Next Article in Journal
Deploying a Mental Health Chatbot in Higher Education: The Development and Evaluation of Luna, an AI-Based Mental Health Support System
Next Article in Special Issue
RVR Blockchain Consensus: A Verifiable, Weighted-Random, Byzantine-Tolerant Framework for Smart Grid Energy Trading
Previous Article in Journal
Ensemble-Based Biometric Verification: Defending Against Multi-Strategy Deepfake Image Generation
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Computers
Volume 14
Issue 6
10.3390/computers14060226
computers-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Systematic Review

Ethereum Smart Contracts Under Scrutiny: A Survey of Security Verification Tools, Techniques, and Challenges

by
Mounira Kezadri Hamiaz
1 and
Maha Driss
2,*
1
Computer Science and Information Department, Applied College, Taibah University, Madinah 42353, Saudi Arabia
2
Robotics and Internet-of-Things Laboratory, Computer Science Department, College of Computer and Information Sciences, Prince Sultan University, Riyadh 11586, Saudi Arabia
*
Author to whom correspondence should be addressed.
Computers 2025, 14(6), 226; https://doi.org/10.3390/computers14060226
Submission received: 17 April 2025 / Revised: 14 May 2025 / Accepted: 22 May 2025 / Published: 9 June 2025
(This article belongs to the Special Issue Blockchain Technology—a Breakthrough Innovation for Modern Industries (2nd Edition))
Browse Figures
Versions Notes

Abstract

Smart contracts are self-executing programs that facilitate trustless transactions between multiple parties, most commonly deployed on the Ethereum blockchain. They have become integral to decentralized applications in areas such as voting, digital agreements, and financial systems. However, the immutable and transparent nature of smart contracts makes security vulnerabilities especially critical, as deployed contracts cannot be modified. Security flaws have led to substantial financial losses, underscoring the need for robust verification before deployment. This survey presents a comprehensive review of the state of the art in smart contract security verification, with a focus on Ethereum. We analyze a wide range of verification methods, including static and dynamic analysis, formal verification, and machine learning, and evaluate 62 open-source tools across their detection accuracy, efficiency, and usability. In addition, we highlight emerging trends, challenges, and the need for cross-methodological integration and benchmarking. Our findings aim to guide researchers, developers, and security auditors in selecting and advancing effective verification approaches for building secure and reliable smart contracts.

1. Introduction

The advent of blockchain technology [1] has revolutionized digital transactions, offering unprecedented levels of transparency, security, and decentralization. Today, it is widely used in various industries, from finance to healthcare, supply chains, and even digital identity management, changing the way businesses and people connect and operate [2,3,4,5]. At the core of this transformation are smart contracts [6], self-executing programs that facilitate and enforce agreements without intermediaries. Their adoption spans multiple domains, including financial services, supply chain management, voting systems, and digital identity verification, making them an integral component of modern decentralized applications.
The adoption of smart contracts has surged in recent years, driven by Decentralized Finance (DeFi), Non-Fungible Tokens (NFTs), and blockchain-based gaming. Recent deployment statistics reveal an exponential increase in smart contract usage. According to a Flipside Team, more than 1 million Ethereum smart contracts were deployed between January and April 2024 alone, as shown in Figure 1 [7], reflecting a growing dependence on smart contracts for various applications. The total number of contracts deployed from 2019 to April 2024 exceeds 53 million, demonstrating a strong upward trend in adoption [7].
A closer examination of the daily deployment rate, illustrated in Figure 1, highlights periodic spikes, suggesting that specific events, such as major DeFi launches, token sales, or blockchain upgrades, drive these increases. In particular, the highest deployment peaks often correlate with market upswings as developers introduce new projects to capitalize on growing investor interest. The continuous deployment of contracts, even during market downturns, shows the sustainability and long-term effectiveness of smart contract technology. However, this rapid adoption also raises significant security concerns. These contracts are often developed by non-experts or clones of existing templates, which may inadvertently carry over security vulnerabilities from their predecessors. The increasing complexity and volume of deployed contracts make security a critical issue, as even a minor flaw in widely used contract templates can lead to large-scale financial losses.
Although smart contracts offer efficiency and automation, their immutable and transparent nature means that any vulnerability introduced at the beginning of the deployment remains permanently exposed. Exploiting these flaws can result in substantial financial losses and damage to trust in blockchain-based systems. Historical incidents highlight the severity of these risks. In 2016, a vulnerability to re-entry in the Decentralized Autonomous Organization (DAO) smart contract led to the theft of 3.6 million ether (worth more than USD 50 million at the time) [8], forcing Ethereum to undergo a hard fork, which gave birth to Ethereum (ETH) and Ethereum Classic (ETC). Similarly, in 2017, the Parity multisig wallet suffered from an attack due to a vulnerability in its library contract, resulting in the loss of 150,000 Ether (worth more than USD 30 million at the time) [9]. These events underscore the high stakes of smart contract security, demonstrating how a single flaw can have catastrophic consequences.
Beyond smart contract-specific vulnerabilities, Ethereum’s blockchain faces systemic threats such as the 51% attack. This occurs when an entity or group controls 50% of the consensus power of the network, allowing it to manipulate the blockchain by reversing transactions or preventing new confirmations, facilitating double spending and eroding trust in the execution of smart contracts. Although theoretically possible on any blockchain, such attacks are more feasible on smaller networks with lower participation, requiring fewer resources to achieve majority control [10]. Ethereum’s large network size and the transition to Proof of Stake since 2022 reduce this risk, yet the threat remains relevant to ensuring robust smart contract security.
In addition to structural and technical concerns, there is a growing need for compliance-aware smart contract verification in regulated sectors. Verification must address not only security but also alignment with legal frameworks. This is particularly important in domains such as finance and information security. Domain-specific languages (DSLs) such as Obsidian, Flint, Vyper, and DAML embed regulatory constraints directly into the syntax and semantics of smart contracts. These DSLs enforce policies such as transaction limits, audit trails, and GDPR-compliant access controls. As a result, they support adherence to standards such as MiFID II and help reduce vulnerabilities such as re-entrancy [11,12]. In addition, aligning verification outputs with auditing standards such as ISO 27001 [13] (confidentiality, integrity, availability), SOC 2 [14] (processing correctness), and NIST 800-53 [15] (risk management) ensures auditability and legal defensibility. As a result of the mapping of security objectives to auditable evidence, compliance audits and regulatory approvals can be conducted more efficiently [16,17].
Researchers and developers have invested significant effort in improving the security of smart contracts to prevent vulnerabilities before deployment. A range of verification and testing methods, such as static analysis, formal verification, and fuzz testing, have been created to identify and address security vulnerabilities. However, it is important to note that no method is error-free. Formal verification offers mathematical guarantees of accuracy. However, it is complex and requires significant time. Static analysis tools can identify vulnerabilities at an early stage, but they often suffer from false positives or partial analysis. Fuzz testing is useful for identifying runtime vulnerabilities but might overlook deeper logical issues. These limitations require more thorough security strategies that incorporate various verification methods to mitigate their inherent vulnerabilities.
In this study, we conducted a systematic review of the latest smart contract verification methods for Ethereum, with the goal of offering a detailed understanding of the current approaches and their efficiency in addressing related security risks. Unlike previous surveys, which focus mainly on specific techniques or tools, our study offers a comprehensive cross-methodological perspective that identifies strengths, weaknesses, and integration points. This creates a basis for innovation by identifying gaps, establishing interoperability standards, and emphasizing new hybrid approaches. Distinct from prior surveys that either enumerate many tools without focusing on open repositories or concentrate solely on academic perspectives, the present survey compiles and critically assesses a curated list of 62 open-source smart-contract verification tools. Using an umbrella review methodology, we systematically synthesize the findings of a diverse set of previous reviews, reconciling their varying methodologies and theoretical approaches, while ensuring full transparency through predefined inclusion/exclusion criteria and a PRISMA-style study selection flow. Our contributions can be outlined as follows:
  • Classification and Analysis of Smart Contract Verification Methods: We systematically classify verification methods into static analysis, dynamic analysis, formal verification, and hybrid approaches, offering a comprehensive review of their capabilities, benefits, and limitations. The objective of our study is to evaluate and compare these methods in terms of their accuracy, scalability, and practical applications to learn more about their advantages and disadvantages when it comes to detecting vulnerabilities.
  • Evaluation of Existing Smart Contract Verification Tools: We perform a comparative analysis of widely used verification tools such as Mythril, Slither, Oyente, Securify, and others, examining their detection accuracy, precision, efficiency, false positive rates, and usability. This analysis emphasizes the strengths and weaknesses of the existing tools and offers recommendations for the use of appropriate verification methods tailored to specific security requirements.
  • Identification of Security Challenges in Smart Contracts: We detail the most prevalent and evolving vulnerabilities in Ethereum smart contracts, such as re-entrancy attacks, integer overflows/underflows, front-running, and logical errors. We illustrate the shortcomings of current verification methods and point out opportunities for improvement by presenting an examination of real-world exploit case studies.
  • Discussion on the Integration of AI and Machine Learning in Smart Contract Verification: The growing intricacy of smart contracts presents scalability and adaptability issues for conventional verification methods. In this survey, we investigate how cutting-edge AI-driven techniques can improve vulnerability detection, minimize false positives, and improve security assessment automation.
  • Future Research Directions and Open Challenges: Our survey proposes critical research challenges that must be addressed to improve the resilience and scalability of verification methods. This involves enhancing automation in formal verification, minimizing computational overhead, incorporating cross-chain security protocols, and creating adaptive verification frameworks that can evolve with the dynamic nature of Ethereum ecosystems.
Our study bridges the knowledge gap between smart contract security research and real-world applications by combining recent advances and identifying critical gaps. The insights presented in this survey are designed to help developers, researchers, and blockchain stakeholders enhance the security, reliability, and resilience of Ethereum smart contracts against emerging threats.
The next section provides background information on blockchain technology and smart contracts. Following this, Section 3 outlines the systematic review process, detailing the methodology used to identify and evaluate relevant research studies. Section 4 presents the selected surveys, highlighting significant contributions and insights within the literature. Section 5 discusses the methods used for smart contract verification drawn from reviewed surveys and research articles. This paper then moves to Section 6, which examines the available and openly accessible tools for automatic verification.
Potential threats to the validity of this review are addressed in Section 7, followed by a discussion of the study’s limitations in Section 8. Finally, Section 9 concludes the paper by summarizing key findings and proposing directions for future research.

2. Background

This section provides both a historical and a technical context for the evolution of blockchain technology and its application in smart contracts. The discussion is organized into four subsections: (A) a Historical Overview of Blockchain Technology, (B) Blockchain Architecture and the Role of Smart Contracts, (C) Ethereum and the Emergence of Smart Contracts, and (D) Challenges in Smart Contract Verification.

2.1. Blockchain Technology and Ethereum Smart Contracts

Blockchain technology was first introduced with the publication of Bitcoin’s whitepaper by Satoshi Nakamoto in 2008 [18]. This foundational work outlined a decentralized ledger system in which transactions are publicly recorded and secured using cryptographic methods. The innovative consensus protocol, Proof of Work (PoW), ensured that all participants agreed on a single, immutable transaction history, paving the way for secure digital exchanges.
Blockchain systems operate on a distributed computing model, where every transaction is recorded on a shared ledger. Transactions are bundled into blocks that are time-stamped and cryptographically linked, with each block containing the hash of its predecessor. This structure makes the blockchain highly resistant to tampering [18] and eliminates the need for centralized authorities. Smart contracts leverage this decentralized architecture by automating and enforcing contractual agreements through self-contained code, typically written in a language such as Solidity.
Building upon Bitcoin’s innovations, Ethereum was introduced by Vitalik Buterin in 2014 [19] to extend the functionality of the blockchain. By supporting a Turing-complete programming language, Ethereum enables the creation and deployment of complex smart contracts. This capability has expanded blockchain applications to include decentralized finance (DeFi), digital collectibles, and more, while simultaneously presenting new challenges in ensuring the security and correctness of contract execution.

2.2. Challenges in Smart Contract Verification

The rapid growth and increasing complexity of smart contracts have increased the need for rigorous verification and validation techniques. Despite their benefits, smart contracts are prone to vulnerabilities and logical errors that can cause severe financial losses and compromise the system’s integrity [20,21].
In Ethereum, when a smart contract invokes another, the execution flow halts until the callee completes its process. This mechanism can introduce vulnerabilities, particularly if the callee exploits the caller’s intermediate state. Such vulnerabilities may not be immediately evident during contract development, especially if potential malicious behaviors of the callee are not anticipated.
An illustrative example of this vulnerability is the re-entrancy attack that was exploited in The DAO hack. In this scenario, as presented in [22] (see Listing 1), line 11 initiates a transfer of the withdrawer’s current balance, as specified by the internal variable userBalances, to the address requesting the withdrawal. However, this transfer occurs before userBalances is reset to zero, leaving the contract’s persistent storage of user balances unmodified at that moment. Consequently, the recipient contract can exploit this by invoking the withdrawBalance function repeatedly, utilizing its fallback function, until the contract’s Ether reserves are depleted or the available gas is exhausted.
Listing 1. An example Solidity Contract. The contract implements a simple bank account that contains a re-entrancy bug [22].
Computers 14 00226 i001
Given the immutable nature of blockchain deployments, any errors introduced during development cannot be easily corrected post-deployment. Consequently, researchers and practitioners are motivated to develop comprehensive testing frameworks that can effectively identify and mitigate risks.

2.3. Other Blockchain Platforms and Smart Contracts

While Ethereum serves as the predominant standard for smart contract deployment due to its broad adoption and support for Turing-complete execution, alternative platforms present markedly different architectures and security models. Two illustrative examples are Hyperledger Fabric and Cardano.

2.3.1. Hyperledger Fabric

Hyperledger Fabric is an open-source, permissioned blockchain framework hosted by the Linux Foundation and specifically engineered for enterprise applications [23]. Its core innovation is a modular architecture that cleanly separates transaction execution, ordering, and validation. Fabric smart contracts, known as chaincode, are implemented in general-purpose languages such as Go, JavaScript (Node.js), or Java rather than in a specialized domain-specific language. Privacy and scalability are achieved through channel-based partitioning, whereby subsets of network participants maintain distinct ledgers, and through a pluggable consensus mechanism (e.g., Raft or Kafka). However, these features introduce unique verification challenges: developers must ensure that chaincode logic remains semantically consistent across channels and rigorously validate the trust assumptions underpinning interorganizational workflows [23].

2.3.2. Cardano

Cardano is a proof-of-stake blockchain platform founded on peer-reviewed research and formal methods. Its consensus protocol, Ouroboros, provides provable security guarantees comparable to those of proof-of-work systems [24]. The platform employs a layered ledger architecture, separating the settlement layer (which handles ADA transfers) from the computation layer (which executes smart contracts). Contracts are authored in Plutus, a Haskell-based language: on-chain logic is specified in Plutus Core while off-chain code remains in Haskell and is compiled via the Plutus Tx toolchain. This unified codebase facilitates formal verification of both protocol and contract logic, enabling developers to prove functional correctness and optimize resource consumption within a stake-driven environment [25].
These platforms underscore the diversity of smart contract ecosystems, each exhibiting distinct threat models and verification requirements, from channel-specific consistency in permissioned networks to formal proof obligations in layered stake-based architectures.

3. Systematic Review Methodology

For the systematic literature review (SLR), we follow a rigorous protocol to ensure comprehensive and reproducible results, as recommended by Kitchenham et al. [26]. Systematic reviews are a powerful way to make sense of a large body of research. Following a clear and structured process, the methodology proposed by Kitchenham et al. [26] ensures that all relevant studies on a specific topic are considered, reducing the risk of bias or missed information. By aggregating evidence from multiple studies, this methodology allows one to enhance the reliability of conclusions and enables meta-analysis, which increases statistical power. In addition, it helps identify research gaps, guide future studies, and ensure that new research is appropriately positioned within the existing body of knowledge. The next section outlines the initial search process, along with the first steps to select and classify the results.

3.1. Research Questions

The first phase involves defining the research questions. Among the various aspects of smart contracts, our systematic review of the literature focuses on studies related to vulnerabilities and their automated detection. We evaluated the selected publications with respect to the following questions:
  • RQ1: What are the most significant reviews in the literature that consider the use of formal methods for detecting vulnerabilities in Ethereum smart contracts?
  • RQ2: What methods are used to detect vulnerabilities in Ethereum smart contracts?
  • RQ3: What tools are available for vulnerability detection in Ethereum smart contracts?
  • RQ4: What are the current trends in this area?
  • RQ5: What aspects require further attention or research?
The subsequent phase consists of three key steps: selecting databases, formulating search terms and query strings, and identifying and applying a search algorithm.

3.2. Search and Queries

The selection of the most appropriate sources for the retrieval of articles is of paramount importance due to its direct impact on the overall scientific rigor of the study. The primary criterion used ensures the alignment of the databases’ subject areas with the study’s core topic, thus ensuring relevance. Comprehensive citation tracking spans a diverse array of materials, including academic conference papers and journal articles. Consequently, most of the articles cited in this study were drawn from five databases: IEEE Xplore (https://ieeexplore.ieee.org/Xplore/home.jsp, accessed on 17 April 2025), ScienceDirect (https://www.sciencedirect.com/, accessed on 17 April 2025), Springer Link (https://link.springer.com/, accessed on 17 April 2025), ACM Digital Library (https://dl.acm.org/, accessed on 17 April 2025), and Google Scholar (https://scholar.google.com/, accessed on 17 April 2025).
These five sources collectively index the vast majority of high-impact venues for blockchain security, formal verification, and software engineering research, while Google Scholar’s broad crawl helps mitigate omissions from more specialized libraries.
We focused on peer-reviewed and formally published works; non-peer-reviewed sources were excluded to maintain consistent quality standards, although we recognize that they may contain emerging practices. “Formal verification” and “smart contracts” were considered the search keywords for the topic of the research. The search query chosen was a combination of Boolean operators and keywords: (“smart contracts” OR “smart contract”) AND “formal verification” AND “survey” were chosen as the final keywords. In addition, the operators AND/OR were used to form the search queries. The search was conducted several times and was last updated in early December 2024. The search was performed multiple times and was most recently updated in early December 2024. It encompassed selected databases, including keywords, titles, abstracts, and full-text content published between 2019 and October 2024. Figure 2 illustrates our selection process, reducing an initial pool of 1685 articles to 34 highly relevant studies through rigorous filtering. The timeframe (2019–2024) was chosen to capture the latest advances in smart contract verification techniques. Since blockchain technology and smart contract development have evolved significantly in recent years, research from this period reflects contemporary challenges, emerging methodologies, and state-of-the-art solutions. In addition, many formal verification approaches have gained prominence only in the last five years, making this period particularly relevant for a comprehensive and up-to-date survey.

3.3. Paper Selection

The initial automated search yielded a total of 1685 documents. Given the large number of articles retrieved, it is essential to employ a systematic approach to ensure that only relevant and high-quality studies are included in the review. Therefore, in the second step, a careful evaluation of these articles is conducted to select the most suitable ones for in-depth analysis.
The first stage involved the removal of duplicate and redundant articles, thereby minimizing repetition and ensuring that each study contributed unique insights. Following this, the relevance of the remaining articles was evaluated by carefully examining their keywords, titles, and abstracts. This step enabled a quick evaluation to determine whether the articles aligned with the research objectives.
To filter the studies effectively, a set of inclusion and exclusion criteria was applied:
  • Published in English between 2019 and 2024.
  • Related to Ethereum smart contracts.
  • Related to smart contract vulnerability verification methods and/or tools.
  • Review papers, or containing a significant section surveying related work.
These criteria served as guidelines for determining the relevance of each article to the research questions. This systematic approach was essential for addressing the research objectives effectively.
Following this rigorous approach, the review process ensured that the final selection of articles accurately addressed the research questions while excluding irrelevant and low-quality sources.

3.4. Data Extraction

In the final stage, a comprehensive reading of the selected research papers was carried out. This detailed examination helped identify the most insightful and valuable studies that met both the inclusion and the exclusion criteria. We selected systematic literature reviews and surveys that are discussed in Section 4. We also selected from these articles the methods used for verification presented in Section 5 and the primary studies about the tools for verification presented in Section 6 and ensured that they are discussed in the previously selected review articles.

4. Selected Surveys and Systematic Literature Reviews

This section addresses the first research question (RQ1): What are the most significant reviews in the literature that consider the use of formal methods to detect vulnerabilities in Ethereum smart contracts? To answer this question, we synthesize insights from 34 review articles as detailed in Table 1. These articles were identified through a comprehensive examination of the existing literature on the topic. In the following subsection, we provide an overview of each of the selected works.

