Smart contracts are a secure and trustworthy application that plays a vital role in decentralized applications in various fields such as insurance,the internet, and gaming. However, in recent years, smart contract security breaches have occurred frequently, and due to their financial properties, they have caused huge economic losses, such as the most famous security incident "The DAO" which caused a loss of over $60 million in Ethereum. This has drawn a lot of attention from all sides. Writing a secure smart contract is now a critical issue. This paper focuses on Ether smart contracts and explains the main components of Ether, smart contract architecture and mechanism. The environment used in this paper is the Ethernet environment, using remix online compilation platform and Solidity language, according to the four security events of American Chain, The DAO, Parity and KotET, the principles of integer overflow attack, reentrant attack, access control attack and denial of service attack are studied and analyzed accordingly, and the scenarios of these vulnerabilities are reproduced, and the measures to prevent them are given. Finally, preventive measures are given. In addition, the principles of short address attack, early transaction attack and privileged function exposure attack are also introduced in detail, and security measures are proposed. As vulnerabilities continue to emerge, their classification will also evolve. The analysis and research of the current vulnerabilities are also to lay a solid foundation for avoiding more vulnerabilities.

翻译：智能合约是一种安全可信的应用程序，在保险、互联网和游戏等领域的去中心化应用中发挥着至关重要的作用。然而近年来，智能合约安全漏洞事件频发，且因其金融属性造成了巨大的经济损失，例如最著名的安全事件"The DAO"导致以太坊损失超过6000万美元，这引起了各界的广泛关注。编写安全的智能合约已成为关键议题。本文聚焦以太坊智能合约，阐释以太坊的主要构成部分、智能合约架构与运行机制。本文采用以太坊环境，使用Remix在线编译平台与Solidity语言，依据美链、The DAO、Parity及KotET四大安全事件，对整数溢出攻击、重入攻击、访问控制攻击和拒绝服务攻击的原理进行相应研究分析，复现这些漏洞的触发场景，并给出防范措施。此外，还详细阐述了短地址攻击、抢先交易攻击及特权函数暴露攻击的原理，并提出相应的安全防护方案。随着漏洞的不断涌现，其分类体系也将持续演进。对现有漏洞的分析研究，正是为规避更多漏洞奠定坚实基础。