This repository contains automated exploit tests for vulnerabilities found in the SmartBugs-curated smart contract dataset. The tests are implemented using the Hardhat testing framework.
The project demonstrates various security vulnerabilities in Ethereum smart contracts by providing:
- Vulnerable contracts from the SmartBugs-Curated dataset
- Exploit contracts that demonstrate the vulnerabilities
- Automated tests that verify the exploits
.
├── contracts/
│ ├── dataset/ # Original vulnerable contracts from SmartBugs
│ └── <category>/ # Exploit contracts organized by vulnerability type
│ └── *_attack.sol # Exploit contract for each vulnerability
│
├── test/
│ └── <category>/ # Test files organized by vulnerability type
│ └── *_test.js # Test scripts that demonstrate exploits
│
├── artifacts/ # Compiled contract files (generated)
└── hardhat.config.js # Hardhat configuration
- Node.js (v20.14.0 or later)
- npm (v10.7.0 or later)
- Clone the repository
git clone <repository-url>
cd smartbugs-curated/0.4.x- Install dependencies
npm ciRun all exploit tests:
npx hardhat testRun a specific exploit test:
npx hardhat test test/<category>/<test_name>_test.jsTo test a specific reentrancy vulnerability:
npx hardhat test test/reentrancy/simple_dao_test.jsEach test file contains two types of tests:
Verify normal contract behavior without exploiting vulnerabilities. These ensure the contract works as intended under normal circumstances.
Demonstrate the vulnerability by executing attack sequences that exploit the security weakness.
Example output:
Reentrancy Attack for simpleDAO.sol
✔ sanity check: reentrancy/simpleDAO.sol (632ms)
✔ should successfully drain funds through reentrancy attack
2 passing (651ms)
Feel free to contribute by:
- Adding new exploit contracts
- Improving existing tests
- Enhancing documentation
Please ensure all new exploits follow the existing directory structure and naming conventions.