GSVD: Common Vulnerability Dataset for Smart Contracts on BSC and Polygon

Abstract

The blockchain 2.0 age, marked by smart contract and Ethereum, has arrived couple years ago. Its technologies have expanded the application scenarios of blockchain technology and driven the boom of decentralized Finance. However, smart contract vulnerabilities and security issues are also emerging one after another. Hackers have exploited these vulnerabilities to cause huge economic losses. In recent years, a large amount of research on the analysis and detection of smart contract vulnerabilities has emerged, but there has been no common detection tool and corresponding test dataset. In this paper, we build GSVD dataset (Generalized Smart Contract Vulnerability Dataset) consisting four offline datasets using smart contracts on two chains, Polygon and BSC: two small Solidity datasets consisting of 153 labeled smart contract source codes, which can be used to test the performance of vulnerability mining tools; two large Solidity datasets consisting of 52,202 un labeled real smart contract source codes that can be used to verify the correctness of various theories and tools under a large number of real data conditions. At the same time, this paper integrates the scripting framework accompanying the GSVD dataset, which can execute a variety of popular automated vulnerability detection tools on top of these datasets and generate analysis results of contracts and potential vulnerabilities. We tested the Minor dataset under GSVD using three tools (Slither, Manticore, Mythril) that are kept up to date and found that the combined use of all tools detected 61.1% of labeled vulnerabilities, of which Mythril has the highest detection rate of 42.6%. It is not difficult to conclude that there`re still ample room for advancement for current smart contract vulnerability mining tools because of their underlying methods. Besides, our dataset can contribute to the ultimate target greatly by providing mining tools plenty real contracts information.