4.1. Presentation of Related Surveys

Liu and Liu [27] present a comprehensive review of blockchain smart contract security verification, analyzing 53 relevant articles. These articles are categorized into two main areas: security assurance (20 papers) and correctness verification (33 papers). Secondly, the authors introduce a taxonomy for the topic, dividing security assurance into three subgroups: environmental security, vulnerability scanning, and performance impacts. Correctness verification is further divided into programming correctness and formal verification. They discuss the advantages and disadvantages of each category.
Praitheeshan et al. [28] review approximately 125 research papers from top-tier journals, transactions, and conferences. Their analysis identifies 16 security vulnerabilities in Ethereum smart contracts and examines various software tools used for vulnerability detection, employing methods such as static analysis, dynamic analysis, and formal verification.
Rouhani and Deters [29] provide a systematic review of the history of smart contracts, including support platforms, programming languages, security, performance, and decentralized applications. Following a structured methodology, they selected 90 relevant papers from various online databases. Their findings highlight the need for improved security and performance in smart contracts to support practical decentralized applications. The study also classifies different security approaches for vulnerability detection and evaluates the tools used for implementation.
Murray and Anisi [30] offer a detailed overview of formal verification for smart contracts, covering verification tools and methodologies such as theorem proving, model checking, and symbolic execution. The paper describes theorem proving as a flexible technique that uses axioms, inference rules, and proofs to validate the properties of the system.
Di Angelo and Salzer [31] present a systematic literature review on verification methods for Ethereum smart contracts, including formal verification, model checking, symbolic execution, constraint solving, and abstract interpretation. Their study compiles a comprehensive list of smart contract analysis tools by reviewing major conference publications, searching online sources, and exploring relevant GitHub projects. They analyze 27 verification tools, comparing them according to availability, maturity level, methods used, and effectiveness in detecting security issues.
Tolmach et al. [32] conducted a comprehensive survey on formal specification and verification of smart contracts, reviewing 202 relevant articles. Their study examines various verification techniques, including model checking, theorem proving, program verification, symbolic and concolic execution, runtime verification, and testing.
Hu et al. [33] follow the Kitchenham methodology to investigate smart contract design paradigms, tools, and execution schemes. Their research incorporates data from the first 20 pages of search results, supplemented by manual relevance checks. The study explores several verification methods, including modular reasoning, symbolic execution, fuzzing, taint analysis, CEGIS-style verification, and deductive proofs.
Imeri et al. [34] focus on formal verification in smart contract modeling, addressing key aspects such as model-checking techniques, verification processes, and correctness assurance. They reviewed seven tools designed to improve the reliability of smart contracts.
Wang et al. [35] systematically examine the research on Ethereum smart contract protection published between 2015 and 2019. Their study highlights various attack vectors, including program model security flaws, program vulnerabilities, and execution environment security considerations.
Almakhour et al. [36] investigate formal verification methods for smart contracts and explore security assurance techniques to identify vulnerabilities. Their survey provides a detailed overview of verification approaches, discussing the methods and tools used along with their respective advantages and limitations.
Munir and Taha [37] conducted an SLR using a broad search query that included synonyms of “smart contracts” and relevant analysis methods. Their study employed a multi-phase filtering process to remove redundant and irrelevant publications, resulting in a final selection of 215 papers. The SLR categorizes formal verification methods for smart contract analysis into two primary approaches: theorem proving and model checking. In addition, the paper provides an overview of studies that utilize these methods and examines the specific properties they address.
Qian et al. [38] present a comprehensive overview of common smart contract vulnerabilities, categorizing them into three levels. Solidity code layer, EVM execution layer, and block dependency layer. Their study reviews advances in vulnerability detection methodologies, classifying existing approaches into five categories: formal verification, symbolic execution, fuzzing detection, intermediate representation, and deep learning. The survey also highlights various tools designed for smart contract vulnerability detection.
Kushwaha et al. [39] identify 454 research articles from peer-reviewed scientific databases, applying exclusion and inclusion criteria to refine the selection of 119 relevant studies. Their SLR examines smart contract vulnerabilities, detailing their root causes, sub-causes, detection tools, and prevention mechanisms. In a separate study, Kushwaha et al. [40] conducted a systematic review of the literature published between 2016 and 2021, which included research papers, conference articles, and online resources. This review analyzes 86 smart contract analysis tools and references 145 research papers in the field.
Piantadosi et al. [41] systematically survey 68 articles to identify various verification methods used for smart contract analysis. These methods include static analysis, formal methods, symbolic execution, taint analysis, dynamic analysis techniques such as fuzz testing and test case generation, and machine learning-based approaches.
Rameder et al. [42] conduct a systematic review of the literature to assess the current state of automated vulnerability analysis in Ethereum smart contracts. Their study focuses on vulnerability classifications, detection methods, security analysis tools, and benchmarks to evaluate these tools.
Zhou et al. [43] present a survey that comprehensively explores various verification methods in the context of smart contract security. Their work discusses the application of static analysis for detecting gas-related vulnerabilities, symbolic execution-based tools, and machine learning approaches for vulnerability detection. The survey also covers techniques such as fuzzing, symbolic execution, and transaction execution monitoring within decentralized environments. In addition, the authors reviewed formal verification methods, including model checking and theorem proving, offering a comparative analysis of different tools that utilize these methods.
Ndiaye et al. [44] examine smart contract security from a broader perspective by correlating the levels of vulnerabilities with the corresponding security measures. Their study conducts a vulnerability analysis that highlights the security weaknesses of smart contracts, presenting a taxonomy of vulnerabilities related to platforms, programming languages, and virtual machines. In addition, the authors provide a systematic review of smart contract security levels.
Marijan et al. [45] present a detailed review of the challenges in the testing of blockchain applications. Their work evaluates several tools designed for smart contract vulnerability analysis and testing, outlining the specific issues these tools address. They discuss the motivations behind the tools’ development, the types of analyses performed, and the methodologies employed. In addition, the review identifies the blockchain platforms and datasets utilized by these tools.
Huang et al. [46] review smart contract security from a software lifecycle perspective, highlighting blockchain features that pose security risks and summarizing common vulnerabilities. They explore advancements in security across four development phases: (1) design, (2) implementation, (3) pre-deployment testing, and (4) ongoing monitoring. Pre-deployment testing is further categorized into formal verification, code analysis tools, and security audits.
Sayeed et al. [47] classify blockchain exploitation techniques into four categories: attacks on consensus protocols, smart contract bugs, malware in operating systems, and fraudulent users. They focus on smart contract vulnerabilities, analyzing seven main attack techniques to assess their impact on technology. Their findings reveal that even with the adoption of the 10 most widely used tools to detect vulnerabilities in smart contracts, known vulnerabilities persist, offering a potentially misleading sense of security.
Tang et al. [48] examined 15 security vulnerabilities in smart contracts, identifying vulnerable areas and their underlying causes. They reviewed existing smart contract analysis methods and vulnerability detection tools, categorizing them into three approaches: static analysis, dynamic analysis, and formal verification. Their findings suggest that new attacks often go undetected by existing tools if the vulnerabilities are not predefined. The authors recommend leveraging machine learning techniques, in conjunction with traditional vulnerability analysis, to identify undiscovered vulnerabilities. They also highlight resource intensity and describe many detection tools, emphasizing the need for more efficient detection methods.
Chen et al. [49] classify Ethereum system security into three aspects: vulnerabilities, attacks, and defenses. They provide insights into the root causes of vulnerabilities, the consequences of attacks, and the effectiveness of defenses, highlighting future research directions. The authors categorize smart contract analysis methods into symbolic execution, abstract interpretation, formal verification, fuzzing, and model-based vulnerability detection.
Vacca et al. [50] analyze 96 articles addressing software engineering challenges in blockchain software development, testing, and security. They focus on six specific areas: smart contract testing, code analysis, metrics, security, Dapp performance, and blockchain applications. In addition to systematically reviewing the tools, techniques, and approaches proposed in the literature, the authors identify open challenges in each area that require further research.
Fekih et al. [51] provide a comprehensive review of smart contract verification using model checking. Their analysis categorizes each study based on four key dimensions: the formalism applied, the properties being verified, the system subject to verification, and the blockchain platform to which the work is specifically tailored.
Khan et al. [52] present a survey that thoroughly reviews 41 smart contract tools and examines the vulnerability detection techniques used by these tools, categorizing them into general and specific classes. In addition, they propose a classification framework for detection techniques to standardize existing approaches. This study aims to help smart contract developers and security analysts improve SC security and minimize the risk of malicious financial transactions.
Zhu et al. [53] identify 27 vulnerabilities in smart contracts exploited, offering information on their principles, cases, related research, and prevention strategies, along with 7 additional potential threats. They analyze root causes and propose eight safety guidelines. Reviewing 178 recent papers, they categorize detection methods into formal verification, fuzz testing, machine learning, program analysis, and others, and evaluate corresponding tools. The study provides a comprehensive synthesis of the research landscape, discusses on-chain and off-chain repair methods, and highlights challenges and future research directions in smart contract security.
Deng et al. [54] present a survey on various vulnerabilities in smart contracts and the corresponding detection methods proposed in recent years. In addition, the paper introduces an automated approach for detecting vulnerabilities in smart contracts using static analysis.
Vidal et al. [55] review recent advancements in smart contract vulnerability detection, focusing on applied techniques, targeted vulnerabilities, and the datasets used for evaluation. By mapping vulnerabilities to the DASP and SWC classification schemes, they provide an analysis, identifying trends and gaps in existing approaches.
Wu et al. [56] review common smart contract vulnerabilities and deep learning-based detection tools, classifying them by open-source status, data format, and feature extraction methods. A comparative analysis of representative tools is performed, assessing detection coverage and accuracy against traditional methods.
Olivieri et al. [57] examine the broader scope of blockchain-oriented software (BoS), expanding beyond smart contracts. They also address the challenges of software verification within the blockchain context, including smart contracts, blockchain layers, cross-chain applications, and BoS as a whole.
Elakacs et al. [58] conducted a systematic mapping of 1025 initial studies, narrowing them down to 17 primary studies through a rigorous selection process. These studies are categorized according to testing methods, quality attributes, and functionality.
Garfatta et al. [59] provided an expansive review of the various dimensions explored by researchers in the field of smart contract verification. Their work emphasized studies centered on formal verification, detailing both the diverse methodologies used and the specific vulnerabilities targeted.
Jiao et al. [60] conduct an evaluation of fourteen existing smart contract analysis tools to identify vulnerabilities. They categorize these tools based on the primary techniques employed, offering a structured classification of the methodologies utilized in smart contract security analysis.

4.2. Trend Synthesis

In this subsection, we present a comparative analysis of the reviews discussed above. Table 1 summarizes the key attributes of each review, including the publication year (for surveys) and the period covered (for SLRs, if specified). The table also details the type of publication, the verification methods employed (formal verification, static analysis, dynamic analysis, and machine learning), whether the paper references repositories for open-source tools, and the number of tools examined. Subsequently, we delineate the primary trends identified and highlight the unique contributions of our article in relation to existing surveys.

4.2.1. Emergence of Machine Learning Approaches

An emergent trend is the gradual integration of machine learning and deep learning methodologies as complementary approaches to traditional analysis. Although still in its nascent stages, 11 of the 34 surveys reviewed indicate the potential for data-driven methods to uncover vulnerabilities that may elude rule-based or purely formal analyses. This evolution underscores the shift of the field towards harnessing artificial intelligence to address the growing scale and complexity of smart contract ecosystems, thus enhancing the effectiveness of traditional verification techniques.

4.2.2. Classification of Verification Methods and Evaluation Criteria

The body of literature reveals a heterogeneous landscape characterized by a wide spectrum of verification methods and associated evaluation metrics. Several studies (e.g., [33,49]) classify verification approaches according to their underlying techniques, namely formal methods, static analysis, and dynamic analysis, and evaluate their effectiveness in detecting vulnerabilities. In contrast, other investigations focus on historical trends or provide tool-specific performance comparisons, as illustrated by [29,45]. Furthermore, our review reveals that 28 of the selected surveys predominantly address static analysis techniques, whereas 23 surveys focus on dynamic analysis, thereby underscoring the methodological diversity within this domain.

4.3. Limitations of Existing Surveys

Despite their significant contributions, many of these surveys show various shortcomings that lead to gaps in research:
  • Limited Scope of Classification: Many surveys classify verification methods into broad categories but do not provide an exhaustive and in-depth taxonomy. There is a lack of a precise classification taking into account factors such as scalability, accuracy, and practical use.
  • Absence of Empirical Evaluation: Although several review studies have addressed smart contract verification technologies and tools, they did not include experimental validation or comparative evaluation. This gap raises questions regarding the effectiveness of these technologies in detecting major and evolving vulnerabilities.
  • Overemphasis on Formal Verification: Numerous review studies mainly investigate formal verification methods but overlook hybrid methods that combine static and dynamic analysis to improve security assurance. Since formal verification is costly in terms of computation and demands specialized expertise, a broader viewpoint is necessary to support practical development processes.
  • Lack of AI and Machine Learning Integration: Given the growing significance of AI in cybersecurity, the security of smart contracts could utilize advanced learning models. However, only a limited number of studies have explored AI-based techniques to detect vulnerabilities and perform automated security assessments.
  • Outdated Coverage of Emerging Threats: Blockchain technology is advancing rapidly, leading to the emergence of security attacks such as cross-chain vulnerabilities, gas optimization exploits, and MEV (Miner Extractable Value) attacks. Numerous current surveys fail to include these recent advancements, rendering their results less applicable to today’s security challenges.
In addressing the limitations of earlier works, the present survey provides an updated and holistic analysis of smart contract security on the Ethereum blockchain. It consolidates prevailing trends and taxonomies while critically assessing the shortcomings identified in the existing literature. In particular, the integration of emerging techniques, such as machine learning-based vulnerability detection, with traditional formal methods facilitates the development of a nuanced taxonomy that bridges theoretical foundations with empirical performance. Consequently, by focusing on open-source tools and adopting a rigorous umbrella review methodology, this survey serves as a comprehensive resource for both researchers and practitioners, thus laying a robust foundation for future research and the advancement of practical tool development in smart contract vulnerability analysis.

5. Methods for Smart Contract Verification

In this section, we address the second research question (RQ2): What methods are used to detect vulnerabilities in Ethereum smart contracts?. We review the various methods used to analyze smart contracts prior to deployment, as presented in surveys and systematic reviews of the literature (SLRs) discussed in the previous section. The surveyed papers propose slightly different classifications, primarily due to the fact that the categories and their subcategories are not mutually exclusive. To provide clarity, we categorize these methods into four distinct groups: Static Analysis, Dynamic Analysis, Formal Verification, and Machine Learning Methods.

5.1. Static Analysis

Static code analysis examines code without running it in its typical environment. This process can begin with either the source code or the compiled machine code. The primary goal is often to detect patterns in the code that suggest potential vulnerabilities. Certain tools extend this by generating input data to exploit the identified vulnerabilities and verify if the attack succeeds, thereby reducing the likelihood of false positives.

5.1.1. Abstract Interpretation

Most static vulnerability detection methods are neither sound nor complete, leading to false positives (identifying non-existent vulnerabilities) and false negatives (missing actual vulnerabilities). False positives often arise from difficulties in specifying verifiable necessary conditions for vulnerabilities, while false negatives result from the enormous number of computational paths and the challenge of defining sufficient detection criteria.
Abstract interpretation, introduced by Cousot [61], offers a solution by focusing on sound approximations of formal semantics across all execution traces. It categorizes values, such as integers, into zero, positive, and negative groups, and tracks how these properties propagate through instructions. For example, this method can demonstrate that the divisors remain positive, eliminating the risk of division by zero. The main challenge is to find a property that is both strong enough to confirm the absence of specific vulnerabilities and general enough for thorough analysis. Unlike other methods that merely detect vulnerabilities, abstract interpretation guarantees that a contract is free from specific vulnerabilities. This approach allows for the creation of decidable approximations for properties that might otherwise be undecidable. For example, the application of abstract interpretation in several case studies has effectively detected arithmetic vulnerabilities, including potential integer overflows and division errors, confirming its utility in the early stages of smart contract development [20,22,62].

5.1.2. Control Flow Graphs

For code analysis, using a graph representation of the code, such as an Abstract Syntax Tree (AST) or Intermediate Representation (IR), is advantageous, as it highlights the structure of the program and the control flow while omitting irrelevant details such as variable names. This is straightforward with source code, but more complex when recovering a Control Flow Graph (CFG) from machine code, where indirect jumps complicate analysis. Advanced tools may convert CFGs into DataLog for efficient vulnerability detection or attempt decompilation to revert machine code to human-readable form, though this often produces non-functional code for manual review. A notable case study demonstrated that CFG-based analysis could successfully pinpoint unreachable code segments and abnormal control flows in deployed contracts, thus preventing potential exploitation [63].

5.1.3. Symbolic Execution

Symbolic execution executes a program symbolically and is thus able to explore multiple concrete execution paths at a time [64]. Symbolic execution of Ethereum smart contracts is based on a traversal of a CFG reconstructed from the bytecode of a smart contract. In practice, symbolic execution has been applied in various projects where it has systematically uncovered multiple execution paths that lead to vulnerabilities that static analysis alone had missed [65].

5.1.4. Taint Analysis

Taint analysis tracks the flow of data between the input of a user (source) to the program points it can reach (sinks) [66]. Taint analysis marks values from the input, the environment, or storage with tags (taints). The propagation rules define how the tags are transformed by the instructions. Some vulnerabilities can be identified by inspecting tags arriving at specific code locations. Taint analysis is often used in combination with other methods, such as symbolic execution. For example, several Ethereum projects have integrated taint analysis with symbolic execution to trace critical data flows, thereby identifying vulnerabilities that arise from improper data handling [60].
It is important to note that while static methods provide a thorough, compile-time examination of the code structure and potential vulnerabilities, dynamic analysis complements these methods by observing the smart contract’s behavior during execution. This complementary approach not only validates the findings of static analysis, but also uncovers vulnerabilities that may only emerge in a live or simulated environment.

5.2. Dynamic Analysis

Dynamic analysis analyzes the properties of a program while it is executing. For smart contracts, dynamic analysis is commonly used to simulate attack scenarios to expose exploitable vulnerabilities. This approach has been effectively demonstrated in several case studies in which runtime behaviors, such as re-entrancy, were revealed under simulated blockchain conditions [67]. This section reviews the most commonly adopted types of dynamic analysis performed on smart contracts, including concolic testing and fuzzing.

5.2.1. Concolic Testing

Dynamic symbolic execution, also known as concolic testing [68], is a hybrid method that combines CONCrete and symbOLIC execution. It executes the target program symbolically and in a forward manner and systematically explores its feasible paths by using concrete input to improve code coverage. It is commonly used as a test case generation technique to aid in fuzzing techniques that can prioritize executions of interest. A recent case study that integrated concolic testing with fuzzing frameworks demonstrated enhanced path coverage in smart contract execution, thus identifying vulnerabilities that were not apparent through static analysis alone [69].

5.2.2. Fuzzing

Fuzzing [70] feeds random or systematically generated input to the program at runtime to explore vulnerable parts of the program. It is usually an automated process that is commonly performed to find bugs, performance issues, zero-day attacks, and exploits in the program. A potential limitation is low recall, which can result in the omission of significant vulnerabilities. Feedback-guided fuzzing is employed to maximize test coverage. Another challenge is the absence of standardized benchmark datasets and realistic test environments to evaluate fuzz testing. Simulating a real-world blockchain environment can replicate conditions found in live blockchain networks, including network delays, consensus mechanisms, and transaction ordering. Case studies employing feedback-guided fuzzing have successfully uncovered subtle vulnerabilities in deployed smart contracts, demonstrating its practical effectiveness as a complementary tool to static and concolic testing [71].

5.2.3. Mutation Testing

Mutation testing [72] directly evaluates the ability of a test suite to detect faults. This technique introduces small, systematic changes (mutations) in the source code, such as modifying > to <=, and executes the test suite for each mutation. The quality of the test suite is assessed by the ratio of detected (“killed”) to undetected (“surviving”) mutations. This metric is valuable throughout the software development lifecycle, including setting quality thresholds before releases. Furthermore, surviving mutations highlight untested edge cases and provide insights for improving test coverage and identifying potential security vulnerabilities where program behavior may deviate from developer expectations. Scalability and efficiency are key challenges in mutation testing. Mutants must be assessed for their ability to expose faults to justify the costs. While mutant generation is quick (e.g., a few seconds), execution can be time-consuming. Furthermore, not all surviving mutants improve quality, and manual analysis of these mutants further increases cost. Empirical studies have shown that mutation testing not only enhances test suites by uncovering hidden edge cases but also guides developers in improving test quality. For example, a study analyzing a large dataset of almost 15 million mutants found that developers using mutation testing write more tests and actively improve their test suites, resulting in fewer undetected mutants. Furthermore, the study provided evidence that mutants are in fact coupled with real faults, suggesting that mutation testing can prevent bugs by identifying potential faults early in the development process [73].

5.2.4. Model-Based Testing

Model-based testing [74] employs (semi-)formal models, such as finite-state machines and UML diagrams, to systematically generate and execute test cases, ensuring comprehensive coverage and compliance with system requirements while reducing manual effort. For example, case studies using finite-state machine models have successfully generated exhaustive test cases for smart contracts, verifying their compliance with predefined operational scenarios [75,76]. One of the primary limitations of model-based testing is the significant effort and susceptibility to errors associated with the manual specification of models. To address these challenges, future work could focus on leveraging formal verification techniques to ensure model consistency and developing advanced tool support to facilitate and streamline model construction.

