Add vulnerable smart contracts.

Author: pedrocrvz

.gitignore

@@ -0,0 +1,38 @@
+/*
+ * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-124#arbitrary-location-write-simplesol
+ * @author: Suhabe Bugrara
+ */
+
+ pragma solidity ^0.4.25;
+
+ contract Wallet {
+     uint[] private bonusCodes;
+     address private owner;
+
+     constructor() public {
+         bonusCodes = new uint[](0);
+         owner = msg.sender;
+     }
+
+     function () public payable {
+     }
+
+     function PushBonusCode(uint c) public {
+         bonusCodes.push(c);
+     }
+
+     function PopBonusCode() public {
+         require(0 <= bonusCodes.length);
+         bonusCodes.length--;
+     }
+
+     function UpdateBonusCodeAt(uint idx, uint c) public {
+         require(idx < bonusCodes.length);
+         bonusCodes[idx] = c;
+     }
+
+     function Destroy() public {
+         require(msg.sender == owner);
+         selfdestruct(msg.sender);
+     }
+ }

config/dataset/dataset.yaml

@@ -0,0 +1,60 @@
+/*
+ * @source: https://github.com/thec00n/smart-contract-honeypots/blob/master/CryptoRoulette.sol
+ */
+pragma solidity ^0.4.19;
+
+// CryptoRoulette
+//
+// Guess the number secretly stored in the blockchain and win the whole contract balance!
+// A new number is randomly chosen after each try.
+//
+// To play, call the play() method with the guessed number (1-20).  Bet price: 0.1 ether
+
+contract CryptoRoulette {
+
+    uint256 private secretNumber;
+    uint256 public lastPlayed;
+    uint256 public betPrice = 0.1 ether;
+    address public ownerAddr;
+
+    struct Game {
+        address player;
+        uint256 number;
+    }
+    Game[] public gamesPlayed;
+
+    function CryptoRoulette() public {
+        ownerAddr = msg.sender;
+        shuffle();
+    }
+
+    function shuffle() internal {
+        // randomly set secretNumber with a value between 1 and 20
+        secretNumber = uint8(sha3(now, block.blockhash(block.number-1))) % 20 + 1;
+    }
+
+    function play(uint256 number) payable public {
+        require(msg.value >= betPrice && number <= 10);
+
+        Game game;
+        game.player = msg.sender;
+        game.number = number;
+        gamesPlayed.push(game);
+
+        if (number == secretNumber) {
+            // win!
+            msg.sender.transfer(this.balance);
+        }
+
+        shuffle();
+        lastPlayed = now;
+    }
+
+    function kill() public {
+        if (msg.sender == ownerAddr && now > lastPlayed + 1 days) {
+            suicide(msg.sender);
+        }
+    }
+
+    function() public payable { }
+}

config/tools/mythril.yaml

@@ -0,0 +1,33 @@
+/*
+ * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
+ * @author: Ben Perez
+ * Modified by Gerhard Wagner
+ */
+
+pragma solidity ^0.4.24;
+
+contract Missing{
+    address private owner;
+
+    modifier onlyowner {
+        require(msg.sender==owner);
+        _;
+    }
+
+    // The name of the constructor should be Missing
+    // Anyone can call the IamMissing once the contract is deployed
+    function IamMissing()
+        public
+    {
+        owner = msg.sender;
+    }
+
+    function () payable {}
+
+    function withdraw()
+        public
+        onlyowner
+    {
+       owner.transfer(this.balance);
+    }
+}

config/tools/oyente.yaml

@@ -0,0 +1,32 @@
+/*
+ * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
+ * @author: Ben Perez
+ * Modified by Gerhard Wagner
+ */
+
+
+pragma solidity 0.4.24;
+
+contract Missing{
+    address private owner;
+
+    modifier onlyowner {
+        require(msg.sender==owner);
+        _;
+    }
+
+    function missing()
+        public
+    {
+        owner = msg.sender;
+    }
+
+    function () payable {}
+
+    function withdraw()
+        public
+        onlyowner
+    {
+       owner.transfer(this.balance);
+    }
+}

config/tools/securify.yaml

@@ -0,0 +1,32 @@
+/*
+ * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/wrong_constructor_name/incorrect_constructor.sol
+ * @author: Ben Perez
+ * Modified by Gerhard Wagner
+ */
+
+pragma solidity 0.4.24;
+
+contract Missing{
+    address private owner;
+
+    modifier onlyowner {
+        require(msg.sender==owner);
+        _;
+    }
+
+    function Constructor()
+        public
+    {
+        owner = msg.sender;
+    }
+
+    function () payable {}
+
+    function withdraw()
+        public
+        onlyowner
+    {
+       owner.transfer(this.balance);
+    }
+
+}

