://github.com/ConsenSys/evm-analyzer-benchmark-suite", - "vulnerabilities": [ - { - "lines": [ - 22 - ], - "category": "arithmetic" - } - ] - }, - { - "name": "overflow_simple_add.sol", - "path": "dataset/arithmetic/overflow_simple_add.sol", - "source": "https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-101#overflow-simple-addsol", - "vulnerabilities": [ - { - "lines": [ - 14 - ], - "category": "arithmetic" - } - ] - }, - { - "name": "overflow_single_tx.sol", - "path": "dataset/arithmetic/overflow_single_tx.sol", - "source": "https://github.com/ConsenSys/evm-analyzer-benchmark-suite", - "vulnerabilities": [ - { - "lines": [ - 18 - ], - "category": "arithmetic" - }, - { - "lines": [ - 24 - ], - "category": "arithmetic" - }, - { - "lines": [ - 30 - ], - "category": "arithmetic" - }, - { - "lines": [ - 36 - ], - "category": "arithmetic" - }, - { - "lines": [ - 42 - ], - "category": "arithmetic" - }, - { - "lines": [ - 48 - ], - "category": "arithmetic" - } - ] - }, - { - "name": "timelock.sol", - "path": "dataset/arithmetic/timelock.sol", - "source": "https://github.com/sigp/solidity-security-blog", - "vulnerabilities": [ - { - "lines": [ - 22 - ], - "category": "arithmetic" - } - ] - }, - { - "name": "token.sol", - "path": "dataset/arithmetic/token.sol", - "source": "https://github.com/sigp/solidity-security-blog", - "vulnerabilities": [ - { - "lines": [ - 20 - ], - "category": "arithmetic" - }, - { - "lines": [ - 22 - ], - "category": "arithmetic" - } - ] - }, - { - "name": "tokensalechallenge.sol", - "path": "dataset/arithmetic/tokensalechallenge.sol", - "source": "https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-101 // https://capturetheether.com/challenges/math/token-sale/", - "vulnerabilities": [ - { - "lines": [ - 23 - ], - "category": "arithmetic" - }, - { - "lines": [ - 25 - ], - "category": "arithmetic" - }, - { - "lines": [ - 33 - ], - "category": "arithmetic" - } - ] - }, - { - "name": "blackjack.sol", - "path": "dataset/bad_randomness/blackjack.sol", - "source": "https://etherscan.io/address/0xa65d59708838581520511d98fb8b5d1f76a96cad#code", - "vulnerabilities": [ - { - "lines": [ - 17 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 19 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 21 - ], - "category": "bad_randomness" - } - ] - }, - { - "name": "etheraffle.sol", - "path": "dataset/bad_randomness/etheraffle.sol", - "source": "https://etherscan.io/address/0xcC88937F325d1C6B97da0AFDbb4cA542EFA70870#code", - "vulnerabilities": [ - { - "lines": [ - 49 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 99 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 101 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 103 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 114 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 158 - ], - "category": "bad_randomness" - } - ] - }, - { - "name": "guess_the_random_number.sol", - "path": "dataset/bad_randomness/guess_the_random_number.sol", - "source": "https://capturetheether.com/challenges/lotteries/guess-the-random-number/", - "vulnerabilities": [ - { - "lines": [ - 15 - ], - "category": "bad_randomness" - } - ] - }, - { - "name": "lottery.sol", - "path": "dataset/bad_randomness/lottery.sol", - "source": "https://etherscan.io/address/0x80ddae5251047d6ceb29765f38fed1c0013004b7#code", - "vulnerabilities": [ - { - "lines": [ - 38 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 42 - ], - "category": "bad_randomness" - } - ] - }, - { - "name": "lucky_doubler.sol", - "path": "dataset/bad_randomness/lucky_doubler.sol", - "source": "https://etherscan.io/address/0xF767fCA8e65d03fE16D4e38810f5E5376c3372A8#code", - "vulnerabilities": [ - { - "lines": [ - 127, - 128, - 129, - 130 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 132 - ], - "category": "bad_randomness" - } - ] - }, - { - "name": "old_blockhash.sol", - "path": "dataset/bad_randomness/old_blockhash.sol", - "source": "https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/weak_randomness/old_blockhash.sol", - "vulnerabilities": [ - { - "lines": [ - 35 - ], - "category": "bad_randomness" - } - ] - }, - { - "name": "random_number_generator.sol", - "path": "dataset/bad_randomness/random_number_generator.sol", - "source": "https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/weak_randomness/random_number_generator.sol", - "vulnerabilities": [ - { - "lines": [ - 12 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 18 