Smart contracts are nowadays at the core of most blockchain systems, as they specify and allow an agreement between entities that wish to perform a transaction. As any computer program, smart contracts are subject to the presence of residual faults, including severe security vulnerabilities, which require that the vulnerable contract is terminated in the blockchain. In this context, research began to be developed to prevent the deployment of smart contract holding vulnerabilities, mostly in the form of vulnerability detection tools. Along with these efforts, several and heterogeneous vulnerability classification schemes arised (e.g., most notably DASP and SWC). At the time of writing, these are mostly outdated initiatives, despite the fact that smart contract vulnerabilities are continuously being discovered and the associated rich information being mostly disregarded. In this paper, we propose OpenSCV, a new and Open hierarchical taxonomy for Smart Contract Vulnerabilities, which is open to community contributions and matches the current state of the practice, while being prepared to handle future modifications and evolution. The taxonomy was built based on the analysis of research on vulnerability classification, community-maintained classification schemes, and research on smart contract vulnerability detection. We show how OpenSCV covers the announced detection ability of current vulnerability detection tools, and highlight its usefulness as a resource in smart contract vulnerability research.

翻译：智能合约如今已成为大多数区块链系统的核心，它们规定并允许希望进行交易的实体之间达成协议。与任何计算机程序一样，智能合约可能存在残余缺陷，包括严重的安全漏洞，这要求有漏洞的合约在区块链中被终止。在此背景下，研究开始侧重于防止部署含有漏洞的智能合约，主要形式是漏洞检测工具。伴随这些努力，出现了多种异构的漏洞分类方案（例如最著名的DASP和SWC）。然而，截至本文撰写时，这些方案大多已过时，尽管智能合约漏洞不断被发现且相关的丰富信息大多被忽视。本文提出OpenSCV，一种新的、开放的智能合约漏洞分层分类法，它向社区贡献开放，符合当前实践状态，并准备好应对未来的修改与演进。该分类法基于对漏洞分类研究、社区维护的分类方案以及智能合约漏洞检测研究的分析构建而成。我们展示了OpenSCV如何覆盖当前漏洞检测工具声称的检测能力，并强调其作为智能合约漏洞研究资源的有用性。