Integration of CPG Contract Checker (CCC)

[fwendland]

We've developed a new analysis tool employing code property graphs (cf. DOI:10.1109/SP.2014.44) to detect vulnerable code patterns in Solidity source code.

CPG Contract Checker, CCC for short, uses our implementation of a code property graph. We've extended its analysis capabilities to process Solidity source code. We've also implemented checks to detect vulnerability patterns for the nine main DASP categories as well as uninitialized storage.

The analysis tool is part of a scientific publication and is going to appear in:

K. Weiss, C. Ferreira Torres, and F. Wendland. 2024. Analyzing the Impact of Copying-and-Pasting Vulnerable Solidity Code Snippets from Question-and-Answer Websites. In Proceedings of the 2024 ACM Internet Measurement Conference (IMC ’24), November 4–6, 2024, Madrid, Spain. ACM, New York, NY, USA. https://doi.org/10.1145/3646547.3688437

We've used SmartBugs to evaluate the performance of CCC against other analysis tools.

This PR publishes our integration of CCC into SmartBugs for general availability. The changes are:

• Integration of CCC as an analysis tool within SmartBugs (configuration, output parser, execution script)
• Integration of CCC as an analysis tool in the all set
• Adjustment of the Readme to include CCC

FYI: This is currently a draft until our private repository with CCC's implementation has been released to the public as part of the paper publication process.