5.2.5. Search-Based Testing

Search-based testing predominantly leverages genetic algorithms to dynamically generate test cases for smart contracts. This approach requires advancements in the refinement of selection and mutation operations, the development of more effective fitness functions, and the addressing of the constraints posed by execution environments to enhance overall performance. These aspects highlight key challenges within the domain of search-based testing for smart contracts, where optimizing mutation mechanisms and accurately assessing fitness remain critical areas for improvement. Notably, recent experimental studies have demonstrated that search-based testing can identify subtle vulnerabilities by evolving test cases that traditional methods might miss, thereby reinforcing its role as a valuable complement to both static and dynamic techniques. For example, a study by Xu et al. [77] introduced an adaptive genetic algorithm for the detection of smart contract vulnerability, which dynamically adjusts the probability of crossover and mutation based on branch coverage and data dependency analysis. This approach achieved higher code coverage and vulnerability detection accuracy compared to other tools. Additionally, Driessen et al. [78] developed AGSolT, an automated test case generation tool that employs genetic algorithms to generate test suites for Solidity smart contracts. Their evaluation of 36 real-world contracts demonstrated that AGSolT effectively achieves high branch coverage and uncovers errors that may be overlooked by traditional testing methods. These studies underscore the efficacy of search-based testing in improving smart contract security by uncovering vulnerabilities that might remain undetected through conventional testing approaches.

5.3. Formal Verification

The testing tools are highly valuable when integrated into the development process; however, they fall short of proving the functional correctness of the code. As Dijkstra aptly noted, program testing can be a very effective way to show the presence of bugs, but it is hopelessly inadequate for showing their absence. The only effective way to significantly increase the confidence level of a program is to provide convincing proof of its correctness [79]. This is precisely the goal of formal verification: to provide a rigorous proof of correctness.
Formal verification seeks to establish the correctness of software based on a precise formal specification. It enables rigorous validation of the software correctness, ensuring the absence of errors against a formal specification. Although it may initially appear to be a safer solution, there is still a potential for specification errors, and formal testing typically requires substantial time and effort.
Formal verification requires a significant investment of time, resources, and an extension of the development timeline for software projects. Such an investment is typically deemed justifiable when human lives or substantial financial commitments are at risk, thus warranting an extended development effort. Considering that smart contracts automate critical business processes, often invoked thousands of times a day, facilitating substantial financial transactions, allocating a portion of the implementation budget to formal testing and ensuring smart contract correctness stands as a pragmatic and responsible decision.
The significance of formal verification becomes apparent when considering the potential consequences of errors in smart contracts, which can result in substantial financial losses. Formal verification provides a reliable assurance mechanism for the security of blockchain-based smart contracts [80].
Emerging trends in the studies surveyed indicate a clear shift towards integrating formal methods with automation in the verification of smart contracts [81,82,83]. In model checking, many works convert smart contract behavior into finite-state models (e.g., transition systems, Markov decision processes [84], and Colored Petri Nets [85]) to automatically verify temporal properties, despite the scalability challenges caused by the state-space explosion. In contrast, theorem-proving approaches, while offering greater rigor and the ability to handle infinite-state systems [86,87], tend to require significant manual intervention and specialized expertise.
Formal verification, while robust for Ethereum Solidity-based contracts, faces challenges when adapted to platforms like Cardano (e.g., Marlowe, Plutus) and Hyperledger Fabric (e.g., chaincode). These platforms differ in programming paradigms (functional for Cardano vs. imperative for Ethereum), state management (UTxO model vs. account-based), and consensus-driven state transitions (e.g., Cardano’s Ouroboros vs. Ethereum’s Proof of Stake). To achieve cross-platform applicability, platform-specific formal methods require extension or unification. A promising approach involves intermediate verification languages, such as IELE or the K Framework’s formal semantics, which enable semantic interoperability across blockchains [59,88]. These frameworks facilitate unified reasoning, enhancing the scalability and universality of formal verification for diverse blockchain ecosystems.

5.3.1. Model Checking

Model checking is a widely recognized technique for the automatic verification of finite-state system models against their specified requirements. In the context of smart contracts, model checkers are employed to validate contract-level models, typically represented as transition systems, against temporal logic specifications. The technique involves examining all potential states that a program can reach, where each state corresponds to a mapping of program variables to their values within the data domain. For example, a program with a single integer variable has a state space determined by the possible values that an integer can take. Model checking streamlines the verification process by evaluating a model, which encapsulates the program’s behaviors, against a predefined set of properties [89,90]. If a property is violated, the model checker provides a counterexample to facilitate debugging. However, model checking faces significant challenges with scalability, as even moderately sized programs can cause an exponential increase in the state space that needs to be explored. In order to better compare the various model-checking tools applied to smart contracts, Table 2 provides a summary of the work that uses model checking, which we will discuss in this section. It also offers a qualitative comparison of model checkers in terms of performance (efficiency and accuracy) and ease of use.
VeriSolid [81,82,91], built on the FSolidM tool, enables users to specify smart contract behavior as a finite-state machine and automatically generate the corresponding Solidity code. It includes plugins to address issues such as re-entrancy and access control patterns. The correctness of the finite-state machine can be verified by defining properties in temporal logic and using the nuXmv model checker [92] for validation.
Several studies have used the NuSMV tool [93] for formal verification in the context of Ethereum applications and smart contracts. Ref. [94] presents a modeling method that utilizes NuSMV to ensure compliance with specifications defined by temporal logic propositions. Their approach organizes the model into three layers: the behavior of the Ethereum blockchain, the smart contracts, and the execution framework, demonstrated through a case study in the energy sector. Similarly, ref. [95] uses NuSMV to verify temporal logic statements as part of a broader method to validate security policy statements. This method involves generating a formal specification that includes both process and policy elements, modeling the network, service configuration, and smart contracts. The spatial logic statements in their approach are verified using the Ambient Calculus model checker.
Studies have highlighted the use of the PRISM model checker [96] for the formal verification of smart contracts. EthVer [97,98] is a static analysis tool that automates this process by translating smart contracts into Markov decision processes, which are then verified using PRISM. Furthermore, ref. [84] presents VeriPrivData, a privacy preservation framework that uses stochastic model checking with PRISM to prevent unauthorized disclosure of privacy data, demonstrating its effectiveness in improving data protection within contracts.
VeriSol (Verifier for Solidity) [99,100] is a Microsoft Research project aimed at prototyping a formal verification system for smart contracts written in Solidity. It translates Solidity programs into the Boogie intermediate verification language, using and extending the Boogie verification toolchain. VeriSol uses the CORRAL bounded model check tool [101] to generate witnesses for assertion violations and uses verification condition generators to automate correctness proofs.
Several studies have used the SPIN model checker [102] for the formal verification of smart contracts. Ref. [103] presents a formal description of a smart contract template and uses SPIN to verify its correctness and essential properties. Similarly, ref. [104] employs SPIN to ensure that Ethereum smart contracts are executed in accordance with the intentions of the parties involved, thus promoting reliable client interactions. Additionally, ref. [105] formalizes the syntax and semantics of Solidity and proposes a method to translate Solidity programs into PROMELA models, which can then be verified with SPIN to evaluate program properties.
Several approaches leverage Colored Petri Nets (CPNs) for the formal verification of smart contracts. In [85], a multilevel smart contract modeling solution is introduced to enhance contract security analysis. The method improves the program logic rules for bytecode and applies Hoare conditions to build a CPN model. This model reveals potential execution paths and vulnerabilities, verified by CPN tools, demonstrating its effectiveness. Similarly, ref. [106] uses hierarchical CPN modeling, incorporating attacker models and ASK-CTL-based model checking to simulate and validate smart contract functionality, uncovering latent vulnerabilities. Finally, ref. [107] focuses on smart contracts with a time limit, using Timed Colored Petri Nets (TCPNs) and ASK-CTL with Meta language to ensure the security and reliability of voting systems through simulation and formal analysis.
Abdellatif et al. [108] introduce a method to model smart contracts and blockchain execution protocols, incorporating user behavior through a formal model-checking language. By implementing this model, they analyze design vulnerabilities in smart contracts using a statistical model-checking tool based on expected behaviors. Their approach is demonstrated with a practical example that involves a smart contract to register names. The authors utilize the Behavior Interaction Priorities (BIPs) framework [109] due to its robust component-based modeling capabilities and its statistical model-checking engine for system verification. Maksimov et al. [110] proposed a similar use case to the previous work.
Nam and Kil [111] propose an approach to analyze blockchain smart contracts using ATL model checking. Their methodology models interactions between users and smart contracts as a two-player game, verifying desired properties with MCMAS [112], an ATL model checker for multi-agent systems. Through three case studies, they demonstrate the effectiveness of this approach in detecting subtle flaws in real-world smart contracts.
Van der Meyden [113] demonstrates the use of the MCK model checker [114] to verify atomic swap smart contracts, both in the on-chain and cross-chain contexts, through several examples.
Qu et al. [115] apply formal verification methods using the Communicating Sequential Processes (CSPs) theory to model concurrent programs. They employ the FDR (Failure Divergence Refinement) model checker [116] to detect concurrency vulnerabilities in an Ethereum smart contract. The findings highlight the effectiveness of the CSP and the FDR tool in identifying vulnerabilities, particularly in the context of concurrency.
Table 2. Comparative summary of model-checking tools for smart contracts.
Table 2. Comparative summary of model-checking tools for smart contracts.
Model CheckerReferencesPerformanceEase of Use
nuXmv [92][81,82]Efficient for small models; state explosion for large onesModerate; requires manual abstraction
NuSMV [93][94,95]Similar to nuXmv; scalability issues persistModerate; manual modeling needed
PRISM [96][84,98]High for probabilistic modelsModerate; stochastic abstraction is complex
CORRAL [101][100]Efficient for bounded checks; limited scopeModerate; steep configuration
SPIN [102][103,104,105]High accuracy; performance varies with complexityModerate; requires PROMELA translation
CPN/TCPN Tools[85,106,107]Very high accuracy; efficiency drops with complexityHigh; intuitive graphical tools
BIP Framework [109][108,109]ModerateModerate; custom configuration often needed
MCMAS [112][111]Efficient for multi-agent modelsModerate; game-theoretic setup required
MCK [114][113]Good for atomic swapsModerate; tailored for specific cases
FDR [116][115]High accuracy in concurrent verificationLow; steep learning curve

5.3.2. Theorem Proving

Deductive verification techniques utilize logical calculi to formally specify a program’s intended behavior, employing theorem provers to ensure compliance with these specifications. This approach encodes both the system and its desired properties into a precise mathematical logic, allowing the theorem prover to derive formal proofs based on the axioms and inference rules of the chosen formal system. Unlike model checking, which is limited to finite-state systems, theorem proving can verify infinite-state systems. However, theorem proving is resource-intensive due to the manual effort required to define correct specifications, encode properties, and interact with the prover, often necessitating specialized expertise and significant computational power to handle complex or large-scale systems. Despite this cost, it is particularly well-suited for high-stakes applications such as smart contracts, where ensuring the security of funds is critical. Table 3 summarizes the proof assistants used for the verification of smart contracts, with details provided in the following paragraphs.
Amani et al. [86,88] focused on verifying Ethereum smart contract bytecode using Isabelle/HOL https://isabelle.in.tum.de/, accessed on 17 April 2025. by specifying and verifying contract properties through pre/postconditions that describe EVM states using higher-order logic. However, this method offers limited automation and requires user interaction for complex properties.
Annenkov et al. [87] proposed a framework for smart contract verification in Coq https://coq.inria.fr/, accessed on 17 April 2025. and later discussed the extraction and verification of contracts within Coq [117].
Yang et al. [118] introduced the Formal Symbolic Process Virtual Machine (FSPVM-E), designed to verify the security and reliability of Ethereum-based services at the source code level. Built using Coq, FSPVM-E combines symbolic execution with higher-order logic theorem proving using the execution verification isomorphism. The system includes a formal memory framework, the Lolisa programming language (a subset of Solidity), the formally verified Lolisa interpreter (FEther) [119], and other certified tools. FSPVM-E supports the ERC20 standard, automatically executes smart contracts, detects vulnerabilities, and verifies security using Hoare logic in Coq.
Nehaï and Bobot [83] demonstrate that Why3 can serve as a language for writing correct and formally verified smart contracts. The authors first encode existing contracts into a Why3 program and then formulate specifications to be proven, such as the absence of runtime errors and compliance with functional properties. Next, they verify the program’s behavior using the Why3 system. Finally, they compile the Why3-verified contracts to run on the Ethereum Virtual Machine (EVM).
Zhu et al. [120] introduce a method to address the safety and security requirements of smart contracts by translating Solidity contracts into Event-B models, allowing verification of properties. A restricted subset of Solidity is defined, along with a transfer function for converting contracts to Event-B. This approach leverages Event-B’s refinement capabilities to verify contract properties across varying abstraction levels. The Rodin platform is utilized to validate the proof obligations of the generated Event-B models.
Table 3. Concise comparative summary of theorem provers for smart contract verification.
Table 3. Concise comparative summary of theorem provers for smart contract verification.
ProverReferencesAdvantagesLimitations
Isabelle/HOL[86,88]Precise higher-order logic formalization; supports code extractionLimited automation; high manual effort; steep learning curve
Coq[87,117,118]Supports symbolic execution and certified code extractionLimited automation; high manual effort; steep learning curve
Why3[83]Integrated deductive verification environmentMay require rewriting; less mature in smart contracts
Event-B[120]Enables stepwise refinement for verificationRestricted to a Solidity subset; translation overhead
While theorem proving provides a strong formal framework for Solidity contract verification, its limitations in terms of scalability, complexity, and subset restrictions due to the higher cost of formalization could hinder its broader applicability.

5.3.3. Formal Semantic

Formal semantics provides a precise mathematical framework to define programming language behavior, ensuring correctness and security. In smart contracts, this is crucial to preventing vulnerabilities and verifying contract behavior.
Jiao et al. [121] proposed a generalized formal semantic framework built on a universal semantic model for smart contracts. This framework allows for the direct handling of contracts written in various high-level languages, such as Solidity, Vyper, and Bamboo, without the need to translate them into EVM bytecode or intermediate representations. It achieves this by constructing executable formal semantics for each language using a general semantic model based on rewriting logic. A prototype implementation of Solidity’s formal semantics, KSolidity, is available on GitHub (https://github.com/kframework/solidity-semantics, accessed on 17 April 2025).

5.3.4. Refinement-Type Systems

Refinement-type systems enhance traditional types by adding logical predicates that impose constraints on values, allowing for more precise behavior specifications. For instance, a refinement type can ensure that an integer is always positive, enabling early detection of issues like arithmetic overflows or invariant violations, though some complex properties may still require runtime checks.
SolType [122] applies refinement types in Solidity to prevent arithmetic overflows and underflows, allowing developers to enforce safe arithmetic operations. It also supports expressing complex relationships between integer values and data structure properties. Solid’s implementation includes a type inference engine that automatically generates annotations like contracts invariants.

5.4. Machine Learning

Machine learning (ML) is a branch of artificial intelligence that enables systems to learn patterns from data and make decisions or predictions without being explicitly programmed. Using statistical techniques, ML algorithms can process large datasets, identify trends, and improve performance over time. In software development, ML has proven to be valuable for tasks such as code analysis, bug detection, and automated testing. When applied to smart contracts, ML can analyze complex codebases, detect vulnerabilities, and improve security by learning from large amounts of blockchain data.
Recently, several studies have explored the application of machine learning to smart contract analysis. These methods have shown promise in identifying security vulnerabilities and improving contract reliability. Jiang et al. [123], highlighting various techniques and models designed to detect vulnerabilities, present a comprehensive survey on the use of machine learning to improve smart contract security.
The tools available for the verification of smart contracts based on machine learning are presented in Section 6.4.

5.5. Discussion

A critical examination of the methods used to detect vulnerabilities in Ethereum smart contracts reveals that each category, namely static analysis, dynamic analysis, formal verification, and machine learning, offers distinct strengths and inherent limitations. In the following, we provide a detailed comparative discussion.

5.5.1. Static Analysis

Static methods (e.g., abstract interpretation, control flow analysis, symbolic execution, and taint analysis) analyze the code without executing it, allowing early detection of potential vulnerabilities. Their primary advantage is the ability to inspect the complete codebase at compile time, which is particularly useful for integrating security checks early in the development process [20,22,62]. However, static analysis typically relies on approximations of the program behavior. This reliance can lead to a high rate of false positives (flagging non-existent issues) as well as false negatives (missing subtle vulnerabilities), especially in the presence of complex inter-contract interactions and dynamic behaviors.

5.5.2. Dynamic Analysis

Dynamic analysis methods (including concolic testing, fuzzing, mutation testing, model-based testing, and search-based testing) examine smart contracts during execution. These approaches are effective in uncovering vulnerabilities that only manifest under specific runtime conditions (such as re-entrancy or transaction-ordering issues) [69,71]. Their main strength is the ability to simulate real-world operational conditions; however, they are generally constrained by limited code coverage, high computational costs, and the difficulty of accurately emulating the blockchain environment (e.g., network delays and consensus protocols).

5.5.3. Formal Verification

Formal methods, encompassing model checking and theorem proving, offer rigorous mathematical proofs of the correctness of a smart contract in relation to a formal specification. Model checking converts contract behavior into finite-state models to verify temporal properties, while theorem proving (using tools such as Coq, Isabelle/HOL, and Why3) can handle more complex or even infinite-state systems [79,81,83]. The primary advantage lies in the high level of assurance that it offers, which is essential for applications involving substantial financial transactions. However, the scalability of formal verification is often hampered by the explosion of state space in model checking and the significant manual effort required for theorem proving [124,125,126]. This makes the approach resource-intensive and generally less automatable compared to static and dynamic analyses.

5.5.4. Machine Learning

ML approaches take advantage of large datasets of smart contracts to learn patterns indicative of vulnerabilities. These techniques can adapt to emerging threat patterns and reduce the reliance on manually crafted rules [123]. However, ML models are often perceived as “black boxes” and typically do not offer formal guarantees. Their performance is highly dependent on the quality and quantity of training data, and issues related to interpretability and robustness remain major challenges in applying ML to high-stakes applications like smart contract security.

5.5.5. Integrative Approaches

The literature indicates that no single method is sufficient to address all security concerns. A hybrid strategy that integrates static analysis for early and broad vulnerability detection, dynamic analysis for runtime validation, and formal verification for rigorous correctness proofs is likely to offer the best overall assurance. In addition, ML techniques can enhance these methods by flagging emerging vulnerability patterns. Such integrative approaches aim to combine the scalability and automation of static and dynamic methods with the rigorous security guarantees of formal methods while mitigating their individual limitations.

5.5.6. Summary

In summary, the trade-offs between these techniques center on automation, coverage, rigor, and scalability. Static and dynamic analyses are efficient and can be largely automated, but they typically lack the formal guarantees provided by formal verification. Formal methods offer the strongest assurance at the expense of significant manual effort and computational resources, while ML approaches promise adaptability but currently lack transparency and provable correctness. Future research should focus on improving the precision and scalability of static and dynamic methods, automating formal verification processes, and developing integrative frameworks that combine these diverse approaches for comprehensive smart contract security.
Table 4 shows a concise comparative summary of the four main categories of vulnerability detection methods for Ethereum smart contracts. The table outlines the advantages and limitations of each approach: Static Analysis, Dynamic Analysis, Formal Verification, and Machine Learning Methods, highlighting key aspects that can affect their applicability and effectiveness in smart contract security analysis.
Building on these insights, the next section examines automatic tools for verifying smart contracts. These tools are categorized according to the verification methods they implement: Static Analysis Tools, Dynamic Analysis Tools, and Hybrid Tools that combine elements of both static and dynamic analysis.

6. Automatic Tools for Verifying Smart Contracts

In this section, we present tools for the automatic analysis of smart contracts that are publicly available under open-source licenses.
This section aims to address Research Question 3 (RQ3): What tools are available for vulnerability detection in Ethereum smart contracts?
Tools specifically designed for formal verification were discussed in the previous section.

