The blockchain technology has been used for recording state transitions of smart contracts - decentralized applications that can be invoked through external transactions. Smart contracts gained popularity and accrued hundreds of billions of dollars in market capitalization in recent years. Unfortunately, like all other programs, smart contracts are prone to security vulnerabilities that have incurred multimillion-dollar damages over the past decade. As a result, many automated threat mitigation solutions have been proposed to counter the security issues of smart contracts. These threat mitigation solutions include various tools and methods that are challenging to compare. This survey develops a comprehensive classification taxonomy of smart contract threat mitigation solutions within five orthogonal dimensions: defense modality, core method, targeted contracts, input-output data mapping, and threat model. We classify 133 existing threat mitigation solutions using our taxonomy and confirm that the proposed five dimensions allow us to concisely and accurately describe any smart contract threat mitigation solution. In addition to learning what the threat mitigation solutions do, we also show how these solutions work by synthesizing their actual designs into a set of uniform workflows corresponding to the eight existing defense core methods. We further create an integrated coverage map for the known smart contract vulnerabilities by the existing threat mitigation solutions. Finally, we perform the evidence-based evolutionary analysis, in which we identify trends and future perspectives of threat mitigation in smart contracts and pinpoint major weaknesses of the existing methodologies. For the convenience of smart contract security developers, auditors, users, and researchers, we deploy a regularly updated comprehensive open-source online registry of threat mitigation solutions.

翻译：区块链技术已被用于记录智能合约的状态转换——这些去中心化应用可通过外部交易进行调用。近年来，智能合约广受欢迎，其市值累计达数千亿美元。然而，与其他程序类似，智能合约存在安全漏洞，过去十年已造成数亿美元损失。为此，学界提出了大量自动化威胁缓解方案以应对智能合约安全问题。这些方案涵盖多种工具与方法，彼此间难以比较。本综述从五个正交维度（防御模式、核心方法、目标合约、输入输出数据映射及威胁模型）构建了智能合约威胁缓解方案的全面分类体系。我们基于该分类法对133种现有威胁缓解方案进行了归类，证实所提出的五个维度能够简洁准确地描述任意智能合约威胁缓解方案。除阐明威胁缓解方案的功能外，我们还通过将八种现有防御核心方法的具体设计整合为一组统一工作流，揭示了这些方案的工作原理。我们进一步针对现有威胁缓解方案绘制了已知智能合约漏洞的集成覆盖图谱。最后，我们开展基于证据的演化分析，识别了智能合约威胁缓解的发展趋势与未来方向，并指出现有方法的主要缺陷。为便于智能合约安全开发者、审计人员、用户及研究人员参考，我们部署了定期更新的开源在线威胁缓解方案综合注册库。