Survey and Analysis of Smart Contract Quality Assurance: Conclusions, Acknowledgement and References

27 Jun 2024


(1) ZHIYUAN WEI, Beijing Institute of Technology, China;

(2) JING SUN, University of Auckland, New Zealand);

(3) ZIJIAN ZHANG, XIANHAO ZHANG, XIAOXUAN YANG, and LIEHUANG ZHU, Beijing Institute of Technology, China;

(4) XIANHAO ZHANG, Beijing Institute of Technology, China;

(5) XIAOXUAN YANG, Beijing Institute of Technology, China;

(6) LIEHUANG ZHU, Beijing Institute of Technology, China.

Abstract and Introduction

Overview of Smart Contracts and Survey Methodology

Vulnerability in Smart Contracts

Attacks on Smart Contracts

Defense Methodologies


Conclusions, Acknowledgement and References


The adoption of smart contract technology is rapidly increasing, leading to significant research efforts focused on enhancing smart contract security. In this survey, we have conducted a comprehensive study on smart contract security, encompassing vulnerabilities, attacks, defenses, and tool support. Our analysis has contributed to novel classifications of common vulnerability types and attack patterns, with a specific focus on the connection between them. Additionally, we have investigated defense methodologies aimed at mitigating the risks associated with these vulnerabilities. Moreover, we have conducted experiments using 12 open-source vulnerability-detecting tools and applied weighting-based assessment criteria to evaluate their accuracy, performance, and overall effectiveness. This evaluation provides valuable insights into the capabilities and limitations of the representative tools in the field, helping researchers and practitioners in selecting the most suitable options. Additionally, we have created an annotated dataset comprising 110 smart contracts, serving as a standardized benchmark for conducting thorough evaluations of smart contract analysis tools. This dataset facilitates comparative studies and enables researchers to assess the performance of different tools in detecting vulnerabilities and improving overall security. These findings emphasize the critical importance of continuous research and development in the field of smart contract security.

However, the smart contract landscape is evolving rapidly, with new functionalities and protocols leading to the emergence of new security vulnerabilities. To make smart contract languages more robust, it is crucial to continue investing in research and development. For instance, there has been a growing interest in using programming languages other than Solidity for smart contract development. Languages like Go and Rust have gained attention due to their stronger syntax and logical soundness, offering potential solutions to address some of the security issues associated with Solidity. Furthermore, there is a need for more powerful analysis tools capable of identifying dynamic or logic errors within smart contracts. Existing tools primarily focus on known vulnerabilities and attacks, while effective methodologies for dealing with unknown attacks are still limited. Thus, protecting smart contracts from unknown attacks poses a significant challenge for future research. Additionally, developing automated approaches for repairing vulnerable smart contracts after deployment could prove to be a fruitful direction. In conclusion, the security of smart contracts remains an ongoing concern that demands continuous attention and innovation to address evolving threats.


This work is supported by National Key Research and Development Program of China under the grant No.2021YFB2701202, and National Natural Science Foundation of China (NSFC) under the grant No.62172040, and Anhui Provincial Natural Science Foundation under the grant No.2008085MF196.


This paper is available on arxiv under CC 4.0 license.