The blockchain technology has been used for recording state transitions of smart contracts - decentralized applications that can be invoked through external transactions. Smart contracts gained popularity and accrued hundreds of billions of dollars in market capitalization in recent years. Unfortunately, like all other programs, smart contracts are prone to security vulnerabilities that have incurred multimillion-dollar damages over the past decade. As a result, many automated threat mitigation solutions have been proposed to counter the security issues of smart contracts. These threat mitigation solutions include various tools and methods that are challenging to compare. This survey develops a comprehensive classification taxonomy of smart contract threat mitigation solutions within five orthogonal dimensions: defense modality, core method, targeted contracts, input-output data mapping, and threat model. We classify 133 existing threat mitigation solutions using our taxonomy and confirm that the proposed five dimensions allow us to concisely and accurately describe any smart contract threat mitigation solution. In addition to learning what the threat mitigation solutions do, we also show how these solutions work by synthesizing their actual designs into a set of uniform workflows corresponding to the eight existing defense core methods. We further create an integrated coverage map for the known smart contract vulnerabilities by the existing threat mitigation solutions. Finally, we perform the evidence-based evolutionary analysis, in which we identify trends and future perspectives of threat mitigation in smart contracts and pinpoint major weaknesses of the existing methodologies. For the convenience of smart contract security developers, auditors, users, and researchers, we deploy a regularly updated comprehensive open-source online registry of threat mitigation solutions.

翻译：区块链技术已被用于记录智能合约的状态转换——这些去中心化应用可通过外部交易调用。近年来，智能合约广受欢迎，市值累计达数千亿美元。然而，与其他程序一样，智能合约存在安全漏洞，过去十年间已造成数亿美元的损失。为此，学界提出了众多自动化威胁缓解方案以应对智能合约的安全问题，这些方案包含各类工具和方法，难以相互比较。本综述构建了智能合约威胁缓解方案的五维正交分类体系：防御模式、核心方法、目标合约、输入输出数据映射及威胁模型。我们利用该分类体系对133种现有威胁缓解方案进行归类，验证了所提出的五个维度能够简洁准确地描述任何智能合约威胁缓解方案。除阐明这些方案的功能外，我们还通过将其实质设计综合为与八种现有防御核心方法对应的统一工作流，展示了其运行机理。继而创建了现有威胁缓解方案对已知智能合约漏洞的集成覆盖图谱。最后，我们开展基于证据的演化分析，识别智能合约威胁缓解的发展趋势与未来方向，并指出现有方法论的主要缺陷。为方便智能合约安全开发者、审计人员、用户及研究人员的使用，我们部署了定期更新的开源威胁缓解综合在线注册库。