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 20 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 22 - ], - "category": "bad_randomness" - } - ] - }, - { - "name": "smart_billions.sol", - "path": "dataset/bad_randomness/smart_billions.sol", - "source": "https://etherscan.io/address/0x5ace17f87c7391e5792a7683069a8025b83bbd85#code", - "vulnerabilities": [ - { - "lines": [ - 523 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 560 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 700 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 702 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 704 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 706 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 708 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 710 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 712 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 714 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 716 - ], - "category": "bad_randomness" - }, - { - "lines": [ - 718 - ], - "category": "bad_randomness" - } - ] - }, - { - "name": "auction.sol", - "path": "dataset/denial_of_service/auction.sol", - "source": "https://github.com/trailofbits/not-so-smart-contracts/blob/master/denial_of_service/auction.sol", - "vulnerabilities": [ - { - "lines": [ - 23 - ], - "category": "denial_of_service" - } - ] - }, - { - "name": "dos_address.sol", - "path": "dataset/denial_of_service/dos_address.sol", - "source": "https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/dos_gas_limit/dos_address.sol", - "vulnerabilities": [ - { - "lines": [ - 16, - 17, - 18 - ], - "category": "denial_of_service" - } - ] - }, - { - "name": "dos_number.sol", - "path": "dataset/denial_of_service/dos_number.sol", - "source": "https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/dos_gas_limit/dos_number.sol", - "vulnerabilities": [ - { - "lines": [ - 18, - 19, - 20, - 21, - 22 - ], - "category": "denial_of_service" - } - ] - }, - { - "name": "dos_simple.sol", - "path": "dataset/denial_of_service/dos_simple.sol", - "source": "https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/dos_gas_limit/dos_simple.sol", - "vulnerabilities": [ - { - "lines": [ - 17, - 18 - ], - "category": "denial_of_service" - } - ] - }, - { - "name": "list_dos.sol", - "path": "dataset/denial_of_service/list_dos.sol", - "source": "https://etherscan.io/address/0xf45717552f12ef7cb65e95476f217ea008167ae3#code", - "vulnerabilities": [ - { - "lines": [ - 46 - ], - "category": "denial_of_service" - }, - { - "lines": [ - 48 - ], - "category": "denial_of_service" - } - ] - }, - { - "name": "send_loop.sol", - "path": "dataset/denial_of_service/send_loop.sol", - "source": "https://consensys.github.io/smart-contract-best-practices/known_attacks/#dos-with-unexpected-revert", - "vulnerabilities": [ - { - "lines": [ - 24 - ], - "category": "denial_of_service" - } - ] - }, - { - "name": "ERC20.sol", - "path": "dataset/front_running/ERC20.sol", - "source": "https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/transaction_order_dependence/ERC20.sol", - "vulnerabilities": [ - { - "lines": [ - 110 - ], - "category": "front_running" - }, - { - "lines": [ - 113 - ], - "category": "front_running" - } - ] - }, - { - "name": "FindThisHash.sol", - "path": "dataset/front_running/FindThisHash.sol", - "source": "https://github.com/sigp/solidity-security-blog", - "vulnerabilities": [ - { - "lines": [ - 17 - ], - "category": "front_running" - } - ] - }, - { - "name": "eth_tx_order_dependence_minimal.sol", - "path": "dataset/front_running/eth_tx_order_dependence_minimal.sol", - "source": "https://github.com/ConsenSys/evm-analyzer-benchmark-suite", - "vulnerabilities": [ - { - "lines": [ - 23 - ], - "category": "front_running" - }, - { - "lines": [ - 31 - ], - "category": "front_running" - } - ] - }, - { - "name": "odds_and_evens.sol", - "path": "dataset/front_running/odds_and_evens.sol", - "source": "http://blockchain.unica.it/projects/ethereum-survey/attacks.html#oddsandevens", - "vulnerabilities": [ - { - "lines": [ - 25 - ], - "category": "front_running" - }, - { - "lines": [ - 28 - ], - "category": "front_running" - } - ] - }, - { - "name": "crypto_roulette.sol", - "path": "dataset/other/crypto_roulette.sol", - "source": "https://github.com/thec00n/smart-contract-honeypots/blob/master/CryptoRoulette.sol", - "vulnerabilities": [ - { - "lines": [ - 40, - 41, - 42 - ], - "category": "other" - } - ] - }, - { - "name": "name_registrar.sol", - "path": "dataset/other/name_registrar.sol", - "source": "https://github.com/sigp/solidity-security-blog#storage-example", - "vulnerabilities": [ - { - "lines": [ - 21 - ], - "category": "other" - } - ] - }, - { - "name": "open_address_lottery.sol", - "path": "dataset/other/open_address_lottery.sol", - "source": "https://etherscan.io/address/0x741f1923974464efd0aa70e77800ba5d9ed18902#code", - "vulnerabilities": [ - { - "lines": [ - 91 - ], - "category": "other" - } - ] - }, - { - "name": "0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f.sol", - "path": "dataset/reentrancy/0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 54 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4.sol", - "path": "dataset/reentrancy/0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 38 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1.sol", - "path": "dataset/reentrancy/0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 55 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0x4e73b32ed6c35f570686b89848e5f39f20ecc106.sol", - "path": "dataset/reentrancy/0x4e73b32ed6c35f570686b89848e5f39f20ecc106.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 54 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0x561eac93c92360949ab1f1403323e6db345cbf31.sol", - "path": "dataset/reentrancy/0x561eac93c92360949ab1f1403323e6db345cbf31.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 54 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.sol", - "path": "dataset/reentrancy/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 94 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0x7541b76cb60f4c60af330c208b0623b7f54bf615.sol", - "path": "dataset/reentrancy/0x7541b76cb60f4c60af330c208b0623b7f54bf615.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 29 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0x7a8721a9d64c74da899424c1b52acbf58ddc9782.sol", - "path": "dataset/reentrancy/0x7a8721a9d64c74da899424c1b52acbf58ddc9782.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 52 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3.sol", - "path": "dataset/reentrancy/0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 29 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0x8c7777c45481dba411450c228cb692ac3d550344.sol", - "path": "dataset/reentrancy/0x8c7777c45481dba411450c228cb692ac3d550344.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 41 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0x93c32845fae42c83a70e5f06214c8433665c2ab5.sol", - "path": "dataset/reentrancy/0x93c32845fae42c83a70e5f06214c8433665c2ab5.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 29 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0x941d225236464a25eb18076df7da6a91d0f95e9e.sol", - "path": "dataset/reentrancy/0x941d225236464a25eb18076df7da6a91d0f95e9e.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 44 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b.sol", - "path": "dataset/reentrancy/0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 63 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8.sol", - "path": "dataset/reentrancy/0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 54 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12.sol", - "path": "dataset/reentrancy/0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 40 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e.sol", - "path": "dataset/reentrancy/0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 38 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f.sol", - "path": "dataset/reentrancy/0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 41 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888.sol", - "path": "dataset/reentrancy/0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 63 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0xcead721ef5b11f1a7b530171aab69b16c5e66b6e.sol", - "path": "dataset/reentrancy/0xcead721ef5b11f1a7b530171aab69b16c5e66b6e.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 29 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "0xf015c35649c82f5467c9c74b7f28ee67665aad68.sol", - "path": "dataset/reentrancy/0xf015c35649c82f5467c9c74b7f28ee67665aad68.