Smart Contract Vulnerabilities, Tools, and Benchmarks: an Updated Systematic Literature Review

TL;DR

This systematic review analyzes Ethereum smart contract vulnerabilities, detection tools, and benchmarks, providing a comprehensive taxonomy, tool list, and evaluation benchmarks to advance security research in blockchain applications.

Contribution

It offers the first detailed taxonomy of vulnerabilities, maps detection tools to vulnerabilities, and compiles benchmarks, enhancing understanding of smart contract security landscape.

Findings

Hierarchical taxonomy of 192 vulnerabilities

List of 219 detection tools with functionalities

Collection of 133 benchmarks for evaluation

Abstract

Smart contracts are self-executing programs on blockchain platforms like Ethereum, which have revolutionized decentralized finance by enabling trustless transactions and the operation of decentralized applications. Despite their potential, the security of smart contracts remains a critical concern due to their immutability and transparency, which expose them to malicious actors. Numerous solutions for vulnerability detection have been proposed, but it is still unclear which one is the most effective. This paper presents a systematic literature review that explores vulnerabilities in Ethereum smart contracts, focusing on automated detection tools and benchmark evaluation. We reviewed 3,380 studies from five digital libraries and five major software engineering conferences, applying a structured selection process that resulted in 222 high-quality studies. The key results include a hierarchical taxonomy of 192 vulnerabilities grouped into 13 categories, a comprehensive list of 219 detection tools with corresponding functionalities, methods, and code transformation techniques, a mapping between our taxonomy and the list of tools, and a collection of 133 benchmarks used for tool evaluation. We conclude with a discussion about the insights into the current state of Ethereum smart contract security and directions for future research.