A Survey on Security Analysis Methods of Smart Contracts

【Author】 Zhu, Huijuan; Yang, Lei; Wang, Liangmin; Sheng, Victor S.

【Source】IEEE TRANSACTIONS ON SERVICES COMPUTING

【影响因子】11.019

【Abstract】Smart contracts have gained extensive adoption across diverse industries, including finance, supply chain, and the Internet of Things. Nevertheless, the surge in security incidents of smart contracts over recent years has led to substantial economic losses. Therefore, ensuring the security of smart contracts has become a critical and complex challenge in both academic and industrial domains. Based on 539 real-world security incidents in the Ethereum platform and audit reports from 10 authoritative auditing institutions, we summarize 27 types of exploited security vulnerabilities and draw insights into their principles, typical cases, relevant research and recommended prevention strategies. Besides, we also gather 7 other potentially threatening vulnerability types as supplements. On this basis, we conduct an in-depth analysis of the root causes of vulnerabilities and further formulate eight safety practical rules. Moreover, we perform a comprehensive review of 178 recent papers on smart contract security analysis, classifying detection methods into formal verification, fuzz testing, machine learning, program analysis, and others. For each category, we seize the specific detection tools and analyze them comprehensively. Then, we conduct an extensive analysis and synthesis from various angles, presenting a comprehensive overview of the current research landscape in smart contract security detection. We also discuss current on-chain and off-chain repair methods. Finally, this review outlines major challenges and highlights potential areas for future research in this field.

【Keywords】Smart contracts; Security; Blockchains; Open source software; Cryptocurrency; Prevention and mitigation; Reviews; blockchain; ethereum; security analysis; vulnerabilities

【发表时间】2024 NOV

【收录时间】2025-02-05

【文献类型】

【主题类别】

--