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 29 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "etherbank.sol", - "path": "dataset/reentrancy/etherbank.sol", - "source": "https://github.com/seresistvanandras/EthBench/blob/master/Benchmark/Simple/reentrant.sol", - "vulnerabilities": [ - { - "lines": [ - 21 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "etherstore.sol", - "path": "dataset/reentrancy/etherstore.sol", - "source": "https://github.com/sigp/solidity-security-blog", - "vulnerabilities": [ - { - "lines": [ - 27 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "modifier_reentrancy.sol", - "path": "dataset/reentrancy/modifier_reentrancy.sol", - "source": "https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/reentracy/modifier_reentrancy.sol", - "vulnerabilities": [ - { - "lines": [ - 15 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "reentrance.sol", - "path": "dataset/reentrancy/reentrance.sol", - "source": "https://ethernaut.zeppelin.solutions/level/0xf70706db003e94cfe4b5e27ffd891d5c81b39488", - "vulnerabilities": [ - { - "lines": [ - 24 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "reentrancy_bonus.sol", - "path": "dataset/reentrancy/reentrancy_bonus.sol", - "source": "https://consensys.github.io/smart-contract-best-practices/known_attacks/", - "vulnerabilities": [ - { - "lines": [ - 28 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "reentrancy_cross_function.sol", - "path": "dataset/reentrancy/reentrancy_cross_function.sol", - "source": "https://consensys.github.io/smart-contract-best-practices/known_attacks/", - "vulnerabilities": [ - { - "lines": [ - 24 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "reentrancy_dao.sol", - "path": "dataset/reentrancy/reentrancy_dao.sol", - "source": "https://github.com/ConsenSys/evm-analyzer-benchmark-suite", - "vulnerabilities": [ - { - "lines": [ - 18 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "reentrancy_insecure.sol", - "path": "dataset/reentrancy/reentrancy_insecure.sol", - "source": "https://consensys.github.io/smart-contract-best-practices/known_attacks/", - "vulnerabilities": [ - { - "lines": [ - 17 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "reentrancy_simple.sol", - "path": "dataset/reentrancy/reentrancy_simple.sol", - "source": "https://github.com/trailofbits/not-so-smart-contracts/blob/master/reentrancy/Reentrancy.sol", - "vulnerabilities": [ - { - "lines": [ - 24 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "simple_dao.sol", - "path": "dataset/reentrancy/simple_dao.sol", - "source": "http://blockchain.unica.it/projects/ethereum-survey/attacks.html#simpledao", - "vulnerabilities": [ - { - "lines": [ - 19 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "spank_chain_payment.sol", - "path": "dataset/reentrancy/spank_chain_payment.sol", - "source": "https://github.com/trailofbits/not-so-smart-contracts/blob/master/reentrancy/SpankChain_source_code/SpankChain_Payment.sol", - "vulnerabilities": [ - { - "lines": [ - 426 - ], - "category": "reentrancy" - }, - { - "lines": [ - 430 - ], - "category": "reentrancy" - } - ] - }, - { - "name": "short_address_example.sol", - "path": "dataset/short_addresses/short_address_example.sol", - "source": "https://ericrafaloff.com/analyzing-the-erc20-short-address-attack/", - "vulnerabilities": [ - { - "lines": [ - 18 - ], - "category": "short_addresses" - } - ] - }, - { - "name": "ether_lotto.sol", - "path": "dataset/time_manipulation/ether_lotto.sol", - "source": "https://etherscan.io/address/0xa11e4ed59dc94e69612f3111942626ed513cb172#code", - "vulnerabilities": [ - { - "lines": [ - 43 - ], - "category": "time_manipulation" - } - ] - }, - { - "name": "governmental_survey.sol", - "path": "dataset/time_manipulation/governmental_survey.sol", - "source": "http://blockchain.unica.it/projects/ethereum-survey/attacks.html#governmental", - "vulnerabilities": [ - { - "lines": [ - 27 - ], - "category": "time_manipulation" - } - ] - }, - { - "name": "lottopollo.sol", - "path": "dataset/time_manipulation/lottopollo.sol", - "source": "https://github.com/seresistvanandras/EthBench/blob/master/Benchmark/Simple/timestampdependent.sol", - "vulnerabilities": [ - { - "lines": [ - 13 - ], - "category": "time_manipulation" - }, - { - "lines": [ - 27 - ], - "category": "time_manipulation" - } - ] - }, - { - "name": "roulette.sol", - "path": "dataset/time_manipulation/roulette.sol", - "source": "https://github.com/sigp/solidity-security-blog", - "vulnerabilities": [ - { - "lines": [ - 18 - ], - "category": "time_manipulation" - }, - { - "lines": [ - 20 - ], - "category": "time_manipulation" - } - ] - }, - { - "name": "timed_crowdsale.sol", - "path": "dataset/time_manipulation/timed_crowdsale.sol", - "source": "https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/timestamp_dependence/timed_crowdsale.sol", - "vulnerabilities": [ - { - "lines": [ - 13 - ], - "category": "time_manipulation" - } - ] - }, - { - "name": "0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e.sol", - "path": "dataset/unchecked_low_level_calls/0x07f7ecb66d788ab01dc93b9b71a88401de7d0f2e.