Analyzing the Impact of Copying-and-Pasting Vulnerable Solidity Code Snippets from Question-and-Answer Websites

This data comprises all input and output, including intermediate results for the evaluation of the tool cpg-contract-checker(CCC) and the crawled data and results for the study published under the name "Analyzing the Impact of Copying-and-Pasting Vulnerable Solidity Code Snippets from Question-and-Answer Websites".
We conducted a study on the impact of vulnerable code reuse from Q&A websites during the development of smart contracts and provided tools uniquely fit to detect vulnerable code patterns in complete and incomplete Smart Contract code. The paper proposes a pattern-based vulnerability detection tool that is able to analyze code snippets (i.e., incomplete code) as well as full smart contracts based on the concept of code property graphs. We also propose a methodology that leverages fuzzy hashing to quickly detect code clones of vulnerable snippets among deployed smart contracts. Our results show that our vulnerability search, as well as our code clone detection, are comparable to state-of-the-art while being applicable to code snippets. The tools are used to realize a study pipeline for which the dataset and (intermediate) results are contained in this archive.