Security Evaluation of Smart Contracts based on Code and Transaction - A Survey

As a computer program running on top of blockchain, smart contract not only proliferates the diversity of applications but also brings a myriad of security issues that lead to huge financial losses. As a result, security evaluation of smart contracts, such as vulnerability identification and attack detection, has received extensive attention in recent years. Given that various types of approaches have been proposed for smart contract security analysis, a systematization of knowledge for this domain is needed. To this end, in this paper, we systematically review the related literature in recent years and describe the mainstream approaches to the security evaluation of smart contracts. Specifically, we classify state-of-the-art analysis techniques for smart contract analysis into two categories, namely, code-based approaches and transaction-based approaches. Further, we elaborate on the key techniques adopted by these works respectively. We highlight and summarize the key challenges in future research for smart contract security analysis. Our research provides a more in-depth understanding of the state-of-the-art works for securing smart contracts, which may shed light on future research in this area.