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 201 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 213 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x0cbe050f75bc8f8c2d6c0d249fea125fd6e1acc9.sol", - "path": "dataset/unchecked_low_level_calls/0x0cbe050f75bc8f8c2d6c0d249fea125fd6e1acc9.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 12 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x19cf8481ea15427a98ba3cdd6d9e14690011ab10.sol", - "path": "dataset/unchecked_low_level_calls/0x19cf8481ea15427a98ba3cdd6d9e14690011ab10.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 439 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 465 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x2972d548497286d18e92b5fa1f8f9139e5653fd2.sol", - "path": "dataset/unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 14 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x39cfd754c85023648bf003bea2dd498c5612abfa.sol", - "path": "dataset/unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 44 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 97 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01.sol", - "path": "dataset/unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 44 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 97 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x3e013fc32a54c4c5b6991ba539dcd0ec4355c859.sol", - "path": "dataset/unchecked_low_level_calls/0x3e013fc32a54c4c5b6991ba539dcd0ec4355c859.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 29 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x3f2ef511aa6e75231e4deafc7a3d2ecab3741de2.sol", - "path": "dataset/unchecked_low_level_calls/0x3f2ef511aa6e75231e4deafc7a3d2ecab3741de2.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 45 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x4051334adc52057aca763453820cb0e045076ef3.sol", - "path": "dataset/unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 16 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x4a66ad0bca2d700f11e1f2fc2c106f7d3264504c.sol", - "path": "dataset/unchecked_low_level_calls/0x4a66ad0bca2d700f11e1f2fc2c106f7d3264504c.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 19 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152.sol", - "path": "dataset/unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 17 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x524960d55174d912768678d8c606b4d50b79d7b1.sol", - "path": "dataset/unchecked_low_level_calls/0x524960d55174d912768678d8c606b4d50b79d7b1.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 21 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x52d2e0f9b01101a59b38a3d05c80b7618aeed984.sol", - "path": "dataset/unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 27 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x5aa88d2901c68fda244f1d0584400368d2c8e739.sol", - "path": "dataset/unchecked_low_level_calls/0x5aa88d2901c68fda244f1d0584400368d2c8e739.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 29 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x610495793564aed0f9c7fc48dc4c7c9151d34fd6.sol", - "path": "dataset/unchecked_low_level_calls/0x610495793564aed0f9c7fc48dc4c7c9151d34fd6.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 33 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.sol", - "path": "dataset/unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 44 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x663e4229142a27f00bafb5d087e1e730648314c3.sol", - "path": "dataset/unchecked_low_level_calls/0x663e4229142a27f00bafb5d087e1e730648314c3.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 1152 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 1496 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 2467 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x70f9eddb3931491aab1aeafbc1e7f1ca2a012db4.sol", - "path": "dataset/unchecked_low_level_calls/0x70f9eddb3931491aab1aeafbc1e7f1ca2a012db4.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 29 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x78c2a1e91b52bca4130b6ed9edd9fbcfd4671c37.sol", - "path": "dataset/unchecked_low_level_calls/0x78c2a1e91b52bca4130b6ed9edd9fbcfd4671c37.