Abstract:Smart contracts are computer programs running in the contract layer of the blockchain, which can be used to manage cryptocurrencies and data on the blockchain, realize diverse business logic, and expand the application of the blockchain. A large number of assets are stored in smart contracts, which attract attackers to steal the assets and obtain economic benefits via security vulnerabilities. In recent years, with the frequent occurrence of smart contract security incidents (such as TheDAO and Parity security incidents), the security vulnerability detection technique for smart contracts has become a hot research topic. This study proposes a research framework for detecting security vulnerabilities of smart contracts and analyzes the research progress of existing vulnerability detection techniques from three aspects: vulnerability discovery and identification, vulnerability analysis and detection, and dataset and evaluation indicators. Firstly, the basic process of collecting security vulnerability information is sorted out, and the security vulnerabilities are classified into 13 types according to their basic characteristics. A classification framework for security vulnerabilities of smart contracts is proposed. Secondly, existing techniques are studied in terms of symbolic execution, fuzzing testing, machine learning, formal verification, and static analysis, and the advantages and limitations of each technique are analyzed. Thirdly, the commonly used datasets and evaluation indicators are summarized. Finally, potential research directions for security vulnerability detection of smart contracts in the future are discussed.