/smart-contract-vulndb

🍋 An open dataset containing smart contract audit issues from various sources.

Primary LanguageJavaScript

The Creed Rebellion!
[ 🌐 🫂 ]

Smart Contract VulnDB

An open dataset of publicly available smart contract issues aggregated from various audit reports. The dataset can be accessed at 🌻 vulns.json, is updated once a day, and a live demo is available 🌐 here.

LMK if you're building cool things with this dataset and I'll list them here 😊🙏

🔸 DataSet

⚠️ NOTE: Breaking Change due to GIT Large File Policy Switching from one big vulns.json to files a 25k issues vulns-1.json, vulns-2.json, ...

image

const issue: Issue = {
  title: "<string:title>",
  severity: Severity.Medium,
  body: "<markdown-string:description>",
  dataSource: {
    name: "<string:path-like-report-identifier>",
    repo: "<string:git-or-http-url>",
    url: "<string:url>"
  }
};

To work around GitHub File Size Limits we'll split the database into equal files of 25k issues

🔸 Live Demo

image

🔸 Accessing the Latest Snapshot

  • Shell
⇒  curl https://tintinweb.github.io/smart-contract-vulndb/cache/vulns-1.json
⇒  curl https://tintinweb.github.io/smart-contract-vulndb/cache/vulns-2.json
  • JavaScript
const all_issues = []
for(let idx=1; idx<10; idx++){
  try {
    const all = await (await fetch(`https://tintinweb.github.io/smart-contract-vulndb/cache/vulns-${idx}.json`)).text();
    for(let line of all.split("\n")){
      if(line.trim().length == 0){
        continue;
      } 
      try{
        all_issues.push(JSON.parse(line))
      } catch(e){
        console.log(line)
        throw e
      }
    }
} catch (e){
    console.log(e)
    break;
  }
}
  • JavaScript Local
const fs = require("fs")
let issues = [];
for(let idx=1; idx<10; idx++){
  if(!fs.existsSync(`./dataset/vulns-${idx}.json`)) {
    break;
  }
  const data = fs.readFileSync(`./dataset/vulns-${idx}.json`, "utf-8");
  const part = data.split('\n').filter(l => l.trim().length > 0).map(l => JSON.parse(l))
  issues = [...issues, ...part]
}
console.log(issues.length)
// 39125
[... new Set(issues.map(i => i.severity))]
/*
[
  'medium',   'minor',
  null,       'major',
  'critical', undefined,
  'info'
]
*/

🤓 For Nerds

First, run the development server:

npm run dev
# or
yarn dev

Open http://localhost:3000 with your browser to see the result.

🎓 Citation

If you are using this dataset in your research and paper, here's how you can cite this dataset:

  • APA6
Ortner, M. (n.d.). Smart Contract VulnDB. Retrieved from https://github.com/tintinweb/smart-contract-vulndb.
  • LateX (Bib)
 @article{smart_contract_vulndb, 
          title={Smart Contract VulnDB}, 
          url={https://github.com/tintinweb/smart-contract-vulndb}, 
          author={Ortner, Martin}}