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 45 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x7a4349a749e59a5736efb7826ee3496a2dfd5489.sol", - "path": "dataset/unchecked_low_level_calls/0x7a4349a749e59a5736efb7826ee3496a2dfd5489.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 44 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x7d09edb07d23acb532a82be3da5c17d9d85806b4.sol", - "path": "dataset/unchecked_low_level_calls/0x7d09edb07d23acb532a82be3da5c17d9d85806b4.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 198 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 210 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x806a6bd219f162442d992bdc4ee6eba1f2c5a707.sol", - "path": "dataset/unchecked_low_level_calls/0x806a6bd219f162442d992bdc4ee6eba1f2c5a707.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 44 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x84d9ec85c9c568eb332b7226a8f826d897e0a4a8.sol", - "path": "dataset/unchecked_low_level_calls/0x84d9ec85c9c568eb332b7226a8f826d897e0a4a8.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 56 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x89c1b3807d4c67df034fffb62f3509561218d30b.sol", - "path": "dataset/unchecked_low_level_calls/0x89c1b3807d4c67df034fffb62f3509561218d30b.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 162 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 175 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 180 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 192 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x8fd1e427396ddb511533cf9abdbebd0a7e08da35.sol", - "path": "dataset/unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 44 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 97 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x958a8f594101d2c0485a52319f29b2647f2ebc06.sol", - "path": "dataset/unchecked_low_level_calls/0x958a8f594101d2c0485a52319f29b2647f2ebc06.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 55 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0x9d06cbafa865037a01d322d3f4222fa3e04e5488.sol", - "path": "dataset/unchecked_low_level_calls/0x9d06cbafa865037a01d322d3f4222fa3e04e5488.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 54 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 65 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xa1fceeff3acc57d257b917e30c4df661401d6431.sol", - "path": "dataset/unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 31 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xa46edd6a9a93feec36576ee5048146870ea2c3ae.sol", - "path": "dataset/unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 16 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xb0510d68f210b7db66e8c7c814f22680f2b8d1d6.sol", - "path": "dataset/unchecked_low_level_calls/0xb0510d68f210b7db66e8c7c814f22680f2b8d1d6.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 69 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 71 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 73 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 75 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 102 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77.sol", - "path": "dataset/unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 14 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xb37f18af15bafb869a065b61fc83cfc44ed9cc27.sol", - "path": "dataset/unchecked_low_level_calls/0xb37f18af15bafb869a065b61fc83cfc44ed9cc27.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 33 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xb620cee6b52f96f3c6b253e6eea556aa2d214a99.sol", - "path": "dataset/unchecked_low_level_calls/0xb620cee6b52f96f3c6b253e6eea556aa2d214a99.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 100 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 106 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 133 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7.sol", - "path": "dataset/unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 25 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xbaa3de6504690efb064420d89e871c27065cdd52.sol", - "path": "dataset/unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065cdd52.