区块链智能合约安全：生命周期视角下的威胁和缓解策略

IF 28 1区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

ACM Computing Surveys Pub Date : 2025-09-19 DOI:10.1145/3769013

Detian Liu, Jianbiao Zhang, Yifan Wang, Hong Shen, Zhaoqian Zhang, Tao Ye

{"title":"区块链智能合约安全：生命周期视角下的威胁和缓解策略","authors":"Detian Liu, Jianbiao Zhang, Yifan Wang, Hong Shen, Zhaoqian Zhang, Tao Ye","doi":"10.1145/3769013","DOIUrl":null,"url":null,"abstract":"Smart contracts, as self-executing agreements on blockchain platforms, promise to eliminate intermediaries and enhance transaction efficiency. However, their susceptibility to security vulnerabilities not only poses risks of substantial financial losses but also erodes trustworthiness in blockchain ecosystems, driving extensive research into enhancing both their security and trustworthiness. We provide a comprehensive review of the current state of smart contract assurance, covering the primary security threats and mitigation strategies throughout the contract lifecycle—from development to deployment, execution, and maintenance. It evaluates both established and advanced vulnerability detection techniques while exploring underexamined areas, including automated repair, secure execution environments, and defenses against malicious attacks. We further propose a framework to ensure the holistic security and trustworthiness of smart contracts, and discuss future directions for research and development, emphasizing the need to address both technical and regulatory challenges to promote widespread adoption.","PeriodicalId":50926,"journal":{"name":"ACM Computing Surveys","volume":"88 1","pages":""},"PeriodicalIF":28.0000,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Blockchain Smart Contract Security: Threats and Mitigation Strategies in a Lifecycle Perspective\",\"authors\":\"Detian Liu, Jianbiao Zhang, Yifan Wang, Hong Shen, Zhaoqian Zhang, Tao Ye\",\"doi\":\"10.1145/3769013\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Smart contracts, as self-executing agreements on blockchain platforms, promise to eliminate intermediaries and enhance transaction efficiency. However, their susceptibility to security vulnerabilities not only poses risks of substantial financial losses but also erodes trustworthiness in blockchain ecosystems, driving extensive research into enhancing both their security and trustworthiness. We provide a comprehensive review of the current state of smart contract assurance, covering the primary security threats and mitigation strategies throughout the contract lifecycle—from development to deployment, execution, and maintenance. It evaluates both established and advanced vulnerability detection techniques while exploring underexamined areas, including automated repair, secure execution environments, and defenses against malicious attacks. We further propose a framework to ensure the holistic security and trustworthiness of smart contracts, and discuss future directions for research and development, emphasizing the need to address both technical and regulatory challenges to promote widespread adoption.\",\"PeriodicalId\":50926,\"journal\":{\"name\":\"ACM Computing Surveys\",\"volume\":\"88 1\",\"pages\":\"\"},\"PeriodicalIF\":28.0000,\"publicationDate\":\"2025-09-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Computing Surveys\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1145/3769013\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Computing Surveys","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3769013","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

摘要

智能合约作为区块链平台上自动执行的协议，承诺消除中介，提高交易效率。然而，它们对安全漏洞的易感性不仅会带来重大财务损失的风险，还会侵蚀区块链生态系统的可信度，从而推动了对增强其安全性和可信度的广泛研究。我们对智能合约保障的当前状态进行了全面审查，涵盖了整个合约生命周期（从开发到部署、执行和维护）的主要安全威胁和缓解策略。它评估了已建立的和先进的漏洞检测技术，同时探索了未被检查的领域，包括自动修复、安全执行环境和针对恶意攻击的防御。我们进一步提出了一个框架，以确保智能合约的整体安全性和可信度，并讨论了未来的研究和开发方向，强调需要解决技术和监管方面的挑战，以促进广泛采用。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Blockchain Smart Contract Security: Threats and Mitigation Strategies in a Lifecycle Perspective

Smart contracts, as self-executing agreements on blockchain platforms, promise to eliminate intermediaries and enhance transaction efficiency. However, their susceptibility to security vulnerabilities not only poses risks of substantial financial losses but also erodes trustworthiness in blockchain ecosystems, driving extensive research into enhancing both their security and trustworthiness. We provide a comprehensive review of the current state of smart contract assurance, covering the primary security threats and mitigation strategies throughout the contract lifecycle—from development to deployment, execution, and maintenance. It evaluates both established and advanced vulnerability detection techniques while exploring underexamined areas, including automated repair, secure execution environments, and defenses against malicious attacks. We further propose a framework to ensure the holistic security and trustworthiness of smart contracts, and discuss future directions for research and development, emphasizing the need to address both technical and regulatory challenges to promote widespread adoption.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

ACM Computing Surveys 工程技术-计算机：理论方法

CiteScore

33.20

自引率

0.60%

发文量

372

审稿时长

12 months

期刊介绍： ACM Computing Surveys is an academic journal that focuses on publishing surveys and tutorials on various areas of computing research and practice. The journal aims to provide comprehensive and easily understandable articles that guide readers through the literature and help them understand topics outside their specialties. In terms of impact, CSUR has a high reputation with a 2022 Impact Factor of 16.6. It is ranked 3rd out of 111 journals in the field of Computer Science Theory & Methods. ACM Computing Surveys is indexed and abstracted in various services, including AI2 Semantic Scholar, Baidu, Clarivate/ISI: JCR, CNKI, DeepDyve, DTU, EBSCO: EDS/HOST, and IET Inspec, among others.