Solidity Defects and Bugs Analysis (SDABA): A novel framework for smart contract vulnerability detection and benchmarking
摘要
Smart contracts are the fundamental building block of decentralized applications (DApps) and decentralized finance (DeFi). However, their immutability makes security flaws exceptionally costly. Despite advancements in vulnerability detection, such as static and dynamic analysis, formal verification, and Solidity language improvements, vulnerabilities continue to result in substantial financial losses, exceeding $2 billion in 2024 alone. This paper presents a comprehensive analysis of smart contract vulnerabilities derived from real-world exploits, systematically categorized into seven distinct types. Each category is illustrated with Solidity code examples and insights from notable exploits. An Enhanced test suite is developed by restructuring the existing solidity-defects-and-bugs suite and supplementing it with new smart contract implementations to address underrepresented vulnerabilities, including flash loan and price oracle manipulation. We evaluate three widely used analysis tools (Slither, Mythril, and 4naly3er) on both the original and Enhanced suites, revealing substantial limitations in detection coverage. To address these limitations, we introduce the Solidity Defects and Bugs Analysis (SDABA), which incorporates advanced analyses and detectors to identify 28 vulnerability variations across both suites. Results on the SDB and Enhanced test suites show that SDABA improves overall precision, recall, and F1-score compared with the evaluated tools. Finally, we release the source code, test suite, and vulnerability reports to support future research in smart contract security.