With the increasing popularity of cryptocurrencies and blockchain technology, smart contracts have become a prominent feature in developing decentralized applications. However, these smart contracts are susceptible to vulnerabilities that hackers can exploit, resulting in significant financial losses. In response to this growing concern, various initiatives have emerged. Notably, the SWC vulnerability list played an important role in raising awareness and understanding of smart contract weaknesses. However, the SWC list lacks maintenance and has not been updated with new vulnerabilities since 2020. To address this gap, this paper introduces the Smart Contract Weakness Enumeration (SWE), a comprehensive and practical vulnerability list up until 2023. We collect 273 vulnerability descriptions from 86 top conference papers and journal papers, employing open card sorting techniques to deduplicate and categorize these descriptions. This process results in the identification of 40 common contract weaknesses, which are further classified into 20 sub-research fields through thorough discussion and analysis. SWE provides a systematic and comprehensive list of smart contract vulnerabilities, covering existing and emerging vulnerabilities in the last few years. Moreover, SWE is a scalable, continuously iterative program. We propose two update mechanisms for the maintenance of SWE. Regular updates involve the inclusion of new vulnerabilities from future top papers, while irregular updates enable individuals to report new weaknesses for review and potential addition to SWE.

翻译：随着加密货币和区块链技术的日益普及，智能合约已成为开发去中心化应用的重要特征。然而，这些智能合约易受黑客利用的漏洞影响，导致重大经济损失。为应对这一日益严重的关切，各方已推出多种举措。值得注意的是，SWC漏洞列表在提升对智能合约弱点的认识和理解方面发挥了重要作用。然而，SWC列表缺乏维护，自2020年以来未再更新新漏洞。为弥补这一空白，本文提出了智能合约弱点枚举（SWE），这是一份截至2023年的全面且实用的漏洞列表。我们从86篇顶级会议论文和期刊论文中收集了273条漏洞描述，采用开放式卡片分类技术对这些描述进行去重和分类。这一过程识别出40种常见合约弱点，并通过深入讨论和分析进一步将其归类为20个子研究领域。SWE提供了一份系统且全面的智能合约漏洞列表，涵盖过去几年中现有和新兴的漏洞。此外，SWE是一个可扩展、持续迭代的程序。我们提出了两种SWE维护的更新机制：定期更新包括纳入未来顶级论文中的新漏洞，而不定期更新则允许个人提交新弱点以供审查并可能加入SWE。