Vulnerabilities of smart contracts and mitigation schemes: A Comprehensive Survey

Ethereum smart contracts are highly powerful; they are immutable and retain massive amounts of tokens. However, smart contracts keep attracting attackers to benefit from smart contract flaws and Ethereum's unexpected behaviour. Thus, methodologies and tools have been proposed to help implementing secure smart contracts and to evaluate the security of smart contracts already deployed. Most related surveys focus on tools without discussing the logic behind them; in addition, they assess the tools based on papers rather than testing the tools and collecting community feedback. Other surveys lack guidelines on how to use tools specific to smart contract functionalities. This paper presents a literature review combined with an experimental report, that aims to assist developers in developing secure smarts, with a novel emphasis on the challenges and vulnerabilities introduced by NFT fractionalization by addressing the unique risks of dividing NFT ownership into tradeable units called fractions. It provides a list of frequent vulnerabilities and corresponding mitigation solutions. In addition, it evaluates the community's most widely used tools by executing and testing them on sample smart contracts. Finally, a complete guidance on how to secure smart contracts is presented.