6.1. Static Analysis Tools

Table 5 presents an overview of freely available tools that use static analysis to verify Ethereum smart contracts, specifically accepting Solidity code as input. Meanwhile, Table 6 lists tools that take Bytecode as input. Both tables include information on the implementation language and the repository link for each tool. Additional details are provided in the following paragraphs.
Remix-IDE [127] is a web-based Solidity IDE that detects security issues during compilation, such as implicit visibility, unchecked return values, and deprecated constructs. Its static analysis is lightweight, with limited control flow analysis.
SmartCheck [128] detects vulnerabilities in Solidity contracts by converting the source code into an XML syntax tree. Then, it uses XQuery path expressions to search for specific syntactic patterns that indicate potential issues.
Pakala [129] is an open-source static analysis tool that performs symbolic execution on Ethereum Virtual Machine bytecode, using Z3 as an abstraction layer with an added SHA3 layer. It detects vulnerabilities in two steps: it executes the bytecode to determine the results, followed by analyzing these results to identify potential vulnerabilities.
Echidna [130,131] is a Haskell program designed for fuzzing and property-based testing of Ethereum smart contracts. It automatically generates tests to identify assertion and custom property violations without requiring a complex setup or local blockchain deployment. Echidna offers feedback, captures a range of property violations, and uses default settings informed by experimental data.
GasGauge [132] is a static analysis tool that uses fuzz testing to detect vulnerabilities in Ethereum smart contracts, especially focusing on out-of-gas denial-of-service issues. The tool consists of three phases: Detection, Identification, and Correction. Each phase can operate independently or in conjunction to analyze smart contracts.
MuSC [133] is a mutation testing tool for Ethereum smart contracts (ESCs) that generates multiple mutants. It automates processes such as creating test networks, deploying contracts, and executing tests. With mutation operators designed for Solidity, MuSC identifies defects in smart contracts.
SIF [134] supports not only analysis but also query instrumentation and code generation at the abstract syntax tree (AST) level. It uses an AST generated by the Solidity compiler along with user-defined queries to produce instrumented Solidity code, effectively detecting arithmetic overflow and underflow issues.
Slither [135] is a Python 3-based static analysis framework for Solidity and Vyper. It features a suite of vulnerability detectors, visualizes contract structures, and provides an API for custom analyses.
Solc-Verify [136] enables automated specification and modular verification of Solidity smart contracts as an extension to the open-source Solidity compiler. It assesses Ethereum blockchain contracts, integrates with developer tools, and identifies vulnerabilities such as re-entrance and integer overflow/underflow.
Solhint [137] uses an ANTLR4-based Solidity parser for efficient parsing and validation. The SolGuard plugin [138] extends Solhint to tackle three critical issues related to external calls in Solidity contracts, checking the order of state variables, the use of delegate call invocations, address-type parameters in constructors, and denial-of-service patterns.
SolidityCheck [139] employs regular expressions to define problematic statement characteristics and uses regular matching along with program instrumentation to detect or prevent issues.
Vertigo [140] is a prototype mutation testing framework designed for Solidity contracts on the Ethereum blockchain. It incorporates a variety of mutation operators, either sourced from the existing literature or specifically tailored for Solidity.
ETHBMC [141] is an automated analysis framework for smart contracts based on a symbolic executor that provides a precise model of the Ethereum network. It captures inter-contract relations, cryptographic hash functions, and memcopy-style operations.
Solgraph [142] generates call flow graphs for Solidity contracts, helping with analysis. It visualizes functions as nodes and function calls as directed edges, with node colors indicating properties such as “payable” or “contains send to external address”.
ETHRACER [143] is an automated tool that analyzes Ethereum bytecode without user input, generating concise event traces for human verification. It effectively detects subtle EO bugs, particularly in high-value ERC-20 contracts, identifying vulnerabilities that are often missed by other tools.
Conkas [144] is a modular static analysis tool for the Ethereum Virtual Machine (EVM) based on symbolic execution. It is capable of analyzing Ethereum Smart Contracts written in Solidity or the compiled runtime bytecode. Being a modular tool means that anyone can easily add custom modules to analyze specific vulnerabilities.
DefectChecker [145] is a symbolic execution-based tool designed to detect eight contract defects that can lead to unwanted behaviors in Ethereum smart contracts. It analyzes the bytecode of smart contracts to identify these defects.
E-EVM [146] visually simulates the Ethereum Virtual Machine (EVM). It starts from disassembled bytecode, executes the code symbolically, constructs a CFG, and displays this graph alongside stack information.
EtherTrust [147] translates bytecode into Horn clauses that over-approximate its behavior. Using the SMT solver Z3, the tool verifies properties such as independence from the transaction environment and single entrance. Although it does not detect vulnerabilities directly, it provides guarantees that the code is free from specific issues.
EthIR [148] converts the bytecode into an intermediate language compatible with general-purpose static analyzers. This modified version of Oyente disassembles bytecode and constructs a CFG, transforming basic blocks from a stack-oriented to a register-oriented view. The control flow is represented as guarded rules, which can then be analyzed using SACO, a static analyzer developed by the same group, to derive upper bounds for loops, among other deductions.
HoneyBadger [149] systematically analyzes honeypot smart contracts through symbolic execution and a heuristic that evaluates their pervasiveness, actions, and influence on the Ethereum blockchain. It includes three analysis pipelines: symbolic analysis, cash flow analysis, and honeypot analysis, all of which use the Z3 SMT solver to check the satisfiability of constraints.
MadMax [150] is a static analysis tool designed to detect gas-related vulnerabilities in smart contracts. It combines a contract decompiler with semantic queries in Datalog, modeling key program concepts such as “dynamic data storage” and “safely resumable loops”.
Mythril [151] is a Python command-line tool for interactive analysis of smart contracts. It symbolically executes EVM bytecode and visualizes the CFG, with nodes containing disassembled code and edges labeled with path formulas. The SMT solver Z3 is used to prune the search space and compute concrete values to exploit potential vulnerabilities. Detailed information on the vulnerabilities checked is available in the online documentation.
Octopus [152] is a vulnerability detection model for WebAssembly (WASM) and blockchain smart contracts. It functions as a disassembler, translating bytecode into assembly representation, and can generate both control flow and call flow graphs. Using symbolic execution, Octopus identifies new paths within the program to uncover potential vulnerabilities.
Osiris [153] extends Oyente to detect integer bugs in Solidity smart contracts, operating at the bytecode level and constructing a CFG. During symbolic execution, it queries the SMT solver Z3 to identify feasible paths. In addition, the tool employs taint analysis to track data propagation throughout the control flow, helping to differentiate between benign and malicious overflows.
Oyente [22] is a foundational tool in smart contract analysis, often serving as a reference for various projects. It symbolically executes EVM bytecode to identify execution traces affected by transaction order, block timestamps, uncaught exceptions, and potential re-entrancy issues. The SMT solver Z3 is used to prune unreachable areas of the search space. Oyente requires the Solidity compiler to obtain bytecode and the Go-Ethereum disassembler to display opcodes symbolically.
Porosity [154] disassembles the EVM bytecode, generates a CFG, and decompiles the bytecode into more readable pseudo source code. It flags SSTORE instructions following a CALL as potential re-entrancy vulnerabilities. However, the project is no longer maintained, and the JEB Decompiler for smart contracts [155] is suggested as an alternative.
RA [156] employs a combinational approach of symbolic execution and a constraint solver to analyze re-entrancy vulnerabilities. It facilitates both the symbolic simulation and subsequent verification of these vulnerabilities, while also supporting inter-contract behavior analysis. The architecture consists of three components: CFManager, which manages the symbolic simulation; VM, which assists the verifier; and the Verifier, which executes the vulnerability verification process.
Securify [62] takes the EVM bytecode and security properties as inputs, decompiling the bytecode into an assignment-based form represented as DataLog facts. It derives additional facts that describe the control and data flow in an abstract way. Security properties comprise compliance and violation patterns, encoded as DataLog rules and verified against facts using Souffle.
TeEther [157] is a tool for automatically creating and verifying exploits for smart contracts provided as bytecode, focusing on vulnerabilities that result in payouts to arbitrary addresses. After reconstructing the CFG, it generates critical paths and uses the SMT solver Z3 to prune the search space and compute multi-transactional exploits. To minimize false positives, exploits are tested on a private blockchain.
Vandal [158] disassembles and decompiles the EVM bytecode into a register-oriented intermediate representation while constructing a CFG. The CFG is displayed as an interactive HTML page, allowing users to click on nodes to view the corresponding code. The intermediate representation can be interpreted abstractly by translating it into Horn clauses, which are then processed alongside vulnerability specifications using a DataLog reasoner.
Conkas accepts as input both Solidity and Bytecode.

6.2. Dynamic Analysis Tools

Table 7 provides an overview of freely available tools that employ dynamic analysis to verify smart contracts on Ethereum. The table includes the language of implementation of each tool, the repository link, and the accepted input types. Further details about these tools are discussed in the following paragraphs.
ContractLarva [159] performs runtime verification of Solidity-based smart contracts. Users specify contract properties using dynamic event automata, and the tool generates a modified contract that checks runtime behavior against the specification and takes corrective action when violations occur.
ModCon [74] is a model-based tester and gray-box fuzzer aimed at detecting vulnerabilities in smart contracts. Specifically, it focuses on identifying assertion violations (SWC 110) and memory access errors (SWC 124).
Solitor [160], a Solidity runtime monitor, translates contract annotations into Solidity code that checks invariants and method pre- and postconditions during execution. It extends the Solidity grammar, resembling the Java Modeling Language (JML).
Vultron [161], also known as ContraMaster, builds an oracle to detect abnormal transactions, enabling downstream techniques such as testing, fuzzing, and symbolic execution.
ContractFuzzer [162] is the first dynamic fuzzing tool for detecting Ethereum smart contract vulnerabilities. It generates fuzzing inputs based on ABI specifications and detects vulnerabilities by analyzing execution logs.
sFuzz [163] is an Ethereum smart contract fuzzer that deploys contracts on an automatically configured blockchain and generates transactions to identify vulnerabilities using oracles and feedback from the execution of transactions.
SODA [164] is an extensible online detection framework for EVM-compatible blockchains. It separates information collection and attack detection, enabling users to develop applications for real-time attack detection.
EASYFLOW [165] is an EVM-level overflow detector that uses taint analysis to classify smart contracts and automatically generate transactions to trigger potential overflows.
ECFChecker utilizes the Effectively Callback Free (ECF) objects concept [166], which facilitates modular reasoning by allowing callbacks while ensuring adherence to ECF principles. Its prototype monitor detects and reports non-ECF contract executions within the Ethereum network.
Table 7. Dynamic analysis tools.
Table 7. Dynamic analysis tools.
ToolLanguageRepositoryInput
ContractLarvaHaskell[167]Solidity
ModConJavascript[168]Solidity
SolitorJava[169]Solidity
Vultron(ContraMaster)Javascript[161,170]Solidity
ContractFuzzerGo[171]Bytecode
sFuzzC++[172]Bytecode
SODAGo[173]Bytecode
EASYFLOWGo[174]Bytecode or Solidity
ECFCheckerGo[175]Solidity

6.3. Tools for Both Static and Dynamic Analysis

Table 8 summarizes the freely available tools that utilize both static and dynamic analysis for the verification of smart contracts on Ethereum. Each tool is listed alongside its implementation language, the repository link, and the type of input it accepts. Details about each tool are given in the following paragraphs.
SolAnalyser [176] performs an automated analysis of Ethereum smart contracts, minimizing false positives. It operates in three phases: (1) instrumentation using the Solidity Instrumentation Framework (SIF), (2) input generation, and (3) execution and analysis in the Ethereum Virtual Machine. The framework includes MuContract, which evaluates SolAnalyser by generating faulty contract versions with seeded vulnerabilities.
Manticore [177] employs symbolic execution to discover different computational paths in the EVM and ELF binaries. Using the Z3 SMT solver, it identifies the inputs that trigger these paths and records the execution traces. Manticore compiles Solidity code to bytecode, checks for vulnerabilities like re-entrancy and reachable self-destruct operations, and reports them in the context of the source code.
MAIAN [21] extends Oyente by analyzing multi-transaction attacks. It symbolically executes EVM bytecode to identify execution traces that enable a contract to self-destruct, drain Ether from arbitrary addresses, or accept Ether without allowing payouts. The Z3 SMT solver is used to prune unreachable paths and compute exploitative transactions. To reduce false positives, MAIAN performs dynamic analysis by deploying contracts on a private blockchain and testing them with the generated transactions.
SmartBugs 2.0 [178] is an extensible platform that provides a unified interface for tools that analyze blockchain programs for vulnerabilities and other properties. It supports 20 tools and offers three analysis modes for Solidity source code, deployment bytecode, and runtime code. Its modular design allows for easy integration of new tools via Docker images and minimal configuration. A small Python script standardizes the output format for accessibility.
Table 8. Tools using both static and dynamic analysis.
Table 8. Tools using both static and dynamic analysis.
ToolLanguageRepositoryInput
SolAnalyserGO[179]Solidity
ManticorePython[180]Bytecode and Solidity
MAIANPython[181]Bytecode
SMARTBUGSPython[182]Bytecode and Solidity
We did not include tools that are not publicly available or are unfinished. In addition, we did not include tools that do not detect code problems and are only for code metrics, such as PASO [183,184].

6.4. Machine Learning Tools

Table 9 provides a list of tools that use machine learning techniques to verify smart contracts on Ethereum. Further details about each tool are discussed in the following paragraphs.
Gao et al. [185] developed SmartEmbed, a key innovation in applying machine learning to smart contract vulnerability detection. Their tool employs code embedding and similarity detection techniques, identifying vulnerabilities by comparing Solidity code on the Ethereum blockchain to embeddings of known vulnerabilities. This approach improves the accuracy of vulnerability detection by leveraging code similarity analysis.
Camino et al. [186] propose a data science-based detection method focused primarily on contract transaction behavior. Their approach involves partitioning potential fund movement scenarios among the contract creator, the contract itself, the transaction sender, and other participants. They incorporate aggregated transaction features, such as transaction counts, average values, and contract-specific attributes such as compilation information and source code length. The study demonstrates that these features are valuable in identifying honeypots. In addition, their method can uncover previously undetected honeypots of known techniques and effectively identify unknown techniques by sequentially removing them from the training set. They also report discovering two new, previously unknown honeypot techniques.
Zhuang et al. [187] explore the application of graph neural networks (GNNs) to detect vulnerabilities in smart contracts. The authors construct a contract graph that represents both the syntactic and semantic structures of smart contract functions. To emphasize key nodes, they designed an elimination phase to normalize the graph. Subsequently, they introduce a degree-free graph convolutional network (DR-GCN) and a novel temporal message propagation network (TMP) to learn from these normalized graphs, enhancing the effectiveness of vulnerability detection by the GNNSCVulDetector tool [188].
Liu et al. [189] propose AMEVulDetector for detecting vulnerabilities in smart contracts by integrating deep learning with traditional expert patterns. Their approach combines neural networks with automated expert pattern extraction tools, enabling the system to capture detailed insights and offer a transparent understanding of weight distributions.
ReChecker [190] employs a deep learning approach using bidirectional long short-term memory with an attention mechanism (BLSTM-ATT) to accurately detect re-entrancy bugs. It also introduces contract-snippet representations, which help capture essential semantic information and control flow dependencies.
Yu et al. [191] introduce DeeSCVHunter, a versatile deep learning framework for automated detection of vulnerabilities in smart contracts. This framework focuses on two prevalent vulnerabilities: re-entrancy and time dependence.
Eth2Vec, developed by Ashizawa et al. [192], is a machine learning-based static analysis tool that detects vulnerabilities in smart contracts with resilience to code rewrites. It automatically learns features from EVM bytecodes using a neural network, allowing it to compare target bytecodes with those learned for vulnerability detection.
The MANDO project, as detailed by Nguyen et al. [193], aims to identify vulnerabilities in smart contracts at both the contract and line levels with high accuracy. The project’s core engines are built upon advanced heterogeneous deep graph learning techniques.
CGE, developed by Liu et al. [194], integrates expert patterns with features extracted from the graph neural network to detect vulnerabilities in smart contracts. It represents contract codes as graphs, normalizes them to highlight key elements, and uses a temporal message propagation network to capture semantic features, combining them with expert patterns for detection.
ILF, developed by He et al. [195], is an Imitation Learning-based Fuzzer for Ethereum smart contracts. It learns transaction generation policies from symbolic execution using neural networks and outputs code coverage and vulnerability reports.
Su et al. [196] introduced a reinforcement learning-based fuzzer, RLF, to generate transaction sequences that detect sophisticated vulnerabilities in smart contracts. By modeling the fuzzing process as a Markov decision process, they designed a reward function that balances vulnerability detection and code coverage, effectively guiding the fuzzer to uncover vulnerabilities, especially those involving multiple contract functions.
Zhang et al. [197] developed ReVulDL, a deep learning-based tool for detecting and localizing re-entrancy vulnerabilities in smart contracts. It combines detection, using a graph-based pre-training model to identify vulnerabilities, with localization, leveraging interpretable machine learning to pinpoint suspicious code statements once a vulnerability is detected.
Tann et al. [198] propose a sequential learning approach using long short-term memory (LSTM) techniques to identify vulnerabilities in smart contracts. This method enables the detection of new attacks, which contributes to improved contract safety.
SoliAudit (Solidity Audit) [199] combines machine learning and fuzz testing to assess vulnerabilities in smart contracts.Using Solidity bytecode as a feature of machine learning, it detects 13 types of vulnerabilities identified as the main threats. Additionally, SoliAudit implements a gray-box fuzz testing approach featuring a fuzzer contract and a simulated blockchain environment for real-time transaction verification.
SCsVolLyzer [200] is a Python tool to analyze Ethereum smart contracts written in Solidity. It compiles source code to generate the abstract syntax tree (AST), bytecode, and opcodes. The tool measures bytecode entropy for security assessment, opcode frequency for complexity analysis, and key Solidity keyword usage to identify coding patterns.
All the tools presented in this section are mainly written using Python as a programming language.

6.5. Discussion

Despite the emergence of numerous smart contract verification tools, only a small number have gained widespread industry adoption due to their ease of use, computational effectiveness, and smooth integration into development processes. For security audits, tools such as Slither, Mythril, and Echidna are commonly employed due to their effectiveness, automation, and ability to detect common vulnerabilities; however, Remix-IDE remains the favorite for development-phase assessments because of its ease of use. Through the use of controlled settings, dynamic analysis techniques like Manticore and Echidna offer deeper insights by detecting runtime issues that static analysis methods could miss. However, their widespread adoption is limited by the computational requirements and challenges associated with handling complex state transitions.
Furthermore, by using cutting-edge learning models to detect vulnerability patterns, automate bug identification, and reduce false positives, AI-driven verification tools are emerging as an effective means of enhancing smart contract security. More efficiently than conventional static or symbolic execution methods, technologies that incorporate advanced learning models and anomaly detection techniques may analyze large datasets of contracts deployed to detect security vulnerabilities. Despite their enormous potential, AI-driven verification systems are still in the early stages and are struggling with issues related to model interpretability, training data quality, and adaptability in response to evolving contract formats.
Formal verification technologies are still underutilized despite providing mathematical precision and a guarantee of accuracy due to their complexity, high processing requirements, and the requirement for specific formal method knowledge. Formal specification development is time-consuming, and these tools often have scalability issues, making them inappropriate for rapidly evolving blockchain environments such as DeFi and NFT platforms.
Another key challenge in smart contract verification is the lack of standardized evaluation metrics and publicly available benchmarks, which hinders fair comparison across tools. Current tools use inconsistent definitions and datasets to report performance metrics such as precision, recall, false positive/negative rates, memory usage, and scalability. This variability complicates the objective assessment. A unified evaluation framework standardizing these metrics, along with labeled, curated datasets for reproducible evaluation, is urgently needed. Such resources, similar to benchmarks in traditional software security, would enable consistent tool comparison and enhance the development of robust verification methods across blockchain platforms.
In addition to these limitations, the broader challenge of performance and scalability affects the practical adoption of verification tools in large-scale real-world settings. The performance and scalability of verification tools are critical for their adoption in large-scale Ethereum projects, such as DeFi protocols that involve thousands of interdependent contracts. Tools vary significantly in execution efficiency. For instance, Slither can analyze a 1000-line contract in under 10 s on a standard CPU, making it suitable for fast, iterative development. In contrast, Mythril’s symbolic execution offers a deeper analysis but can take more than 60 s for contracts of similar size, depending on complexity and execution paths [201]. In complex systems, symbolic tools may face scalability bottlenecks due to path explosion and resource consumption. Moreover, when interconnected contracts are analyzed, performance degrades unless modular verification and dependency-aware analysis are supported. This highlights a practical trade-off between depth and speed and underscores the necessity of optimizing verification pipelines for real-time or near-real-time feedback in Integration/Continuous Deployment (CI/CD) environments.
Future research should focus on improving the usability and efficiency of verification tools to promote their use in security assurance. This includes developing standardized verification frameworks to encourage broad industry adoption, automating the generation of formal specifications, improving dynamic analysis techniques to reduce overhead, and integrating AI-based vulnerability detection into mainstream security tools. Equally important is the need to address scalability concerns. Future work should investigate the design of comprehensive benchmarking suites that evaluate performance across dimensions such as average analysis time per function, memory consumption, and the ability to efficiently process interdependent smart contracts in batch mode.
Large-scale evaluations highlight significant computational demands and throughput limitations in current smart contract analysis tools. Durieux et al. utilized the SmartBugs framework to assess nine analysis tools in 47,518 Etherscan Solidity contracts, executing 428,337 analyses over approximately 564 CPU days, averaging about 110 s per contract, thus underscoring the intensive resource requirements of exhaustive analysis pipelines [202].
Ghaleb and Pattabiraman introduced SolidiFI, a systematic bug injection benchmark comprising 50 contracts with 9369 injected vulnerabilities. Under a 15 min timeout per contract, they observed that Slither typically completed the analyses in 5–10 s for contracts of up to 500 lines of code, while Mythril often exceeded 120 s and occasionally timed out in more complex modules [203].
These studies reveal two primary trade-offs in performance and scalability. Static analysis tools, such as Slither and SmartCheck, offer near-linear scalability and are well-suited for integration into continuous CI/CD pipelines, facilitating rapid detection of common vulnerabilities. However, they may overlook deeper semantic defects that require comprehensive path exploration. In contrast, dynamic analysis tools employing symbolic execution and fuzzing techniques, including Mythril, Manticore, and Echidna, can uncover a broader spectrum of vulnerabilities, particularly those involving complex control flows and state-dependent behaviors. This enhanced detection capability comes at the cost of significantly increased computational resources and longer analysis times, often encountering path explosion issues leading to substantial memory consumption and extended runtimes.
Addressing these challenges requires the development of hybrid analysis frameworks that combine the scalability of static analysis with the depth of dynamic techniques. Such frameworks should incorporate modular, dependency-aware pipelines, leverage parallelization strategies, and utilize benchmark-driven optimizations to balance thorough vulnerability detection with practical performance considerations.
For developers, auditors, and blockchain security experts, smart contract verification can become more scalable, accurate, and accessible by bridging the gap between formal methods, dynamic testing, AI-driven automation, and developer-friendly security solutions.