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 14 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c.sol", - "path": "dataset/unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 14 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xd2018bfaa266a9ec0a1a84b061640faa009def76.sol", - "path": "dataset/unchecked_low_level_calls/0xd2018bfaa266a9ec0a1a84b061640faa009def76.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 44 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xd5967fed03e85d1cce44cab284695b41bc675b5c.sol", - "path": "dataset/unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 16 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xdb1c55f6926e7d847ddf8678905ad871a68199d2.sol", - "path": "dataset/unchecked_low_level_calls/0xdb1c55f6926e7d847ddf8678905ad871a68199d2.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 39 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xe09b1ab8111c2729a76f16de96bc86a7af837928.sol", - "path": "dataset/unchecked_low_level_calls/0xe09b1ab8111c2729a76f16de96bc86a7af837928.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 150 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xe4eabdca81e31d9acbc4af76b30f532b6ed7f3bf.sol", - "path": "dataset/unchecked_low_level_calls/0xe4eabdca81e31d9acbc4af76b30f532b6ed7f3bf.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 44 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xe82f0742a71a02b9e9ffc142fdcb6eb1ed06fb87.sol", - "path": "dataset/unchecked_low_level_calls/0xe82f0742a71a02b9e9ffc142fdcb6eb1ed06fb87.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 39 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xe894d54dca59cb53fe9cbc5155093605c7068220.sol", - "path": "dataset/unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 17 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xec329ffc97d75fe03428ae155fc7793431487f63.sol", - "path": "dataset/unchecked_low_level_calls/0xec329ffc97d75fe03428ae155fc7793431487f63.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 30 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xf2570186500a46986f3139f65afedc2afe4f445d.sol", - "path": "dataset/unchecked_low_level_calls/0xf2570186500a46986f3139f65afedc2afe4f445d.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 18 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xf29ebe930a539a60279ace72c707cba851a57707.sol", - "path": "dataset/unchecked_low_level_calls/0xf29ebe930a539a60279ace72c707cba851a57707.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 16 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "0xf70d589d76eebdd7c12cc5eec99f8f6fa4233b9e.sol", - "path": "dataset/unchecked_low_level_calls/0xf70d589d76eebdd7c12cc5eec99f8f6fa4233b9e.sol", - "source": "etherscan.io", - "vulnerabilities": [ - { - "lines": [ - 44 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "etherpot_lotto.sol", - "path": "dataset/unchecked_low_level_calls/etherpot_lotto.sol", - "source": "https://github.com/etherpot/contract/blob/master/app/contracts/lotto.sol", - "vulnerabilities": [ - { - "lines": [ - 109 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 141 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "king_of_the_ether_throne.sol", - "path": "dataset/unchecked_low_level_calls/king_of_the_ether_throne.sol", - "source": "https://github.com/kieranelby/KingOfTheEtherThrone/blob/v0.4.0/contracts/KingOfTheEtherThrone.sol", - "vulnerabilities": [ - { - "lines": [ - 110 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 118 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 132 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 174 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "lotto.sol", - "path": "dataset/unchecked_low_level_calls/lotto.sol", - "source": "https://github.com/sigp/solidity-security-blog", - "vulnerabilities": [ - { - "lines": [ - 20 - ], - "category": "unchecked_low_level_calls" - }, - { - "lines": [ - 27 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "mishandled.sol", - "path": "dataset/unchecked_low_level_calls/mishandled.sol", - "source": "https://github.com/seresistvanandras/EthBench/blob/master/Benchmark/Simple/mishandled.sol", - "vulnerabilities": [ - { - "lines": [ - 14 - ], - "category": "unchecked_low_level_calls" - } - ] - }, - { - "name": "unchecked_return_value.sol", - "path": "dataset/unchecked_low_level_calls/unchecked_return_value.sol", - "source": "https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-104#unchecked-return-valuesol", - "vulnerabilities": [ - { - "lines": [ - 17 - ], - "category": "unchecked_low_level_calls" - } - ] - } -]