config/tools/smartcheck.yaml

@@ -0,0 +1,29 @@
+/*
+ * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-124#mapping-writesol
+ * @author: Suhabe Bugrara
+ */
+
+ pragma solidity ^0.4.24;
+
+ //This code is derived from the Capture the Ether https://capturetheether.com/challenges/math/mapping/
+
+ contract Map {
+     address public owner;
+     uint256[] map;
+
+     function set(uint256 key, uint256 value) public {
+         if (map.length <= key) {
+             map.length = key + 1;
+         }
+
+         map[key] = value;
+     }
+
+     function get(uint256 key) public view returns (uint256) {
+         return map[key];
+     }
+     function withdraw() public{
+       require(msg.sender == owner);
+       msg.sender.transfer(address(this).balance);
+     }
+ }

dataset/access_control/WalletLibrary.sol

@@ -0,0 +1,21 @@
+/*
+ * @source: https://github.com/sigp/solidity-security-blog
+ * @author: -
+ */
+
+ pragma solidity ^0.4.22;
+
+ contract Phishable {
+    address public owner;
+
+    constructor (address _owner) {
+        owner = _owner;
+    }
+
+    function () public payable {} // collect ether
+
+    function withdrawAll(address _recipient) public {
+        require(tx.origin == owner);
+        _recipient.transfer(this.balance);
+    }
+}

dataset/access_control/arbitrary_location_write_simple.sol

@@ -0,0 +1,20 @@
+/*
+ * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-112#proxysol
+ * @author: -
+ */
+
+pragma solidity ^0.4.24;
+
+contract Proxy {
+
+  address owner;
+
+  constructor() public {
+    owner = msg.sender;
+  }
+
+  function forward(address callee, bytes _data) public {
+    require(callee.delegatecall(_data));
+  }
+
+}

dataset/access_control/crypto_roulette.sol

@@ -0,0 +1,20 @@
+/*
+ * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-123#requirement-simplesol
+ * @author: Suhabe Bugrara
+ */
+
+pragma solidity ^0.4.25;
+
+contract Bar {
+    Foo private f = new Foo();
+    function doubleBaz() public view returns (int256) {
+        return 2 * f.baz(0);
+    }
+}
+
+contract Foo {
+    function baz(int256 x) public pure returns (int256) {
+        require(0 < x);
+        return 42;
+    }
+}

dataset/access_control/incorrect_constructor.sol

@@ -0,0 +1,46 @@
+/*
+ * @source: https://smartcontractsecurity.github.io/SWC-registry/docs/SWC-108#storagesol
+ * @author: -
+ */
+
+pragma solidity 0.4.24;
+
+contract TestStorage {
+
+    uint storeduint1 = 15;
+    uint constant constuint = 16;
+    uint32 investmentsDeadlineTimeStamp = uint32(now);
+
+    bytes16 string1 = "test1";
+    bytes32 private string2 = "test1236";
+    string public string3 = "lets string something";
+
+    mapping (address => uint) public uints1;
+    mapping (address => DeviceData) structs1;
+
+    uint[] uintarray;
+    DeviceData[] deviceDataArray;
+
+    struct DeviceData {
+        string deviceBrand;
+        string deviceYear;
+        string batteryWearLevel;
+    }
+
+    function testStorage() public  {
+        address address1 = 0xbccc714d56bc0da0fd33d96d2a87b680dd6d0df6;
+        address address2 = 0xaee905fdd3ed851e48d22059575b9f4245a82b04;
+
+        uints1[address1] = 88;
+        uints1[address2] = 99;
+
+        DeviceData memory dev1 = DeviceData("deviceBrand", "deviceYear", "wearLevel");
+
+        structs1[address1] = dev1;
+
+        uintarray.push(8000);
+        uintarray.push(9000);
+
+        deviceDataArray.push(dev1);
+    }
+}

dataset/access_control/incorrect_constructor_name1.sol

@@ -0,0 +1,20 @@
+/*
+ * @source: https://github.com/sigp/solidity-security-blog#visibility
+ * @author: SigmaPrime
+ * Modified by Gerhard Wagner
+ */
+
+pragma solidity ^0.4.24;
+
+contract HashForEther {
+
+    function withdrawWinnings() {
+        // Winner if the last 8 hex characters of the address are 0.
+        require(uint32(msg.sender) == 0);
+        _sendWinnings();
+     }
+
+     function _sendWinnings() {
+         msg.sender.transfer(this.balance);
+     }
+}