7. Threats to Validity in the Elaboration of a Survey on Smart Contract Verification Studies

A systematic review of studies on smart contract verification should be aware of the validity threats that can affect the accuracy, generalizability, and reliability of the findings. These threats span multiple key aspects of the research process: construct validity, internal validity, and external validity. Addressing these concerns is important to ensure that the survey provides a comprehensive, unbiased, and scientifically rigorous analysis of the field.

7.1. Construct Validity: Ensuring a Comprehensive and Accurate Representation

Construct validity guarantees that the essential aspects related to smart contract verification are captured and detailed properly by the survey, accurately reflecting the current research landscape in the discipline. However, there are a number of threats that may undermine such validity. Among those, insufficient coverage of verification techniques could be one important threat, given that new strategies/techniques, including AI-based verification or hybrid methods, could be inadvertently overlooked when selection criteria are not wide enough. In addition, ambiguity in classifying verification techniques, such as static analysis, formal verification, and fuzzing, can result in inconsistencies between studies. Another challenge arises with the different definitions of smart contract vulnerabilities, given that different studies use their own taxonomies to classify security risks such as re-entrancy, integer overflow, and front-running, complicating the establishment of a uniform framework. In addition, some studies may be missed due to a poor search plan or poor source selection. This is due to the fact that the review is limited to a narrow range of digital libraries, journals, or conferences.
In this survey, we have implemented several techniques to enhance the validity of the construct and mitigate associated risks. We used widely accepted taxonomies to classify verification techniques and vulnerabilities. In such a way, the studies will have a common basis. In addition, in this paper, we conducted a systematic review of the literature, which was broad and inclusive in the sources covered. To be as inclusive as possible, publisher-specific inclusion and exclusion were avoided. In addition, for completeness, we used structured search queries across different digital libraries and cross-checked the results of searches, thus minimizing the possibility of omitting relevant research. Lastly, the feedback of the expert reviewers and the consensus on the relevance and classification of the selected studies enhanced the reliability of our findings and reduced the potential for bias.

7.2. Internal Validity: Minimizing Bias and Ensuring Reliable Inferences

Internal validity corresponds to the correctness of the conclusions derived from the studies chosen in the survey, guaranteeing that the findings are based on solid methodological rationale and are devoid of bias or misinterpretation. However, various threats could compromise internal validity, which requires careful management. Selection bias poses a risk to the survey because it may overlook recent but pertinent contributions that have not yet received significant recognition in favor of highly impactful or widely cited studies. In addition, personal bias in the selection and classification of articles can lead to author bias, especially when assessing the relevance of studies or classification verification methods. Another issue stems from inconsistent evaluation metrics since different verification studies employ various criteria, such as accuracy, execution time, and detection coverage, complicating direct comparisons. Additionally, errors in interpreting studies can arise when selection is based only on titles and abstracts, resulting in possible misrepresentations of a study’s actual contributions. Finally, there exists an ongoing threat of neglecting significant studies, as certain pertinent papers may not meet the search criteria due to differences in terminology or keyword selection.
In this study, we have used several mitigation strategies to improve internal validity. To ensure fairness and reliability, we first established precise inclusion and exclusion criteria to guide systematic selection of studies. In addition, several reviewers helped verify the classifications of the studies, thus reducing subjective bias. To improve the consistency of our assessment, we followed commonly accepted metrics in the area, which allowed more trustworthy comparisons between studies. Additionally, rather than relying exclusively on titles and abstracts, we thoroughly examined the introduction and conclusion sections to avoid misinterpretations. Finally, to reduce the chance of overlooking important research, we conducted a manual review of the references of the selected articles, identifying more pertinent studies that could have been overlooked in the automated search. Together, these strategies improve our survey’s reliability and methodological comprehensiveness, ensuring that the conclusions accurately reflect the state of smart contract verification research.

7.3. External Validity: Generalizability and Real-World Applicability

In order to ensure significance across many blockchain platforms and validation techniques, external validity evaluates whether the survey findings may be generalized beyond the studies under review. Since most smart contract verification studies focus on Ethereum and Solidity, potentially ignoring verification techniques for other blockchain environments like Polkadot, Cardano, Solana, Hyperledger, and Tezos, the dominance of Ethereum-related research poses an important barrier to achieving broad applicability. Another threat is the absence of real-world validation; many research studies assess verification techniques in controlled experimental settings but neglect to examine how well they work with real-time smart contracts on platforms like Etherscan or blockchain forensic reports. Furthermore, blockchain technology is developing rapidly, and its security weaknesses, attack points, and validation tools are constantly changing. Consequently, previous studies might not represent current best practices, reducing their practical significance in modern smart contract security research. To improve external validity and guarantee that the survey results are widely relevant, we have implemented various mitigation strategies.
Initially, we broadened the scope of our review to encompass various blockchain ecosystems and smart contract programming languages, including Rust, Move, and Cairo, in addition to Solidity. Furthermore, to ensure that our findings are applicable to real-world applications, we incorporated studies that evaluate verification techniques on real datasets. Our literature review has been regularly updated to incorporate the latest advances in verification techniques, ensuring its accuracy and pertinence. Finally, we have explored longitudinal studies that explore how verification methodologies evolve over time, allowing us to assess their long-term efficiency and adaptability to address novel security issues. Using these strategies, we ensure that our survey remains a comprehensive and forward-looking assessment of the state of smart contract verification research in various blockchain scenarios.

8. Limitations

Although this review is thorough, it is important to recognize several limitations.
  • Ethereum-Centric Focus: This review mainly concentrates on analysis tools and verification techniques for smart contracts specifically designed for the Ethereum blockchain, which, despite being the most extensively studied platform, does not cover the entire smart contract ecosystem. Other blockchain networks that support smart contracts and have specific verification mechanisms that were not included in this study include Binance Smart Chain (BSC), Solana, Polkadot, Hyperledger Fabric, and Avalanche [50]. Future research should broaden the review’s scope to encompass security analysis frameworks and verification tools across various blockchain platforms. Performing cross-chain analysis might reveal platform-specific limitations and effective strategies for more comprehensive security applications.
  • Exclusion of Emerging and Preprint Research: Preprint studies and recently created tools that have not been fully tested in real-world settings are excluded from this review, which primarily concentrates on peer-reviewed publications and well-established technologies. Because blockchain security is developing rapidly, some cutting-edge tools and techniques may not be included in this review. To track and incorporate new advancements as they occur, a systematic living review approach or a continuously updated survey could be used. Additionally, including data from security audit organizations, GitHub repositories, and industry investigations might help maintain a more updated view.
  • Limited Discussion on Scalability and Performance of Analysis Tools: While this review discusses a number of smart contract verification techniques, it does not provide a comprehensive evaluation of their scalability or efficiency in managing large-scale smart contract ecosystems, such as gaming platforms or high-frequency DeFi applications that process thousands of transactions per second. Future studies should evaluate existing technologies in real-time blockchain transactions and large-scale deployments [204]. Comparative analysis of execution time, detection accuracy, and processing speed can help developers select the most efficient tools for specific applications.
  • Absence of Comprehensive Empirical Evaluation: Many of the techniques under consideration have been tested in controlled academic settings, but little is known about how well they operate in real-world decentralized apps (DApps). The industry’s use of these techniques, false positive rates, and practical implementation remain mostly unexplored. The effectiveness of these techniques may be verified by collaborating with blockchain security companies and conducting real-world case studies on deployed smart contracts [201]. Engaging with developers, security auditors, and industry experts can help to further link scholarly research with real-world applications.
  • Challenges in Formal Verification Adoption: Even though formal verification techniques offer a high level of assurance regarding the accuracy of smart contracts, their use is still limited due to their complexity, extensive demand on time, and formal method knowledge requirements. Automation-based formal verification techniques that facilitate the verification process for non-experts should be the focus of future research. Adoption and accessibility may be enhanced by the application of AI-driven theorem proving and user-friendly formal verification systems.
  • Ongoing Evolution of Smart Contract Standards and Attack Vectors: The security landscape of smart contracts is always changing, as new vulnerabilities and attack vectors appear. Techniques and resources that are useful now might become outdated as malicious actors develop more advanced attack methods. To address this issue, it can be helpful to constantly track evolving attack patterns and develop adaptable security systems that use AI to identify vulnerabilities automatically. Security will be further enhanced by establishing collaborations between industry and academia to maintain an up-to-date database of vulnerabilities and best practices.
  • Lack of Comprehensive Evaluation Metrics for Security Tools: Existing smart contract verification tools employ various methodologies and assessment metrics, making it more difficult to compare their effectiveness objectively. Creating standardized assessment metrics for security tools, like detection accuracy, false positive/negative rates, computational efficiency, and scalability, would improve the comparison and choice of tools. A publicly maintained benchmark dataset for verifying smart contracts could enhance reproducibility in research efforts.

9. Conclusions and Future Research Directions

The testing of smart contracts presents significant challenges due to their rapid adoption and substantial financial impact in various industries. This survey synthesizes the current state of research on methods and tools to verify smart contracts on Ethereum. It presents an analysis of Ethereum smart contract verification, covering static analysis, dynamic analysis, formal methods, and machine learning approaches. It provides an overview of the field, highlighting available tools, particularly those with open-source code and repositories. This survey categorizes existing tools and approaches while promoting new avenues, including hybrid AI formal models, modular toolchain integration, and verifiable compliance-aware development pipelines, which are critical components of future smart contract security ecosystems.
A common finding across the reviewed literature is a growing focus on machine learning, reflecting its prominence in current research. However, there is limited work on formal methods, such as theorem proving and formal semantics, indicating a need for further research and automation in these areas. As discussed in this study, the majority of existing analysis methods primarily rely on fuzz testing or mutation testing, frequently in combination with search-based techniques, while model-based testing is less commonly utilized. Concerns have been raised regarding the adaptability of fuzz testing and model-based testing to the evolving nature of blockchain platforms and languages. In addition, performance and scalability issues have been identified in search-based techniques and mutation testing. The integration of various testing approaches is highlighted as a promising direction for future research.
Given the rapid evolution of blockchain technology, new features and functionalities will likely introduce additional security vulnerabilities. This requires the development of advanced methods and tools for detecting emerging vulnerabilities. Several avenues for future research could be suggested:
  • Standardized Evaluation and Benchmark Development: Future work should focus on defining consistent evaluation metrics, such as detection accuracy, false positive/false negative rates, resource consumption, and scalability, to enable reproducible and tool-agnostic comparisons. Furthermore, developing standardized benchmark datasets that include real-world contracts and a diverse range of vulnerabilities will be essential to comprehensively assess the effectiveness of smart contract verification tools and guide their improvement.
  • Graph-Based Approaches: Smart contract security can benefit from advanced graph-based learning techniques, which have been shown to be effective in various domains [205,206]. Future tools should integrate Graph Neural Networks (GNNs) and Large Language Models (LLMs), which leverage vast amounts of textual and code data, to detect complex vulnerabilities by correlating static code structures with runtime anomalies.
  • Explainable AI (XAI) for Smart Contract Verification: Numerous AI-driven security solutions operate as black-box systems, which hinders their trustworthiness and acceptance. Incorporating explainable AI (XAI) methods [207], such as SHAP (Shapley Additive Explanations) and LIME (Local Interpretable Model-Agnostic Explanations) with interactive visualization dashboards, will improve transparency and foster trust among developers and auditors.
  • Comparative Platform Analysis: Future research should conduct a systematic comparative study of major blockchain platforms: Ethereum, Hyperledger Fabric, Cardano, and others, examining their trust models (permissionless versus permissioned architectures), consensus mechanisms (for example, Ethereum’s PoS post Merge versus Hyperledger Fabric’s pluggable PBFT/Raft and Cardano’s Ouroboros PoS), and tool ecosystems (availability of DSL, formal verification frameworks, and auditing toolchains). Such a study would illuminate how platform-specific design choices affect security guarantees, developer ergonomics, and regulatory compliance [208].
  • Cross-Platform Smart Contract Security and Verification Frameworks: Future research must expand beyond Ethereum/Solidity to encompass diverse blockchain environments (Binance Smart Chain, Polkadot, Solana, Cardano, and Hyperledger Fabric), each demanding customized security and verification methods. The following research directions will require interdisciplinary approaches, combining blockchain-specific insights with advances in AI and distributed systems:
    Hyperledger Fabric: Incorporate endorsement policies and apply static analysis plus flow-based integrity checks, complemented by deductive proofs against ledger consistency [23,209].
    Cardano (Marlowe and Plutus): Leverage Marlowe’s DSL designed for financial contracts, which incorporates formal semantics and enables rigorous static analysis through the Marlowe Playground’s SMT-based verification to ensure financial invariants [210,211]. In addition, efforts should explore the formal verification of Plutus smart contracts, address stake-based vulnerabilities, and optimize gas usage in its layered architecture.
    Solana: Use the LLVM-based X-Ray static analyzer and the extensible Radar engine for memory and concurrency safety, with Certora for formal proofs of custom properties [212,213].
    Polkadot (ink!): Build with cargo contract and verify bytecode through the Sirato service, ensuring reproducible audit logs, and adhere to on-chain governance and key management guidelines [214].
    Binance Smart Chain: Adapt Mythril and Slither to cover EVM vulnerabilities with low false positives.
    Cross-Chain: Adopt unified benchmarks and metadata schemas (e.g., Chainlink CCIP) and shared test suites to secure end-to-end multi-chain DApps [215].
  • Domain-Specific Languages for Secure Contracts:
    Emerging DSLs such as Marlowe and Plutus (Cardano) and Scilla (Zilliqa) offer significant promise for enhancing smart contract security. These languages, grounded in functional or formally verified paradigms, provide features such as formal termination guarantees, strong static-type systems, and integrated verification frameworks [216]. By design, they aim to eliminate broad classes of vulnerabilities common in general-purpose languages like Solidity. Although not comprehensive solutions, these DSLs represent viable and increasingly practical approaches to mitigating security risks. Future research should empirically evaluate their security guarantees, expressiveness, and usability compared to their general-purpose counterparts. Furthermore, the development of automated translation tools between DSLs and mainstream languages and the ability to verify formal cross-language verification constitute a valuable direction to advance secure blockchain development.
  • Formal Verification Adaptability in Multi-Chain Environments: As blockchain ecosystems evolve toward interoperability and cross-chain functionality, formal verification approaches must be re-evaluated in light of diverse consensus models, runtime semantics, and language paradigms. Future work should focus on developing cross-platform benchmarks to evaluate existing frameworks (for example, the K framework and the compositional semantics of DAML), optimizing abstraction layers for computational efficiency, and integrating AI-driven techniques to automate specification synthesis. Such efforts will improve formal verification scalability and applicability, ensuring robust security for interoperable decentralized applications in DeFi and beyond.
  • Real-World Empirical Validation: Many existing verification methods are tested in controlled environments rather than in real-world decentralized applications (DApps). Future research should collaborate with the blockchain security organizational industry to evaluate verification tools in smart contracts deployed, measuring their effectiveness under real-world conditions.
These research directions will promote progress in smart contract verification, enhancing security tools to be more scalable, efficient, transparent, and applicable in various blockchain ecosystems.

Author Contributions

Conceptualization, M.K.H.; methodology, M.K.H. and M.D.; software, M.K.H. and M.D.; validation, M.K.H. and M.D.; formal analysis, M.K.H. and M.D.; investigation, M.K.H.; resources, M.K.H.; data curation, M.K.H.; writing—original draft preparation, M.K.H. and M.D.; writing—review and editing, M.K.H. and M.D.; visualization, M.K.H.; supervision, M.D.; project administration, M.D.; funding acquisition, M.D. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Data Availability Statement

No new data were created or analyzed in this study. Data sharing is not applicable to this article.

Acknowledgments

The authors would like to acknowledge the support of Prince Sultan University for paying the article processing charges (APCs) of this publication.

Conflicts of Interest

The authors declare no conflicts of interest.

Correction Statement

This article has been republished with a minor correction to the Data Availability Statement. This change does not affect the scientific content of the article.

