Survey on Quality Assurance of Smart Contracts
Zhiyuan Wei, Jing Sun, Zijian Zhang, Xianhao Zhang, Xiaoxuan Yang, Liehuang Zhu
TL;DR
This survey targets the security of smart contracts by introducing a vulnerability taxonomy grounded in CWE, mapping 40 known vulnerabilities across Ethereum, Hyperledger Fabric, and EOSIO to 14 secondary causes, and linking these to eight representative real-world attacks. The authors review defense methodologies ranging from formal verification and symbolic execution to fuzzing and ML-based approaches, and evaluate 14 vulnerability-detection tools using a public 110-contract benchmark. They reveal a post-2021 shift toward ML and AI-assisted auditing, including large language models, while noting persistent gaps in unknown-attack detection and post-deployment repair. The work culminates in a public dataset and a multi-criteria evaluation framework to guide practitioners in choosing effective tools and methodologies for secure smart contract development and auditing.
Abstract
With the increasing adoption of smart contracts, ensuring their security has become a critical concern. Numerous vulnerabilities and attacks have been identified and exploited, resulting in significant financial losses. In response, researchers have developed various tools and techniques to identify and prevent vulnerabilities in smart contracts. In this survey, we present a systematic overview of the quality assurance of smart contracts, covering vulnerabilities, attacks, defenses, and tool support. By classifying vulnerabilities based on known attacks, we can identify patterns and common weaknesses that need to be addressed. Moreover, in order to effectively protect smart contracts, we have created a labeled dataset to evaluate various vulnerability detection tools and compare their effectiveness.