add paper template

README.md

@@ -1,39 +1,39 @@
-# SWC-124: Write to Arbitrary Storage Location
-
-## Introduction
-
-The aim of this paper is to introduce the SWC-124 smart contract weakness.
-In order to do that, the paper will:
-- describe weakness itself and the consequences if the weakness is exploited;
-- describe the various forms it may take and construct minimal sample contracts for each variant. It will also describe variants that look similar but are not a weakness, and construct minimal contracts for these non-weaknesses;
-- collect vulnerable contracts used by different papers to motivate/illustrate the weakness;
-- summarize the code properties that tools are looking for so that they can detect the weakness;
-- sketch ways to potentially exploit the different variants of the weakness.
-
-## Weakness description
-
-Smart contracts in Ethereum support persistent storage on the EVM level. It is the contracts responsibility to implement access control to sensitive information
-and doing so incorrectly may allow an attacker:
-* to read and overwrite sensitive data that should only be accessible to contract owners, maintainers etc.;
-* setting himself as the contract owner and circumventing authorization checks;
-* draining the contract of its funds by, for example, overwriting the address that collects the received tokens;
-* TODO: add more
-
-## Various forms
-
-1. Arrays + integer underflow/overflow
-2. Unchecked assembly calls
-3. TODO: add more
-
-## Samples
-
-TODO
-
-## Code properties
-
-TODO
-
-## Potential exploits
-
-TODO
-
+# SWC-124: Write to Arbitrary Storage Location
+
+## Introduction
+
+The aim of this paper is to introduce the SWC-124 smart contract weakness.
+In order to do that, the paper will:
+- describe weakness itself and the consequences if the weakness is exploited;
+- describe the various forms it may take and construct minimal sample contracts for each variant. It will also describe variants that look similar but are not a weakness, and construct minimal contracts for these non-weaknesses;
+- collect vulnerable contracts used by different papers to motivate/illustrate the weakness;
+- summarize the code properties that tools are looking for so that they can detect the weakness;
+- sketch ways to potentially exploit the different variants of the weakness.
+
+## Weakness description
+
+Smart contracts in Ethereum support persistent storage on the EVM level. It is the contracts responsibility to implement access control to sensitive information
+and doing so incorrectly may allow an attacker:
+* to read and overwrite sensitive data that should only be accessible to contract owners, maintainers etc.;
+* setting himself as the contract owner and circumventing authorization checks;
+* draining the contract of its funds by, for example, overwriting the address that collects the received tokens;
+* TODO: add more
+
+## Various forms
+
+1. Arrays + integer underflow/overflow
+2. Unchecked assembly calls
+3. TODO: add more
+
+## Samples
+
+TODO
+
+## Code properties
+
+TODO
+
+## Potential exploits
+
+TODO
+

papers/README.md

@@ -1,30 +1,30 @@
-# Papers
-## SMARTIAN: Enhancing Smart Contract Fuzzingwith Static and Dynamic Data-Flow Analyses
-
-- listed as: "arbitrary write" (Choi et al., 2021)
-- from: [IEEE](https://ieeexplore.ieee.org/document/9678888)
-- file: [PDF](choi-ase2021.pdf)
-
-## SmartFuzzDriverGen: Smart ContractFuzzing Automation for Golang
-
-- listed as: "buffer-overwrite" (Pani et al., 2023)
-- from: [ACM](https://dl.acm.org/doi/fullHtml/10.1145/3578527.3578538)
-- file: [PDF](SmartFuzzDriverGen_ Smart Contract Fuzzing Automation for Golang.pdf)
-
-## teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts
-
-- listed as: "storage modification" (Krupp and Rossow, 2018)
-- from: [Usenix](https://www.usenix.org/conference/usenixsecurity18/presentation/krupp)
-- talk: [Youtube](https://www.youtube.com/watch?v=mW4jQzPVP_A)
-- file: [PDF](sec18-krupp.pdf)
-
-## Securify: Practical Security Analysis of Smart Contracts
-
-- listed as: "unrestricted write" (Tsankov et al., 2018)
-- from: [ACM](https://dl.acm.org/doi/10.1145/3243734.3243780)
-- talk: On ACM page
-- file: [PDF](Securify Practical Security Analysis of Smart Contracts.pdf)
-
-## "SWC-124: Write to Arbitrary Storage Location" (SmartContractSecurity, 2020)
-
-- from: [SWCregistry](https://swcregistry.io/docs/SWC-124/)
+# Papers
+## SMARTIAN: Enhancing Smart Contract Fuzzingwith Static and Dynamic Data-Flow Analyses
+
+- listed as: "arbitrary write" (Choi et al., 2021)
+- from: [IEEE](https://ieeexplore.ieee.org/document/9678888)
+- file: [PDF](choi-ase2021.pdf)
+
+## SmartFuzzDriverGen: Smart ContractFuzzing Automation for Golang
+
+- listed as: "buffer-overwrite" (Pani et al., 2023)
+- from: [ACM](https://dl.acm.org/doi/fullHtml/10.1145/3578527.3578538)
+- file: [PDF](SmartFuzzDriverGen_ Smart Contract Fuzzing Automation for Golang.pdf)
+
+## teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts
+
+- listed as: "storage modification" (Krupp and Rossow, 2018)
+- from: [Usenix](https://www.usenix.org/conference/usenixsecurity18/presentation/krupp)
+- talk: [Youtube](https://www.youtube.com/watch?v=mW4jQzPVP_A)
+- file: [PDF](sec18-krupp.pdf)
+
+## Securify: Practical Security Analysis of Smart Contracts
+
+- listed as: "unrestricted write" (Tsankov et al., 2018)
+- from: [ACM](https://dl.acm.org/doi/10.1145/3243734.3243780)
+- talk: On ACM page
+- file: [PDF](Securify Practical Security Analysis of Smart Contracts.pdf)
+
+## "SWC-124: Write to Arbitrary Storage Location" (SmartContractSecurity, 2020)
+
+- from: [SWCregistry](https://swcregistry.io/docs/SWC-124/)