References

  1. Bhutta, M.N.M.; Khwaja, A.A.; Nadeem, A.; Ahmad, H.F.; Khan, M.K.; Hanif, M.A.; Song, H.; Alshamari, M.; Cao, Y. A Survey on Blockchain Technology: Evolution, Architecture and Security. IEEE Access 2021, 9, 61048–61073. [Google Scholar] [CrossRef]
  2. Hasan, D.; Driss, M. SUBLμME: Secure blockchain as a service and microservices-based framework for IoT environments. In Proceedings of the 2021 IEEE/ACS 18th International Conference on Computer Systems and Applications (AICCSA), Tangier, Morocco, 30 November–3 December 2021; pp. 1–9. [Google Scholar]
  3. Sadad, A.; Khan, M.A.; Ghaleb, B.; Khan, F.A.; Driss, M.; Boulila, W.; Ahmad, J. Distributed twins in edge computing: Blockchain and IOTA. In Proceedings of the 2023 International Wireless Communications and Mobile Computing (IWCMC), Marrakesh, Morocco, 19–23 June 2023; pp. 327–332. [Google Scholar]
  4. Abbas, S.M.A.; Khan, M.A.; Boulila, W.; Kouba, A.; Khan, M.S.; Ahmad, J. UAVs and Blockchain Synergy: Enabling Secure Reputation-based Federated Learning in Smart Cities. IEEE Access 2024, 12, 154053. [Google Scholar]
  5. Wadhwa, S.; Gupta, D.; Rani, S.; Driss, M.; Boulila, W. Empowering drones in vehicular network through fog computing and blockchain technology. PLoS ONE 2025, 20, e0314420. [Google Scholar] [CrossRef] [PubMed]
  6. Hewa, T.M.; Hu, Y.; Liyanage, M.; Kanhare, S.S.; Ylianttila, M. Survey on blockchain-based smart contracts: Technical aspects and future research. IEEE Access 2021, 9, 87643–87662. [Google Scholar] [CrossRef]
  7. Flipside Crypto. Flipside|The Platform for Intelligent Blockchain Growth. 2024. Available online: https://flipsidecrypto.xyz/ (accessed on 1 May 2024).
  8. Mehar, M.I.; Shier, C.L.; Giambattista, A.; Gong, E.; Fletcher, G.; Sanayhie, R.; Kim, H.M.; Laskowski, M. Understanding a revolutionary and flawed grand experiment in blockchain: The DAO attack. J. Cases Inf. Technol. 2019, 21, 19–32. [Google Scholar] [CrossRef]
  9. Palladino, S. The Parity Wallet Hack Explained. July 2017. Available online: https://blog.openzeppelin.com/on-the-parity-wallet-multisig-hack-405a8c12e8f7 (accessed on 30 May 2025).
  10. Ramos, S.; Pianese, F.; Leach, T.; Oliveras, E. A great disturbance in the crypto: Understanding cryptocurrency returns under attacks. Blockchain Res. Appl. 2021, 2, 100021. [Google Scholar] [CrossRef]
  11. Bernauer, A.; Faro, S.; Hämmerle, R.; Huschenbett, M.; Kiefer, M.; Lochbihler, A.; Mäki, J.; Mazzoli, F.; Meier, S.; Mitchell, N.; et al. Daml: A smart contract language for securely automating real-world multi-party business workflows. arXiv 2023, arXiv:2303.03749. [Google Scholar]
  12. Al-Azzoni, I.; Iqbal, S. Access Control Verification in Smart Contracts Using Colored Petri Nets. Computers 2024, 13, 274. [Google Scholar] [CrossRef]
  13. ISO/IEC 27001:2022; Information Security, Cybersecurity and Privacy Protection—Information Security Management Systems—Requirements. ISO: Geneva, Switzerland, 2022. Available online: https://www.iso.org/standard/27001 (accessed on 30 May 2025).
  14. American Institute of Certified Public Accountants. 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (With Revised Points of Focus—2022). AICPA, 2022. Available online: https://www.aicpa-cima.com/resources/download/2017-trust-services-criteria-with-revised-points-of-focus-2022 (accessed on 30 May 2025).
  15. National Institute of Standards and Technology. Security and Privacy Controls for Information Systems and Organizations. NIST Special Publication 800-53, Revision 5; September 2020. Available online: https://doi.org/10.6028/NIST.SP.800-53r5 (accessed on 30 May 2025).
  16. Rozario, A.M.; Vasarhelyi, M.A. Auditing with Smart Contracts. Int. J. Digit. Account. Res. 2018, 18, 1–27. [Google Scholar] [CrossRef]
  17. Malatji, M. Management of enterprise cyber security: A review of ISO/IEC 27001: 2022. In Proceedings of the 2023 International Conference on Cyber Management and Engineering (CyMaEn), Bangkok, Thailand, 26–27 January 2023; pp. 117–122. [Google Scholar]
  18. Nakamoto, S. Bitcoin: A Peer-to-Peer Electronic Cash System. 2008. Available online: https://assets.pubpub.org/d8wct41f/31611263538139.pdf (accessed on 30 May 2025).
  19. Buterin, V. A Next-Generation Smart Contract and Decentralized Application Platform. White Paper. 2014. Available online: https://blockchainlab.com/pdf/Ethereum_white_paper-a_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf (accessed on 30 May 2025).
  20. Atzei, N.; Bartoletti, M.; Cimoli, T. A survey of attacks on ethereum smart contracts (sok). In Proceedings of the Principles of Security and Trust: 6th International Conference, POST 2017, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2017, Uppsala, Sweden, 22–29 April 2017; Springer: Berlin/Heidelberg, Germany, 2017; pp. 164–186. [Google Scholar]
  21. Nikolić, I.; Kolluri, A.; Sergey, I.; Saxena, P.; Hobor, A. Finding the greedy, prodigal, and suicidal contracts at scale. In Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, PR, USA, 3–7 December 2018; pp. 653–663. [Google Scholar]
  22. Luu, L.; Chu, D.H.; Olickel, H.; Saxena, P.; Hobor, A. Making smart contracts smarter. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, 24–28 October 2016; pp. 254–269. [Google Scholar]
  23. Androulaki, E.; Barger, A.; Bortnikov, V.; Cachin, C.; Christidis, K.; De Caro, A.; Enyeart, D.; Ferris, C.; Laventman, G.; Manevich, Y.; et al. Hyperledger fabric: A distributed operating system for permissioned blockchains. In Proceedings of the Thirteenth EuroSys Conference, Porto, Portugal, 23–26 April 2018; pp. 1–15. [Google Scholar]
  24. Kiayias, A.; Russell, A.; David, B.; Oliynykov, R. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Proceedings of the 37th International Cryptology Conference, Santa Barbara, CA, USA, 20–24 August 2017; Springer: Berlin/Heidelberg, Germany, 2017; pp. 357–388. [Google Scholar]
  25. Cardano Documentation. Plutus Smart Contracts. 2025. Available online: https://docs.cardano.org/developer-resources/smart-contracts/plutus (accessed on 12 May 2025).
  26. Kitchenham, B. Procedures for performing systematic reviews. Keele UK Keele Univ. 2004, 33, 1–26. [Google Scholar]
  27. Liu, J.; Liu, Z. A survey on security verification of blockchain smart contracts. IEEE Access 2019, 7, 77894–77904. [Google Scholar] [CrossRef]
  28. Praitheeshan, P.; Pan, L.; Yu, J.; Liu, J.; Doss, R. Security analysis methods on Ethereum smart contract vulnerabilities: A survey. arXiv 2019, arXiv:1908.08605. [Google Scholar]
  29. Rouhani, S.; Deters, R. Security, performance, and applications of smart contracts: A systematic survey. IEEE Access 2019, 7, 50759–50779. [Google Scholar] [CrossRef]
  30. Murray, Y.; Anisi, D.A. Survey of formal verification methods for smart contracts on blockchain. In Proceedings of the 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Canary Island, Spain, 24–26 June 2019; pp. 1–6. [Google Scholar]
  31. Di Angelo, M.; Salzer, G. A survey of tools for analyzing ethereum smart contracts. In Proceedings of the 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON), Newark, CA, USA, 4–9 April 2019; pp. 69–78. [Google Scholar]
  32. Tolmach, P.; Li, Y.; Lin, S.W.; Liu, Y.; Li, Z. A survey of smart contract formal specification and verification. ACM Comput. Surv. 2021, 54, 1–38. [Google Scholar] [CrossRef]
  33. Hu, B.; Zhang, Z.; Liu, J.; Liu, Y.; Yin, J.; Lu, R.; Lin, X. A Comprehensive Survey on Smart Contract Construction and Execution: Paradigms, Tools and Systems. arXiv 2020, arXiv:2008.13413. [Google Scholar] [CrossRef] [PubMed]
  34. Imeri, A.; Agoulmine, N.; Khadraoui, D. Smart Contract modeling and verification techniques: A survey. In Proceedings of the 8th International Workshop on ADVANCEs in ICT Infrastructures and Services, Cancun, Mexico, 27–29 January 2020; pp. 1–8. [Google Scholar]
  35. Wang, Z.; Jin, H.; Dai, W.; Choo, K.K.R.; Zou, D. Ethereum smart contract security research: Survey and future research opportunities. Front. Comput. Sci. 2020, 15, 152802. [Google Scholar] [CrossRef]
  36. Almakhour, M.; Sliman, L.; Samhat, A.E.; Mellouk, A. Verification of smart contracts: A survey. Pervasive Mob. Comput. 2020, 67, 101227. [Google Scholar] [CrossRef]
  37. Munir, S.; Taha, W. Pre-deployment Analysis of Smart Contracts—A Survey. arXiv 2023, arXiv:2301.06079. [Google Scholar]
  38. Qian, P.; Liu, Z.; He, Q.; Huang, B.; Tian, D.; Wang, X. Smart contract vulnerability detection technique: A survey. arXiv 2022, arXiv:2209.05872. [Google Scholar]
  39. Kushwaha, S.S.; Joshi, S.; Singh, D.; Kaur, M.; Lee, H.N. Systematic review of security vulnerabilities in ethereum blockchain smart contract. IEEE Access 2022, 10, 6605–6621. [Google Scholar] [CrossRef]
  40. Kushwaha, S.S.; Joshi, S.; Singh, D.; Kaur, M.; Lee, H.N. Ethereum smart contract analysis tools: A systematic review. IEEE Access 2022, 10, 57037–57062. [Google Scholar] [CrossRef]
  41. Piantadosi, V.; Rosa, G.; Placella, D.; Scalabrino, S.; Oliveto, R. Detecting functional and security-related issues in smart contracts: A systematic literature review. Softw. Pract. Exp. 2023, 53, 465–495. [Google Scholar] [CrossRef]
  42. Rameder, H.; Di Angelo, M.; Salzer, G. Review of automated vulnerability analysis of smart contracts on Ethereum. Front. Blockchain 2022, 5, 814977. [Google Scholar] [CrossRef]
  43. Zhou, H.; Milani Fard, A.; Makanju, A. The state of ethereum smart contracts security: Vulnerabilities, countermeasures, and tool support. J. Cybersecur. Priv. 2022, 2, 358–378. [Google Scholar] [CrossRef]
  44. Ndiaye, M.; Konate, K. Security Strengths and Weaknesses of Blockchain Smart Contract System: A Survey. Int. J. Inf. Commun. Eng. 2022, 16, 134–143. [Google Scholar]
  45. Marijan, D.; Lal, C. Blockchain verification and validation: Techniques, challenges, and research directions. Comput. Sci. Rev. 2022, 45, 100492. [Google Scholar] [CrossRef]
  46. Huang, Y.; Bian, Y.; Li, R.; Zhao, J.L.; Shi, P. Smart contract security: A software lifecycle perspective. IEEE Access 2019, 7, 150184–150202. [Google Scholar] [CrossRef]
  47. Sayeed, S.; Marco-Gisbert, H.; Caira, T. Smart contract: Attacks and protections. IEEE Access 2020, 8, 24416–24427. [Google Scholar] [CrossRef]
  48. Tang, X.; Zhou, K.; Cheng, J.; Li, H.; Yuan, Y. The vulnerabilities in smart contracts: A survey. In Proceedings of the Advances in Artificial Intelligence and Security: 7th International Conference, ICAIS 2021, Dublin, Ireland, 19–23 July 2021; Springer: Berlin/Heidelberg, Germany, 2021; pp. 177–190. [Google Scholar]
  49. Chen, H.; Pendleton, M.; Njilla, L.; Xu, S. A survey on ethereum systems security: Vulnerabilities, attacks, and defenses. ACM Comput. Surv. 2020, 53, 1–43. [Google Scholar] [CrossRef]
  50. Vacca, A.; Di Sorbo, A.; Visaggio, C.A.; Canfora, G. A systematic literature review of blockchain and smart contract development: Techniques, tools, and open challenges. J. Syst. Softw. 2021, 174, 110891. [Google Scholar] [CrossRef]
  51. Fekih, R.B.; Lahami, M.; Jmaiel, M.; Bradai, S. Formal Verification of Smart Contracts Based on Model Checking: An Overview. In Proceedings of the 2023 IEEE International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), Paris, France, 14–16 December 2023; pp. 1–6. [Google Scholar] [CrossRef]
  52. Khan, Z.A.; Namin, A.S. A Survey of Vulnerability Detection Techniques by Smart Contract Tools. IEEE Access 2024, 12, 70870–70910. [Google Scholar] [CrossRef]
  53. Zhu, H.; Yang, L.; Wang, L.; Sheng, V.S. A Survey on Security Analysis Methods of Smart Contracts. IEEE Trans. Serv. Comput. 2024, 17, 4522–4539. [Google Scholar] [CrossRef]
  54. Deng, Y.; Wang, L.; Wang, L.; Li, J.; Yong, Q. A Survey on Automatic Discover Approach by Using Static Analysis for Smart Contract Vulnerability. In Proceedings of the 2023 International Conference on Networking and Network Applications (NaNA), Qingdao, China, 18–21 August 2023; pp. 163–168. [Google Scholar] [CrossRef]
  55. Vidal, F.R.; Ivaki, N.; Laranjeiro, N. Vulnerability detection techniques for smart contracts: A systematic literature review. J. Syst. Softw. 2024, 217, 112160. [Google Scholar] [CrossRef]
  56. Wu, H.; Peng, Y.; He, Y.; Fan, J. A Review of Deep Learning-Based Vulnerability Detection Tools for Ethernet Smart Contracts. CMES-Comput. Model. Eng. Sci. 2024, 140, 1. [Google Scholar] [CrossRef]
  57. Olivieri, L.; Spoto, F. Software verification challenges in the blockchain ecosystem. Int. J. Softw. Tools Technol. Transf. 2024, 26, 431–444. [Google Scholar] [CrossRef]
  58. Elakaş, A.; Sözer, H.; Şafak, I.; Kalkan, K. A systematic mapping on software testing for blockchains. Clust. Comput. 2024, 27, 7111–7126. [Google Scholar] [CrossRef]
  59. Garfatta, I.; Klai, K.; Gaaloul, W.; Graiet, M. A Survey on Formal Verification for Solidity Smart Contracts. In Proceedings of the 2021 Australasian Computer Science Week Multiconference, Dunedin, New Zealand, 1–5 February 2021. [Google Scholar] [CrossRef]
  60. Jiao, T.; Xu, Z.; Qi, M.; Wen, S.; Xiang, Y.; Nan, G. A survey of ethereum smart contract security: Attacks and detection. Distrib. Ledger Technol. Res. Pract. 2024, 3, 1–28. [Google Scholar] [CrossRef]
  61. Cousot, P.; Cousot, R. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, Los Angeles, CA, USA, 17–19 January 1977; pp. 238–252. [Google Scholar]
  62. Tsankov, P.; Dan, A.; Drachsler-Cohen, D.; Gervais, A.; Buenzli, F.; Vechev, M. Securify: Practical security analysis of smart contracts. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada, 15–19 October 2018; pp. 67–82. [Google Scholar]
  63. Pasqua, M.; Benini, A.; Contro, F.; Crosara, M.; Dalla Preda, M.; Ceccato, M. Enhancing Ethereum smart-contracts static analysis by computing a precise Control-Flow Graph of Ethereum bytecode. J. Syst. Softw. 2023, 200, 111653. [Google Scholar] [CrossRef]
  64. King, J.C. Symbolic execution and program testing. Commun. ACM 1976, 19, 385–394. [Google Scholar] [CrossRef]
  65. Feist, J.; Mounier, L.; Bardin, S.; David, R.; Potet, M.L. Finding the needle in the heap: Combining static analysis and dynamic symbolic execution to trigger use-after-free. In Proceedings of the 6th Workshop on Software Security, Protection, and Reverse Engineering, Los Angeles, CA, USA, 5–6 December 2016; pp. 1–12. [Google Scholar]
  66. Tripp, O.; Pistoia, M.; Fink, S.J.; Sridharan, M.; Weisman, O. TAJ: Effective taint analysis of web applications. ACM Sigplan Not. 2009, 44, 87–97. [Google Scholar] [CrossRef]
  67. Bose, P.; Das, D.; Chen, Y.; Feng, Y.; Kruegel, C.; Vigna, G. Sailfish: Vetting smart contract state-inconsistency bugs in seconds. In Proceedings of the 2022 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 23–25 May 2022; pp. 161–178. [Google Scholar]
  68. Sen, K. Concolic testing. In Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering, Atlanta, GA, USA, 5–9 November 2007; pp. 571–572. [Google Scholar]
  69. Wang, S.J.; Yao, J.; Pei, K.; Takahashi, H.; Yang, J. Detecting Buggy Contracts via Smart Testing. arXiv 2024, arXiv:2409.04597. [Google Scholar]
  70. Sutton, M.; Greene, A.; Amini, P. Fuzzing: Brute Force Vulnerability Discovery; Pearson Education: London, UK, 2007; ISBN 978-0-321-44611-4. [Google Scholar]
  71. Shou, C.; Liu, J.; Lu, D.; Sen, K. Llm4fuzz: Guided fuzzing of smart contracts with large language models. arXiv 2024, arXiv:2401.11108. [Google Scholar]
  72. DeMillo, R.A.; Lipton, R.J.; Sayward, F.G. Hints on test data selection: Help for the practicing programmer. Computer 1978, 11, 34–41. [Google Scholar] [CrossRef]
  73. Petrović, G.; Ivanković, M.; Fraser, G.; Just, R. Does mutation testing improve testing practices? In Proceedings of the 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), Madrid, Spain, 25–28 May 2021; pp. 910–921. [Google Scholar]
  74. Liu, Y.; Li, Y.; Lin, S.W.; Yan, Q. ModCon: A model-based testing platform for smart contracts. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Virtual Event, 8–13 November 2020; pp. 1601–1605. [Google Scholar]
  75. Suvorov, D.; Ulyantsev, V. Smart contract design meets state machine synthesis: Case studies. arXiv 2019, arXiv:1906.02906. [Google Scholar]
  76. Liu, S.; Xu, Y.; Yang, X.; Hui, B.; Hu, F. Variable-State-Trigger: A Formal Model of Smart Contracts Based on Conditional Response and Finite State Automata and Its Application. Electronics 2024, 13, 4680. [Google Scholar] [CrossRef]
  77. Xu, H.; Fan, J.; Han, L. Smart contract vulnerability detection based on adaptive genetic algorithm. In Proceedings of the Fourth International Conference on Applied Mathematics, Modelling, and Intelligent Computing (CAMMIC 2024), Kaifeng, China, 3–5 May 2024; Volume 13219, pp. 978–984. [Google Scholar]
  78. Driessen, S.; Di Nucci, D.; Monsieur, G.; Tamburri, D.A.; Heuvel, W.J.v.d. Automated test-case generation for solidity smart contracts: The AGSolT approach and its evaluation. arXiv 2021, arXiv:2102.08864. [Google Scholar]
  79. Dijkstra, E.W. The humble programmer. Commun. ACM 1972, 15, 859–866. [Google Scholar] [CrossRef]
  80. Matsuo, S. How formal analysis and verification add security to blockchain-based systems. In Proceedings of the 2017 Formal Methods in Computer Aided Design (FMCAD), Vienna, Austria, 2–6 October 2017; pp. 1–4. [Google Scholar]
  81. Mavridou, A.; Laszka, A. Tool demonstration: Fsolidm for designing secure ethereum smart contracts. In Proceedings of the Principles of Security and Trust: 7th International Conference, POST 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, 14–20 April 2018; Springer: Berlin/Heidelberg, Germany, 2018; pp. 270–277. [Google Scholar]
  82. Mavridou, A.; Laszka, A.; Stachtiari, E.; Dubey, A. VeriSolid: Correct-by-design smart contracts for Ethereum. In Proceedings of the Financial Cryptography and Data Security: 23rd International Conference, FC 2019, Frigate Bay, St. Kitts and Nevis, 18–22 February 2019; Revised Selected Papers 23. Springer: Berlin/Heidelberg, Germany, 2019; pp. 446–465. [Google Scholar]
  83. Nehaï, Z.; Bobot, F. Deductive proof of industrial smart contracts using Why3. In Proceedings of the Formal Methods. FM 2019 International Workshops, Porto, Portugal, 7–11 October 2019; Revised Selected Papers, Part I 3. Springer: Berlin/Heidelberg, Germany, 2020; pp. 299–311. [Google Scholar]
  84. Bao, T.; Liu, Y. A privacy-preserving framework for smart contracts based on stochastic model checking. In Proceedings of the 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Shenyang, China, 20–22 October 2021; pp. 460–467. [Google Scholar]
  85. Duo, W.; Xin, H.; Xiaofeng, M. Formal analysis of smart contract based on colored petri nets. IEEE Intell. Syst. 2020, 35, 19–30. [Google Scholar] [CrossRef]
  86. Amani, S.; Bégel, M.; Bortin, M.; Staples, M. Towards verifying ethereum smart contract bytecode in Isabelle/HOL. In Proceedings of the 7th ACM SIGPLAN International Conference on Certified Programs and Proofs, Los Angeles, CA, USA, 8–9 January 2018; pp. 66–77. [Google Scholar]
  87. Annenkov, D.; Spitters, B. Towards a smart contract verification framework in Coq. arXiv 2019, arXiv:1907.10674. [Google Scholar]
  88. Hirai, Y. eth-isabelle: Formalising the Ethereum Virtual Machine in Isabelle/HOL. 2017. Available online: https://github.com/pirapira/eth-isabelle (accessed on 20 September 2024).
  89. Emerson, E.A. The beginning of model checking: A personal perspective. In 25 Years of Model Checking; Springer: Berlin/Heidelberg, Germany, 2008; pp. 27–45. [Google Scholar]
  90. Baier, C.; Katoen, J.P. Principles of Model Checking; MIT Press: Cambridge, MA, USA, 2008. [Google Scholar]
  91. Mavridis, A. FSolidM/VeriSolid Framework. Available online: https://github.com/anmavrid/smart-contracts (accessed on 8 February 2024).
