Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/SmartContractSecurity/SWC-registry

Smart Contract Weakness Classification and Test Cases
https://github.com/SmartContractSecurity/SWC-registry

ethereum security smart-contracts

Last synced: 3 months ago
JSON representation

Smart Contract Weakness Classification and Test Cases

Host: GitHub
URL: https://github.com/SmartContractSecurity/SWC-registry
Owner: SmartContractSecurity
License: mit
Created: 2018-08-23T00:09:08.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2023-10-23T21:19:58.000Z (over 1 year ago)
Last Synced: 2024-05-19T00:05:50.213Z (9 months ago)
Topics: ethereum, security, smart-contracts
Homepage: https://swcregistry.io/
Size: 2.65 MB
Stars: 834
Watchers: 47
Forks: 165
Open Issues: 8
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# This registry is no longer actively maintained

## New SWC entries have not not been added since 2020

This registry has not been significantly updated since 2020, and is no longer actively maintained. While some maintenance may be done
to enhance or clarify the status of the current content, and pointers will be added to new work that is maintained such as the
[EEA EthTrust Security Levels Specification](https://entethalliance.org/specs/ethtrust-sl/), new SWCs are no longer being added,
and readers should check external sources to clarify the relevance of existing content.

All the vulnerabilities described in this repository were incorporated into version 1 of the **[EEA EthTrust Security Levels specification](https://entethalliance.org/specs/ethtrust-sl)**, published in August 2022

The [EEA EthTrust Security Levels](https://entethalliance.org/groups/ethtrust) project is actively maintained.
The **[Editor's draft for a new version](https://entethalliance.github.io/eta-registry/security-levels-spec.html)** is publicly available.

[EthTrust Security Leveles Version 2](https://entethalliance.org/specs/ethtrust-sl/v2) was published in December 2023, with publication of version 3 expected in early 2025.

Another project that has been maintained over a number of years is the [Smart Contract Security Verification Standard](https://github.com/ComposableSecurity/SCSVS).

The EthTrust specification is specific to Solidity code, and aims to comprehensively identify vulnerabilities that need to be checked for, and if present eliminated. The SCSVS is a more general development guideline for security testing and remediation, applicable to a large range of projects.

# Smart Contract Weakness Classification Registry

The Smart Contract Weakness Classification Registry (SWC Registry) is an implementation of the weakness classification scheme proposed in [EIP-1470](https://github.com/ethereum/EIPs/issues/1469). It is loosely aligned to the terminologies and structure used in the Common Weakness Enumeration ([CWE](https://cwe.mitre.org)) while overlaying a wide range of weakness variants that are specific to smart contracts.

The goals of this project were as follows:

- Provide a straightforward way to classify security issues in smart contract systems.
- Define a common language for describing security issues in smart contract systems' architecture, design, or code.
- Serve as a way to train and increase performance for smart contract security analysis tools.

### Scope of Weaknesses

SWCs are concerned with weaknesses that can be identified within Solidity code of a smart contract.
Weaknesses in 'smart contract adjacent' code are not covered by this registry of Weaknesses.
For example, the [gas siphoning attack](https://github.com/SmartContractSecurity/SWC-registry/pull/140) occurs in wallet code,
and should be protected against in wallet code.