National Key R&D Program of China (2017YFB1401300, 2017YFB1401304); Natural Science Foundation of Zhejiang Province, China (LQ19F020001); National Natural Science Foundation of China (61902348); Key R&D Program of Zhejiang Province (2021C01104)
Smart contract, one of the most successful applications of blockchain, provides the foundation for realizing various real-world applications of blockchain, playing an essential role in the blockchain ecosystem. However, frequent smart contract security events not only caused huge economic losses but also destroyed the blockchain-based credit system. The security and reliability of smart contract thus gain wide attention from researchers worldwide. In this paper, we first introduce the common types and typical cases of smart contract vulnerabilities from three levels, i.e., Solidity code layer, EVM execution layer, and blockchain system layer. Then, we review the research progress of smart contract vulnerability detection and classify existing efforts into five categories, namely formal verification, symbolic execution, fuzzing testing, intermediate representation, and deep learning. We compare the detectable vulnerability types, accuracy, and time consumption of existing vulnerability detection methods in detail as well as their limitations and improvements. Finally, based on the summary of existing researches, we discuss the challenges in the field of smart contract vulnerability detection and combine with the deep learning technology to look forward to future research directions.