  92. Cavada, R.; Cimatti, A.; Dorigatti, M.; Griggio, A.; Mariotti, A.; Micheli, A.; Mover, S.; Roveri, M.; Tonetta, S. The nuXmv symbolic model checker. In Proceedings of the Computer Aided Verification: 26th International Conference, CAV 2014, Held as Part of the Vienna Summer of Logic, VSL 2014, Vienna, Austria, 18–22 July 2014; Springer: Berlin/Heidelberg, Germany, 2014; pp. 334–342. [Google Scholar]
  93. Cimatti, A.; Clarke, E.; Giunchiglia, F.; Roveri, M. NuSMV: A new symbolic model checker. Int. J. Softw. Tools Technol. Transf. 2000, 2, 410–425. [Google Scholar] [CrossRef]
  94. Nehai, Z.; Piriou, P.Y.; Daumas, F. Model-checking of smart contracts. In Proceedings of the 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Halifax, NS, Canada, 30 July–3 August 2018; pp. 980–987. [Google Scholar]
  95. Unal, D.; Hammoudeh, M.; Kiraz, M.S. Policy specification and verification for blockchain and smart contracts in 5G networks. ICT Express 2020, 6, 43–47. [Google Scholar] [CrossRef]
  96. Kwiatkowska, M.; Norman, G.; Parker, D. PRISM: Probabilistic symbolic model checker. In Proceedings of the 12th International Conference on Modelling Techniques and Tools for Computer Performance Evaluation, London, UK, 14–17 April 2002; Springer: Berlin/Heidelberg, Germany, 2002; pp. 200–204. [Google Scholar]
  97. Mazurek, L. ethver: Ethereum Smart Contract Versioning Tool. Available online: https://github.com/lukmaz/ethver (accessed on 24 February 2024).
  98. Mazurek, Ł. EthVer: Formal verification of randomized Ethereum smart contracts. In Proceedings of the Financial Cryptography and Data Security. FC 2021 International Workshops: CoDecFin, DeFi, VOTING, and WTSC, Virtual Event, 5 March 2021; Revised Selected Papers 25. Springer: Berlin/Heidelberg, Germany, 2021; pp. 364–380. [Google Scholar]
  99. Microsoft. VeriSol: Formal Verification for Solidity Smart Contracts. Available online: https://github.com/microsoft/verisol (accessed on 25 February 2024).
  100. Wang, Y.; Lahiri, S.K.; Chen, S.; Pan, R.; Dillig, I.; Born, C.; Naseer, I. Formal specification and verification of smart contracts for Azure blockchain. arXiv 2018, arXiv:1812.08829. [Google Scholar]
  101. Lal, A.; Qadeer, S.; Lahiri, S.K. A solver for reachability modulo theories. In Proceedings of the Computer Aided Verification: 24th International Conference, CAV 2012, Berkeley, CA, USA, 7–13 July 2012; Springer: Berlin/Heidelberg, Germany, 2012; pp. 427–443. [Google Scholar]
  102. Ben-Ari, M. Principles of the Spin Model Checker; Springer Science & Business Media: Berlin/Heidelberg, Germany, 2008. [Google Scholar]
  103. Bai, X.; Cheng, Z.; Duan, Z.; Hu, K. Formal modeling and verification of smart contracts. In Proceedings of the 2018 7th International Conference on Software and Computer Applications, Kuantan, Malaysia, 8–10 February 2018; pp. 322–326. [Google Scholar]
  104. Yang, Z.; Dai, M.; Guo, J. Formal modeling and verification of smart contracts with SPIN. Electronics 2022, 11, 3091. [Google Scholar] [CrossRef]
  105. Osterland, T.; Rose, T. Model checking smart contracts for ethereum. Pervasive Mob. Comput. 2020, 63, 101129. [Google Scholar] [CrossRef]
  106. Liu, Z.; Liu, J. Formal verification of blockchain smart contract based on colored petri net models. In Proceedings of the 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Milwaukee, WI, USA, 15–19 July 2019; Volume 2, pp. 555–560. [Google Scholar]
  107. He, Y.; Dong, H.; Wang, R.; Wu, H. Formal Verification of Smart Contract Based on Timed Colored Petri Net. In Proceedings of the 2022 11th International Conference on Networks, Communication and Computing, Beijing, China, 9–11 December 2022; pp. 321–327. [Google Scholar]
  108. Abdellatif, T.; Brousmiche, K.L. Formal verification of smart contracts based on users and blockchain behaviors models. In Proceedings of the 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), Paris, France, 26–28 February 2018; pp. 1–5. [Google Scholar]
  109. Basu, A.; Bozga, M.; Sifakis, J. Modeling heterogeneous real-time components in BIP. In Proceedings of the Fourth IEEE International Conference on Software Engineering and Formal Methods (SEFM’06), Pune, India, 11–15 September 2006; pp. 3–12. [Google Scholar]
  110. Maksimov, D.; Yakimov, I.; Kuznetsov, A. Statistical model checking for blockchain-based applications. In Proceedings of the IOP Conference Series: Materials Science and Engineering, Krasnoyarsk, Russia, 18–21 November 2019; IOP Publishing: Bristol, UK, 2020; Volume 734, p. 012152. [Google Scholar]
  111. Nam, W.; Kil, H. Formal verification of blockchain smart contracts via atl model checking. IEEE Access 2022, 10, 8151–8162. [Google Scholar] [CrossRef]
  112. Lomuscio, A.; Raimondi, F. MCMAS: A model checker for multi-agent systems. In Proceedings of the International Conference on Tools and Algorithms for the Construction and Analysis of Systems, Vienna, Austria, 25 March–2 April 2006; Springer: Berlin/Heidelberg, Germany, 2006; pp. 450–454. [Google Scholar]
  113. van der Meyden, R. On the specification and verification of atomic swap smart contracts. In Proceedings of the 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC), Seoul, Republic of Korea, 14–17 May 2019; pp. 176–179. [Google Scholar]
  114. Gammie, P.; Van Der Meyden, R. MCK: Model checking the logic of knowledge. In Proceedings of the Computer Aided Verification: 16th International Conference, CAV 2004, Boston, MA, USA, 13–17 July 2004; Springer: Berlin/Heidelberg, Germany, 2004; pp. 479–483. [Google Scholar]
  115. Qu, M.; Huang, X.; Chen, X.; Wang, Y.; Ma, X.; Liu, D. Formal verification of smart contracts from the perspective of concurrency. In Proceedings of the Smart Blockchain: First International Conference, SmartBlock 2018, Tokyo, Japan, 10–12 December 2018; Springer: Berlin/Heidelberg, Germany, 2018; pp. 32–43. [Google Scholar]
  116. FDR2 User Manual. Failures-Divergence Refinement. 2010. Available online: http://www.cs.ox.ac.uk/projects/concurrency-tools/download/fdr2manual-2.94.pdf (accessed on 30 May 2025).
  117. Annenkov, D.; Milo, M.; Nielsen, J.B.; Spitters, B. Extracting Smart Contracts Tested and Verified in Coq. In Proceedings of the 10th ACM SIGPLAN International Conference on Certified Programs and Proofs, New York, NY, USA, 17–19 January 2021; pp. 105–121. [Google Scholar] [CrossRef]
  118. Yang, Z.; Lei, H.; Qian, W. A hybrid formal verification system in coq for ensuring the reliability and security of ethereum-based service smart contracts. IEEE Access 2020, 8, 21411–21436. [Google Scholar] [CrossRef]
  119. Yang, Z.; Lei, H. Fether: An extensible definitional interpreter for smart-contract verifications in coq. IEEE Access 2019, 7, 37770–37791. [Google Scholar] [CrossRef]
  120. Zhu, J.; Hu, K.; Filali, M.; Bodeveix, J.P.; Talpin, J.P.; Cao, H. Formal simulation and verification of solidity contracts in event-b. In Proceedings of the 2021 IEEE 45th Annual Computers, Software, and Applications Conference (COMPSAC), Madrid, Spain, 12–16 July 2021; pp. 1309–1314. [Google Scholar]
  121. Jiao, J.; Lin, S.W.; Sun, J. A Generalized Formal Semantic Framework for Smart Contracts. In Proceedings of the Fundamental Approaches to Software Engineering (FASE), Dublin, Ireland, 25–30 April 2020; Volume 20, pp. 75–96. [Google Scholar]
  122. Tan, B.; Mariano, B.; Lahiri, S.K.; Dillig, I.; Feng, Y. SolType: Refinement types for arithmetic overflow in solidity. Proc. ACM Program. Lang. 2022, 6, 1–29. [Google Scholar] [CrossRef]
  123. Jiang, F.; Chao, K.; Xiao, J.; Liu, Q.; Gu, K.; Wu, J.; Cao, Y. Enhancing smart-contract security through machine learning: A survey of approaches and techniques. Electronics 2023, 12, 2046. [Google Scholar] [CrossRef]
  124. Leroy, X.; Blazy, S.; Kästner, D.; Schommer, B.; Pister, M.; Ferdinand, C. CompCert-a formally verified optimizing compiler. In Proceedings of the ERTS 2016: Embedded Real Time Software and Systems, 8th European Congress, Toulouse, France, 27–29 January 2016. [Google Scholar]
  125. Kezadri Hamiaz, M.; Pantel, M.; Thirioux, X.; Combemale, B. Correct-by-construction model driven engineering composition operators. Form. Asp. Comput. 2016, 28, 409–440. [Google Scholar] [CrossRef]
  126. Nielsen, E.H.; Annenkov, D.; Spitters, B. Formalising decentralised exchanges in Coq. In Proceedings of the 12th ACM SIGPLAN International Conference on Certified Programs and Proofs, Boston, MA, USA, 16–17 January 2023; pp. 290–302. [Google Scholar]
  127. Ethereum Foundation. Remix IDE: Ethereum Smart Contract Development Environment. Available online: https://github.com/ethereum/remix-ide (accessed on 8 February 2024).
  128. Tikhomirov, S.; Voskresenskaya, E.; Ivanitskiy, I.; Takhaviev, R.; Marchenko, E.; Alexandrov, Y. Smartcheck: Static analysis of ethereum smart contracts. In Proceedings of the 1st International Workshop on Emerging Trends in Software Engineering for Blockchain, Gothia, Sweden, 27 May–3 June 2018; pp. 9–16. [Google Scholar]
  129. Palkeo. Pakala: Yet Another EVM Symbolic Execution Tool. Available online: https://www.palkeo.com/en/projets/ethereum/pakala.html (accessed on 24 February 2024).
  130. Grieco, G.; Song, W.; Cygan, A.; Feist, J.; Groce, A. Echidna: Effective, usable, and fast fuzzing for smart contracts. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, Virtual Event, 18–22 July 2020; pp. 557–560. [Google Scholar]
  131. Groce, A.; Grieco, G. Echidna-parade: A tool for diverse multicore smart contract fuzzing. In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, Virtual Event, Aarhus, Denmark, 11–17 July 2021; pp. 658–661. [Google Scholar]
  132. Nassirzadeh, B.; Sun, H.; Banescu, S.; Ganesh, V. Gas gauge: A security analysis tool for smart contract out-of-gas vulnerabilities. In Proceedings of the International Conference on Mathematical Research for Blockchain Economy, Vilamoura, Portugal, 12–14 July 2022; Springer: Berlin/Heidelberg, Germany, 2022; pp. 143–167. [Google Scholar]
  133. Li, Z.; Wu, H.; Xu, J.; Wang, X.; Zhang, L.; Chen, Z. Musc: A tool for mutation testing of ethereum smart contract. In Proceedings of the 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), San Diego, CA, USA, 10–15 November 2019; pp. 1198–1201. [Google Scholar]
  134. Peng, C.; Akca, S.; Rajan, A. SIF: A framework for solidity contract instrumentation and analysis. In Proceedings of the 2019 26th Asia-Pacific Software Engineering Conference (APSEC), Putrajava, Malaysia, 2–5 December 2019; pp. 466–473. [Google Scholar]
  135. Feist, J.; Grieco, G.; Groce, A. Slither: A static analysis framework for smart contracts. In Proceedings of the 2019 IEEE/ACM 2nd International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), Montreal, QC, Canada, 17 May 2019; pp. 8–15. [Google Scholar]
  136. Hajdu, Á.; Jovanović, D. solc-verify: A modular verifier for solidity smart contracts. In Proceedings of the Verified Software. Theories, Tools, and Experiments: 11th International Conference, VSTTE 2019, New York City, NY, USA, 13–14 July 2019; Revised Selected Papers 11. Springer: Berlin/Heidelberg, Germany, 2020; pp. 161–179. [Google Scholar]
  137. Protofire. Solhint: Solidity Linter. Available online: https://protofire.github.io/solhint/ (accessed on 25 February 2024).
  138. Praitheeshan, P.; Pan, L.; Zheng, X.; Jolfaei, A.; Doss, R. SolGuard: Preventing external call issues in smart contract-based multi-agent robotic systems. Inf. Sci. 2021, 579, 150–166. [Google Scholar] [CrossRef]
  139. Zhang, P.; Xiao, F.; Luo, X. Soliditycheck: Quickly detecting smart contract problems through regular expressions. arXiv 2019, arXiv:1911.09425. [Google Scholar]
  140. Honig, J.J.; Everts, M.H.; Huisman, M. Practical mutation testing for smart contracts. In Proceedings of the International Workshop on Data Privacy Management, International Workshop on Cryptocurrencies and Blockchain Technology, Luxembourg, 26–27 September 2019; Springer: Berlin/Heidelberg, Germany, 2019; pp. 289–303. [Google Scholar]
  141. Frank, J.; Aschermann, C.; Holz, T. ETHBMC: A bounded model checker for smart contracts. In Proceedings of the 29th USENIX Security Symposium (USENIX Security 20), Boston, MA, USA, 12–14 August 2020; pp. 2757–2774. [Google Scholar]
  142. Revere, R. solgraph: Visualize Solidity Control Flow for Smart Contracts. Available online: https://github.com/raineorshine/solgraph (accessed on 13 February 2024).
  143. Kolluri, A.; Nikolic, I.; Sergey, I.; Hobor, A.; Saxena, P. Exploiting the laws of order in smart contracts. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis, Beijing, China, 15–19 July 2019; ACM: New York, NY, USA, 2019; pp. 363–373. [Google Scholar]
  144. Veloso, N. Conkas: Ethereum Smart Contract Security Analysis. Available online: https://github.com/nveloso/conkas (accessed on 26 February 2024).
  145. Chen, J.; Xia, X.; Lo, D.; Grundy, J.; Luo, X.; Chen, T. Defectchecker: Automated smart contract defect detection by analyzing evm bytecode. IEEE Trans. Softw. Eng. 2021, 48, 2189–2207. [Google Scholar] [CrossRef]
  146. Norvill, R.; Pontiveros, B.B.F.; State, R.; Cullen, A. Visual emulation for Ethereum’s virtual machine. In Proceedings of the NOMS 2018—2018 IEEE/IFIP Network Operations and Management Symposium, Taipei, Taiwan, 23–27 April 2018; pp. 1–4. [Google Scholar]
  147. Grishchenko, I.; Maffei, M.; Schneidewind, C. Ethertrust: Sound static analysis of ethereum bytecode. Tech. Univ. Wien Tech. Rep. 2018, 1–41. Available online: https://www.netidee.at/sites/default/files/2018-07/staticanalysis.pdf (accessed on 31 May 2025).
  148. Albert, E.; Gordillo, P.; Livshits, B.; Rubio, A.; Sergey, I. Ethir: A framework for high-level analysis of ethereum bytecode. In Proceedings of the International Symposium on Automated Technology for Verification and Analysis, Los Angeles, CA, USA, 7–10 October 2018; Springer: Berlin/Heidelberg, Germany, 2018; pp. 513–520. [Google Scholar]
  149. Torres, C.F.; Steichen, M. The art of the scam: Demystifying honeypots in ethereum smart contracts. In Proceedings of the 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, CA, USA, 14–16 August 2019; pp. 1591–1607. [Google Scholar]
  150. Grech, N.; Kong, M.; Jurisevic, A.; Brent, L.; Scholz, B.; Smaragdakis, Y. MadMax: Analyzing the out-of-gas world of smart contracts. Commun. ACM 2020, 63, 87–95. [Google Scholar] [CrossRef]
  151. Mueller, B. Smashing Smart Contracts. In Proceedings of the 9th HITB Security Conference, Amsterdam, The Netherlands, 9–13 April 2018; Available online: https://github.com/muellerberndt/smashing-smart-contracts/blob/master/smashing-smart-contracts-1of1.pdf (accessed on 31 May 2025).
  152. Ventuzelo, P. Octopus: Ethereum Smart Contract Security Analysis Tool. Available online: https://github.com/FuzzingLabs/octopus (accessed on 26 February 2024).
  153. Torres, C.F.; Schütte, J.; State, R. Osiris: Hunting for integer bugs in ethereum smart contracts. In Proceedings of the 34th Annual Computer Security Applications Conference, San Juan, PR, USA, 3–7 December 2018; pp. 664–676. [Google Scholar]
  154. Suiche, M. Porosity: Decompiler and Security Analysis Tool for Ethereum Smart Contracts. Available online: https://github.com/msuiche/porosity (accessed on 8 February 2024).
  155. PNF Software. JEB Ethereum Plugin Documentation. Available online: https://www.pnfsoftware.com/jeb/manual/ethereum/ (accessed on 31 May 2025).
  156. Chinen, Y.; Yanai, N.; Cruz, J.P.; Okamura, S. RA: Hunting for re-entrancy attacks in ethereum smart contracts via static analysis. In Proceedings of the 2020 IEEE International Conference on Blockchain (Blockchain), Virtual, 2–6 May 2020; pp. 327–336. [Google Scholar]
  157. Krupp, J.; Rossow, C. teEther: Gnawing at ethereum to automatically exploit smart contracts. In Proceedings of the 27th USENIX Security Symposium (USENIX Security 18), Baltimore, MD, USA, 15–17 August 2018; pp. 1317–1333. [Google Scholar]
  158. Brent, L.; Jurisevic, A.; Kong, M.; Liu, E.; Gauthier, F.; Gramoli, V.; Holz, R.; Scholz, B. Vandal: A scalable security analysis framework for smart contracts. arXiv 2018, arXiv:1809.03981. [Google Scholar]
  159. Azzopardi, S.; Ellul, J.; Pace, G.J. Monitoring Smart Contracts: ContractLarva and Open Challenges Beyond. In Proceedings of the Runtime Verification, Limassol, Cyprus, 10–13 November 2018; Colombo, C., Leucker, M., Eds.; Springer International Publishing: Cham, Switzerland, 2018; pp. 113–137. [Google Scholar]
  160. Stegeman, L. Solitor: Runtime Verification of Smart Contracts on the Ethereum Network. Master’s Thesis, University of Twente, Enschede, The Netherlands, 2018. Available online: http://essay.utwente.nl/76902/ (accessed on 31 May 2025).
  161. Wang, H.; Li, Y.; Lin, S.W.; Ma, L.; Liu, Y. Vultron: Catching vulnerable smart contracts once and for all. In Proceedings of the 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER), Montreal, QC, Canada, 25–31 May 2019; pp. 1–4. [Google Scholar]
  162. Jiang, B.; Liu, Y.; Chan, W.K. Contractfuzzer: Fuzzing smart contracts for vulnerability detection. In Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering, Montpellier, France, 3–7 September 2018; pp. 259–269. [Google Scholar]
  163. Nguyen, T.D.; Pham, L.H.; Sun, J.; Lin, Y.; Minh, Q.T. sfuzz: An efficient adaptive fuzzer for solidity smart contracts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, Seoul, Republic of Korea, 27 June–19 July 2020; pp. 778–788. [Google Scholar]
  164. Chen, T.; Cao, R.; Li, T.; Luo, X.; Gu, G.; Zhang, Y.; Liao, Z.; Zhu, H.; Chen, G.; He, Z.; et al. SODA: A Generic Online Detection Framework for Smart Contracts. In Proceedings of the NDSS, San Diego, CA, USA, 23–26 February 2020. [Google Scholar]
  165. Gao, J.; Liu, H.; Liu, C.; Li, Q.; Guan, Z.; Chen, Z. Easyflow: Keep ethereum away from overflow. In Proceedings of the 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion), Montreal, QC, Canada, 25–31 May 2019; pp. 23–26. [Google Scholar]
  166. Grossman, S.; Abraham, I.; Golan-Gueta, G.; Michalevsky, Y.; Rinetzky, N.; Sagiv, M.; Zohar, Y. Online detection of effectively callback free objects with applications to smart contracts. Proc. ACM Program. Lang. 2017, 2, 1–28. [Google Scholar] [CrossRef]
  167. Pace, G. ContractLarva: A Tool for Runtime Monitoring of Ethereum Smart Contracts. Available online: https://github.com/gordonpace/contractLarva (accessed on 8 February 2024).
  168. NTU SRSLab. ModCon: Ethereum Smart Contract Modification Detection Tool. Available online: https://github.com/ntu-SRSLab/ModCon (accessed on 26 February 2024).
  169. Stegeman, L. Solitor: Ethereum Smart Contract Runtime Monitoring Tool. Available online: https://github.com/LarsStegeman/EthereumRuntimeMonitoring (accessed on 26 February 2024).
  170. NTU SRSLab. Vultron: Ethereum Smart Contract Vulnerability Detection Tool. Available online: https://github.com/ntu-SRSLab/vultron (accessed on 26 February 2024).
  171. Bell, G. ContractFuzzer: Fuzz Testing Tool for Ethereum Smart Contracts. Available online: https://github.com/gongbell/ContractFuzzer (accessed on 13 February 2024).
  172. Tai, D. sFuzz: Ethereum Smart Contract Fuzz Testing Tool. Available online: https://github.com/duytai/sFuzz (accessed on 27 February 2024).
  173. PandAbox Development. SODA: Solidity Contract Data Analyzer. Available online: https://github.com/pandabox-dev/SODA (accessed on 27 February 2024).
  174. Gao, J. EasyFlow: Ethereum Smart Contract Static Analysis Tool. Available online: https://github.com/Jianbo-Gao/EasyFlow (accessed on 27 February 2024).
  175. Grinberg, S. ECFChecker. Available online: https://github.com/shellygr/ECFChecker (accessed on 21 February 2024).
  176. Akca, S.; Rajan, A.; Peng, C. SolAnalyser: A Framework for Analysing and Testing Smart Contracts. In Proceedings of the 2019 26th Asia-Pacific Software Engineering Conference (APSEC), Putrajaya, Malaysia, 2–5 December 2019; pp. 482–489. [Google Scholar]
