Attack-Centric by Design: A Program-Structure Taxonomy of Smart Contract Vulnerabilities
By: Parsa Hedayatnia , Tina Tavakkoli , Hadi Amini and more
Potential Business Impact:
Finds hidden bugs in smart contracts.
Smart contracts concentrate high value assets and complex logic in small, immutable programs, where even minor bugs can cause major losses. Existing taxonomies and tools remain fragmented, organized around symptoms such as reentrancy rather than structural causes. This paper introduces an attack-centric, program-structure taxonomy that unifies Solidity vulnerabilities into eight root-cause families covering control flow, external calls, state integrity, arithmetic safety, environmental dependencies, access control, input validation, and cross-domain protocol assumptions. Each family is illustrated through concise Solidity examples, exploit mechanics, and mitigations, and linked to the detection signals observable by static, dynamic, and learning-based tools. We further cross-map legacy datasets (SmartBugs, SolidiFI) to this taxonomy to reveal label drift and coverage gaps. The taxonomy provides a consistent vocabulary and practical checklist that enable more interpretable detection, reproducible audits, and structured security education for both researchers and practitioners.
Similar Papers
Security Vulnerabilities in Ethereum Smart Contracts: A Systematic Analysis
Cryptography and Security
Protects online money from hackers.
SoK: Root Cause of \$1 Billion Loss in Smart Contract Real-World Attacks via a Systematic Literature Review of Vulnerabilities
Cryptography and Security
Finds hidden reasons why crypto money is stolen.
Towards a Systematic Taxonomy of Attacks against Space Infrastructures
Cryptography and Security
Maps out all the ways space stuff can be attacked.