Attack-Centric by Design: A Program-Structure Taxonomy of Smart Contract Vulnerabilities

TL;DR

This paper presents a unified, attack-centric taxonomy of smart contract vulnerabilities based on program structure, aiding detection, auditing, and education by categorizing root causes and linking them to observable signals.

Contribution

It introduces a comprehensive, structured taxonomy of Solidity vulnerabilities rooted in program structure, unifying fragmented categories and linking them to detection tools and datasets.

Findings

Revealed coverage gaps in existing datasets like SmartBugs and SolidiFI.

Provided a practical checklist for vulnerability detection and mitigation.

Linked vulnerabilities to observable signals across static, dynamic, and learning-based tools.

Abstract

Smart contracts concentrate high value assets and complex logic in small, immutable programs, where even minor bugs can cause major losses. Existing taxonomies and tools remain fragmented, organized around symptoms such as reentrancy rather than structural causes. This paper introduces an attack-centric, program-structure taxonomy that unifies Solidity vulnerabilities into eight root-cause families covering control flow, external calls, state integrity, arithmetic safety, environmental dependencies, access control, input validation, and cross-domain protocol assumptions. Each family is illustrated through concise Solidity examples, exploit mechanics, and mitigations, and linked to the detection signals observable by static, dynamic, and learning-based tools. We further cross-map legacy datasets (SmartBugs, SolidiFI) to this taxonomy to reveal label drift and coverage gaps. The taxonomy provides a consistent vocabulary and practical checklist that enable more interpretable detection, reproducible audits, and structured security education for both researchers and practitioners.