An important problem in smart contract security is understanding the likelihood and criticality of discovered, or potential, weaknesses in contracts. In this paper we provide a summary of Ethereum smart contract audits performed for 23 professional stakeholders, avoiding the common problem of reporting issues mostly prevalent in low-quality contracts. These audits were performed at a leading company in blockchain security, using both open-source and proprietary tools, as well as human code analysis performed by professional security engineers. We categorize 246 individual defects, making it possible to compare the severity and frequency of different vulnerability types, compare smart contract and non-smart contract flaws, and to estimate the efficacy of automated vulnerability detection approaches.

中文翻译：

---

重要智能合约的实际缺陷是什么（以及我们如何找到它们）？

智能合约安全中的一个重要问题是了解合约中已发现或潜在弱点的可能性和重要性。在本文中，我们总结了为 23 个专业利益相关者执行的以太坊智能合约审计，避免了报告问题在低质量合约中普遍存在的常见问题。这些审计是在区块链安全领域的领先公司进行的，使用开源和专有工具，以及由专业安全工程师执行的人工代码分析。我们对 246 个单独的缺陷进行了分类，从而可以比较不同漏洞类型的严重性和频率，比较智能合约和非智能合约的缺陷，并评估自动化漏洞检测方法的功效。