  177. Mossberg, M.; Manzano, F.; Hennenfent, E.; Groce, A.; Grieco, G.; Feist, J.; Brunson, T.; Dinaburg, A. Manticore: A user-friendly symbolic execution framework for binaries and smart contracts. In Proceedings of the 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), San Diego, CA, USA, 10–15 November 2019; pp. 1186–1189. [Google Scholar]
  178. di Angelo, M.; Durieux, T.; Ferreira, J.F.; Salzer, G. SmartBugs 2.0: An Execution Framework for Weakness Detection in Ethereum Smart Contracts. In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE), Luxembourg, 11–15 September 2023. [Google Scholar]
  179. Akca, S. SolAnalyser: Solidity Smart Contract Security Analyzer. Available online: https://github.com/sefaakca/SolAnalyser (accessed on 25 February 2024).
  180. Trail of Bits. Manticore: Symbolic Execution Tool for Analysis of Smart Contracts and Binaries. Available online: https://github.com/trailofbits/manticore (accessed on 8 February 2024).
  181. Nikolić, I. MAIAN: A Novel Mitigation for Reentrancy Attacks. Available online: https://github.com/ivicanikolicsg/MAIAN (accessed on 8 February 2024).
  182. SmartBugs. SmartBugs: Smart Contract Static Analysis. Available online: https://github.com/smartbugs/smartbugs (accessed on 24 February 2024).
  183. Pierro, A. SPASO (PArser for SOlidity). Available online: https://github.com/aphd/paso (accessed on 22 March 2024).
  184. Pierro, G.A.; Tonelli, R. PASO: A Web-Based Parser for Solidity Language Analysis. In Proceedings of the 2020 IEEE International Workshop on Blockchain Oriented Software Engineering (IWBOSE), London, ON, Canada, 18 February 2020; pp. 16–21. [Google Scholar] [CrossRef]
  185. Gao, Z.; Jiang, L.; Xia, X.; Lo, D.; Grundy, J. Checking smart contracts with structural code embedding. IEEE Trans. Softw. Eng. 2020, 47, 2874–2891. [Google Scholar] [CrossRef]
  186. Camino, R.; Torres, C.F.; Baden, M.; State, R. A Data Science Approach for Honeypot Detection in Ethereum. arXiv 2019, arXiv:1910.01449. [Google Scholar]
  187. Zhuang, Y.; Liu, Z.; Qian, P.; Liu, Q.; Wang, X.; He, Q. Smart Contract Vulnerability Detection using Graph Neural Network. In Proceedings of the IJCAI, Yokohama, Japan, 7–15 January 2021; pp. 3283–3290. [Google Scholar]
  188. Qian, P. GNNSCVulDetector: Graph Neural Network-Based Smart Contract Vulnerability Detector. Available online: https://github.com/Messi-Q/GNNSCVulDetector (accessed on 21 February 2024).
  189. Liu, Z.; Qian, P.; Wang, X.; Zhu, L.; He, Q.; Ji, S. Smart contract vulnerability detection: From pure neural network to interpretable graph feature and expert pattern fusion. arXiv 2021, arXiv:2106.09282. [Google Scholar]
  190. Qian, P.; Liu, Z.; He, Q.; Zimmermann, R.; Wang, X. Towards automated reentrancy detection for smart contracts based on sequential models. IEEE Access 2020, 8, 19685–19695. [Google Scholar] [CrossRef]
  191. Yu, X.; Zhao, H.; Hou, B.; Ying, Z.; Wu, B. Deescvhunter: A deep learning-based framework for smart contract vulnerability detection. In Proceedings of the 2021 International Joint Conference on Neural Networks (IJCNN), Rome, Italy, 30 June–5 July 2021; pp. 1–8. [Google Scholar]
  192. Ashizawa, N.; Yanai, N.; Cruz, J.P.; Okamura, S. Eth2Vec: Learning contract-wide code representations for vulnerability detection on Ethereum smart contracts. In Proceedings of the 3rd ACM International Symposium on Blockchain and Secure Critical Infrastructure, Melbourne, Australia, 10–14 July 2022; Volume 3, p. 100101. [Google Scholar] [CrossRef]
  193. Nguyen, H.H.; Nguyen, N.M.; Xie, C.; Ahmadi, Z.; Kudendo, D.; Doan, T.N.; Jiang, L. MANDO: Multi-level heterogeneous graph embeddings for fine-grained detection of smart contract vulnerabilities. In Proceedings of the 2022 IEEE 9th International Conference on Data Science and Advanced Analytics (DSAA), Online, 13–16 October 2022; pp. 1–10. [Google Scholar]
  194. Liu, Z.; Qian, P.; Wang, X.; Zhuang, Y.; Qiu, L.; Wang, X. Combining graph neural networks with expert knowledge for smart contract vulnerability detection. IEEE Trans. Knowl. Data Eng. 2021, 35, 1296–1310. [Google Scholar] [CrossRef]
  195. He, J.; Balunović, M.; Ambroladze, N.; Tsankov, P.; Vechev, M. Learning to Fuzz from Symbolic Execution with Application to Smart Contracts. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, London, UK, 11–15 November 2019; pp. 531–548. [Google Scholar] [CrossRef]
  196. Su, J.; Dai, H.N.; Zhao, L.; Zheng, Z.; Luo, X. Effectively Generating Vulnerable Transaction Sequences in Smart Contracts with Reinforcement Learning-guided Fuzzing. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, Rochester, MI, USA, 10–14 October 2023. [Google Scholar] [CrossRef]
  197. Zhang, Z.; Lei, Y.; Yan, M.; Yu, Y.; Chen, J.; Wang, S.; Mao, X. Reentrancy vulnerability detection and localization: A deep learning based two-phase approach. In Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering, Rochester, MI, USA, 10–14 October 2022; pp. 1–13. [Google Scholar]
  198. Tann, W.J.W.; Han, X.J.; Gupta, S.S.; Ong, Y.S. Towards safer smart contracts: A sequence learning approach to detecting security threats. arXiv 2018, arXiv:1811.06632. [Google Scholar]
  199. Liao, J.W.; Tsai, T.T.; He, C.K.; Tien, C.W. Soliaudit: Smart contract vulnerability assessment based on machine learning and fuzz testing. In Proceedings of the 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS), Granada, Spain, 22–25 October 2019; pp. 458–465. [Google Scholar]
  200. HajiHosseinKhani, S.; Lashkari, A.H.; Oskui, A.M. Unveiling vulnerable smart contracts: Toward profiling vulnerable smart contracts using genetic algorithm and generating benchmark dataset. Blockchain Res. Appl. 2024, 5, 100171. [Google Scholar] [CrossRef]
  201. Ren, M.; Yin, Z.; Ma, F.; Xu, Z.; Jiang, Y.; Sun, C.; Li, H.; Cai, Y. Empirical evaluation of smart contract testing: What is the best choice? In Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis, Virtual Event, Aarhus, Denmark, 11–17 July 2021; pp. 566–579. [Google Scholar]
  202. Durieux, T.; Ferreira, J.F.; Abreu, R.; Cruz, P. Empirical review of automated analysis tools on 47,587 ethereum smart contracts. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, Seoul, Republic of Korea, 27 June–19 July 2020; pp. 530–541. [Google Scholar]
  203. Ghaleb, A.; Pattabiraman, K. How effective are smart contract analysis tools? Evaluating smart contract static analysis tools using bug injection. In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, Virtual Event, 18–22 July 2020; pp. 415–427. [Google Scholar]
  204. Khan, D.; Jung, L.T.; Hashmani, M.A. Systematic literature review of challenges in blockchain scalability. Appl. Sci. 2021, 11, 9372. [Google Scholar] [CrossRef]
  205. Khlifi, M.K.; Boulila, W.; Farah, I.R. Graph-based deep learning techniques for remote sensing applications: Techniques, taxonomy, and applications—A comprehensive review. Comput. Sci. Rev. 2023, 50, 100596. [Google Scholar] [CrossRef]
  206. Ammar, A.; Koubaa, A.; Benjdira, B.; Nacar, O.; Sibaee, S. Prediction of Arabic Legal Rulings Using Large Language Models. Electronics 2024, 13, 764. [Google Scholar] [CrossRef]
  207. Schwalbe, G.; Finzel, B. A comprehensive taxonomy for explainable artificial intelligence: A systematic survey of surveys on methods and concepts. Data Min. Knowl. Discov. 2024, 38, 3043–3101. [Google Scholar] [CrossRef]
  208. Álvarez, I.A.; Gramlich, V.; Sedlmeir, J. Unsealing the secrets of blockchain consensus: A systematic comparison of the formal security of proof-of-work and proof-of-stake. arXiv 2024, arXiv:2401.14527. [Google Scholar]
  209. Lv, P.; Wang, Y.; Wang, Y.; Zhou, Q. Potential risk detection system of hyperledger fabric smart contract based on static analysis. In Proceedings of the 2021 IEEE Symposium on Computers and Communications (ISCC), Athens, Greece, 5–8 September 2021; pp. 1–7. [Google Scholar]
  210. Lamela Seijas, P.; Nemish, A.; Smith, D.; Thompson, S. Marlowe: Implementing and analysing financial contracts on blockchain. In Proceedings of the Financial Cryptography and Data Security: FC 2020 International Workshops, AsiaUSEC, CoDeFi, VOTING, and WTSC, Kota Kinabalu, Malaysia, 14 February 2020; Revised Selected Papers 24. Springer: Berlin/Heidelberg, Germany, 2020; pp. 496–511. [Google Scholar]
  211. Chakravarty, M.; Kireev, R.; MacKenzie, K.; McHale, V.; Müller, J.; Nemish, A.; Nester, C.; Jones, M.P.; Thompson, S.; Valentine, R.; et al. Functional Blockchain Contracts. 2019. Available online: https://americanblockchainpac.org/wp-content/uploads/2022/03/Functional-Blockchain-Contracts.pdf (accessed on 31 May 2025).
  212. Solana Foundation. X-Ray: Open-Source Static Analyzer for Solana Smart Contracts. 2024. Available online: https://solanacompass.com/learn/breakpoint-24/bp-2024-technical-talk-open-source-x-ray-solana-smart-contract-static-analysis (accessed on 31 May 2025).
  213. Solana Documentation. Radar–Static Analysis Tool for Anchor Rust Programs. 2025. Available online: https://solana.com/docs/toolkit/test-suite/security-scanner (accessed on 31 May 2025).
  214. Web3 Labs. Ink! Verifier Service. Ensures Reproducible Bytecode Verification for Ink! Contracts. 2023. Available online: https://github.com/web3labs/ink-verifier-image (accessed on 31 May 2025).
  215. Chainlink. Cross-Chain Interoperability Protocol (CCIP). 2025. Available online: https://chain.link/cross-chain (accessed on 6 May 2025).
  216. Input Output Global (IOG). Marlowe. 2025. Available online: https://docs.cardano.org/developer-resources/smart-contracts/marlowe (accessed on 5 May 2025).
Computers 14 00226 g001
Figure 1. Daily deployment volume of Ethereum smart contracts from 1 January to 30 April 2024, with a marked increase observed in late April [7].
Figure 1. Daily deployment volume of Ethereum smart contracts from 1 January to 30 April 2024, with a marked increase observed in late April [7].
Computers 14 00226 g001
Computers 14 00226 g002
Figure 2. Overview of the systematic search methodology, illustrating the retrieval of 1685 documents from multiple digital libraries using specified keywords, followed by the verification of inclusion criteria.
Figure 2. Overview of the systematic search methodology, illustrating the retrieval of 1685 documents from multiple digital libraries using specified keywords, followed by the verification of inclusion criteria.
Computers 14 00226 g002
Table 1. Overview of reviewed papers.
Table 1. Overview of reviewed papers.
RefTitleYearTypeFormal VerificationStatic AnalysisDynamic AnalysisMachine LearningOpen Access Tools# Tools
[27]A survey on security verification of blockchain smart contracts2019Survey 12
[28]Security analysis methods on Ethereum smart contract vulnerabilities: a survey2019Survey 8
[29]Security, performance, and applications of smart contracts: A systematic survey2019SLR 9
[30]Survey of formal verification methods for smart contracts on blockchain2019Survey 2
[31]A survey of tools for analyzing Ethereum smart contracts2019SLR 27
[32]A survey of smart contract formal specification and verification2020Survey 34
[33]A Comprehensive Survey on Smart Contract Construction and Execution: Paradigms, Tools and Systems2020SLR 22
[34]Smart Contract modeling and verification techniques: A survey2020Survey 7
[35]Ethereum smart contract security research: survey and future research opportunities2015–2019SLR 9
[36]Verification of smart contracts: A survey2020Survey 25
[37]Pre-deployment Analysis of Smart Contracts—A Survey2023SLR 6
[38]Smart contract vulnerability detection technique: A survey2022Survey 23
[39]SLR of security vulnerabilities in Ethereum blockchain smart contract2016–2021SLR 20
[40]Ethereum smart contract analysis tools: A systematic review2022SLR 86
[41]Detecting functional and security-related issues in smart contracts: A systematic literature review2015–2020SLR26
[42]Review of automated vulnerability analysis of smart contracts on Ethereum2022SLR 20
[43]The state of Ethereum smart contracts security: Vulnerabilities, countermeasures, and tool support2022Survey 11
[44]Security Strengths and Weaknesses of Blockchain Smart Contract System: A Survey2022Survey 28
[45]Blockchain verification and validation: Techniques, challenges, and research directions2022Survey 30
[46]Smart contract security: A software lifecycle perspective2019Survey 18
[47]Smart contract: Attacks and protections2020Survey 10
[48]The vulnerabilities in smart contracts: A survey2021Survey 20
[49]A survey on Ethereum systems security: Vulnerabilities, attacks, and defenses2020Survey 51
[50]A systematic literature review of blockchain and smart contract development: Techniques, tools, and open challenges2016–2020SLR 26
[51]Formal Verification of Smart Contracts based on Model Checking: An Overview2024Survey 8
[52]A Survey of Vulnerability Detection Techniques by Smart Contract Tools2024Survey 41
[53]A Survey on Security Analysis Methods of Smart Contracts2024Survey 78
[54]A Survey on Automatic Discover Approach by Using Static Analysis for Smart Contract Vulnerability2023Survey 1
[55]Vulnerability detection techniques for smart contracts: A systematic literature review2024Survey 86
[56]A Review of Deep Learning-Based Vulnerability Detection Tools for Ethernet Smart Contracts2024Survey 20
[57]Software verification challenges in the blockchain ecosystem2024Survey 0
[58]A systematic mapping on software testing for blockchains2012–2022SLR 14
[59]A Survey on Formal Verification for Solidity Smart Contracts2021Survey 4
[60]A Survey of Ethereum Smart Contract Security: Attacks and Detection2024Survey 14
Table 4. Comparative summary of vulnerability detection methods for Ethereum smart contracts.
Table 4. Comparative summary of vulnerability detection methods for Ethereum smart contracts.
MethodAdvantagesLimitations
Static AnalysisDetects issues early without execution; applicable to Solidity and bytecode. Sound guarantees are possible with precise abstractions.Susceptible to false positives/negatives. Does not capture runtime behavior.
Dynamic AnalysisObserves actual execution, revealing runtime vulnerabilities. Techniques like concolic testing and fuzzing improve path exploration.Computationally intensive and time-consuming. Coverage is limited by input quality and simulated conditions.
Formal VerificationProvides mathematical proofs of correctness. High assurance for critical applications.Resource-intensive with scalability challenges. Requires specialized expertise and accurate specifications.
Machine LearningProcesses large datasets to identify subtle, unseen vulnerability patterns. Adapts as more data become available.Performance hinges on training data quality. Limited interpretability; risk of false positives/negatives.
Table 5. Static analysis tools with Solidity code as input.
Table 5. Static analysis tools with Solidity code as input.
ToolLanguageRepository
RemixJavaScripthttps://github.com/ethereum/remix-ide, accessed on 17 April 2025.
SmartCheckJavahttps://github.com/smartdec/smartcheck, accessed on 17 April 2025.
PakalaPythonhttps://github.com/palkeo/pakala, accessed on 17 April 2025.
EchidnaHaskellhttps://github.com/crytic/echidna, accessed on 17 April 2025.
GasGaugePythonhttps://github.com/gasgauge, accessed on 17 April 2025.
MuScJavahttps://github.com/belikout/MuSC-Tool-Demo-repo, accessed on 17 April 2025.
SIFC++https://github.com/chao-peng/SIF, accessed on 17 April 2025.
SlitherPythonhttps://github.com/crytic/slither, accessed on 17 April 2025.
Solc-VerifyC++https://github.com/SRI-CSL/solidity, accessed on 17 April 2025.
SolhintJavahttps://protofire.github.io/solhint/, accessed on 17 April 2025.
SolidityCheckC++https://github.com/xf97/SolidityCheck, accessed on 17 April 2025.
VertigoPythonhttps://github.com/JoranHonig/vertigo, accessed on 17 April 2025.
ETHBMCRusthttps://github.com/RUB-SysSec/EthBMC, accessed on 17 April 2025.
SolgraphJavaScripthttps://github.com/raineorshine/solgraph, accessed on 17 April 2025.
ETHRACERPythonhttps://github.com/aashishkolluri/Ethracer, accessed on 17 April 2025.
ConkasPythonhttps://github.com/nveloso/conkas, accessed on 17 April 2025.
Table 6. Static analysis tools with Bytecode as input.
Table 6. Static analysis tools with Bytecode as input.
ToolLanguageRepository
DefectCheckerJavahttps://github.com/Jiachi-Chen/DefectChecker, accessed on 17 April 2025.
E-EVMPythonhttps://github.com/pisocrob/E-EVM, accessed on 17 April 2025.
EtherTrustJavahttps://github.com/SecPriv/EtherTrust, accessed on 17 April 2025.
EthIRPythonhttps://github.com/costa-group/EthIR, accessed on 17 April 2025.
HoneyBadgerPythonhttps://github.com/christoftorres/HoneyBadger, accessed on 17 April 2025.
MadMaxGigahose IRhttps://github.com/nevillegrech/MadMax, accessed on 17 April 2025.
MythrilPythonhttps://github.com/Consensys/mythril, accessed on 17 April 2025.
OctopusPythonhttps://github.com/FuzzingLabs/octopus, accessed on 17 April 2025.
OsirisPythonhttps://github.com/christoftorres/Osiris, accessed on 17 April 2025.
OyentePythonhttps://github.com/enzymefinance/oyente, accessed on 17 April 2025.
PorosityC++https://github.com/msuiche/porosity, accessed on 17 April 2025.
RAPythonhttps://github.com/wanidon/RA, accessed on 17 April 2025.
SecurifyJavahttps://github.com/eth-sri/securify2, accessed on 17 April 2025.
TeEtherPythonhttps://github.com/nescio007/teether, accessed on 17 April 2025.
VandalPythonhttps://github.com/usyd-blockchain/vandal, accessed on 17 April 2025.
Table 9. Machine learning tools.
Table 9. Machine learning tools.
ToolRepository
SmartEmbedhttps://github.com/beyondacm/SmartEmbed, accessed on 17 April 2025.
honeypot-detectionhttps://github.com/rcamino/honeypot-detection, accessed on 17 April 2025.
GNNSCVulDetectorhttps://github.com/Messi-Q/GNNSCVulDetector, accessed on 17 April 2025.
AMEVulDetectorhttps://github.com/Messi-Q/AMEVulDetector, accessed on 17 April 2025.
ReCheckerhttps://github.com/Messi-Q/ReChecker, accessed on 17 April 2025.
DeeSCVHunterhttps://github.com/MRdoulestar/DeeSCVHunter, accessed on 17 April 2025.
Eth2Vechttps://github.com/fseclab-osaka/eth2vec, accessed on 17 April 2025.
MANDOhttps://github.com/MANDO-Project, accessed on 17 April 2025.
DR-GCNhttps://github.com/Messi-Q/GraphDeeSmartContract, accessed on 17 April 2025.
CGEhttps://github.com/Messi-Q/GPSCVulDetector, accessed on 17 April 2025.
ILFhttps://github.com/eth-sri/ilf, accessed on 17 April 2025.
RLFhttps://github.com/Demonhero0/rlf, accessed on 17 April 2025.
ReVulDLhttps://github.com/toolstemp/IAcontract, accessed on 17 April 2025.
LSTMhttps://github.com/wesleyjtann/Safe-SmartContracts, accessed on 17 April 2025.
SoliAudithttps://github.com/jianwei76/SoliAudit, accessed on 17 April 2025.
SCsVulLyzerhttps://github.com/ahlashkari/SCsVulLyzer, accessed on 17 April 2025.
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Kezadri Hamiaz, M.; Driss, M. Ethereum Smart Contracts Under Scrutiny: A Survey of Security Verification Tools, Techniques, and Challenges. Computers 2025, 14, 226. https://doi.org/10.3390/computers14060226

AMA Style

Kezadri Hamiaz M, Driss M. Ethereum Smart Contracts Under Scrutiny: A Survey of Security Verification Tools, Techniques, and Challenges. Computers. 2025; 14(6):226. https://doi.org/10.3390/computers14060226

Chicago/Turabian Style

Kezadri Hamiaz, Mounira, and Maha Driss. 2025. "Ethereum Smart Contracts Under Scrutiny: A Survey of Security Verification Tools, Techniques, and Challenges" Computers 14, no. 6: 226. https://doi.org/10.3390/computers14060226

APA Style

Kezadri Hamiaz, M., & Driss, M. (2025). Ethereum Smart Contracts Under Scrutiny: A Survey of Security Verification Tools, Techniques, and Challenges. Computers, 14(6), 226. https://doi.org/10.3390/computers14060226

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop