Blockchain technology is believed by many to be a game changer in many application domains. While the first generation of blockchain technology (i.e., Blockchain 1.0) is almost exclusively used for cryptocurrency, the second generation (i.e., Blockchain 2.0), as represented by Ethereum, is an open and decentralized platform enabling a new paradigm of computing—Decentralized Applications (DApps) running on top of blockchains. The rich applications and semantics of DApps inevitably introduce many security vulnerabilities, which have no counterparts in pure cryptocurrency systems like Bitcoin. Since Ethereum is a new, yet complex, system, it is imperative to have a systematic and comprehensive understanding on its security from a holistic perspective, which was previously unavailable in the literature. To the best of our knowledge, the present survey, which can also be used as a tutorial, fills this void. We systematize three aspects of Ethereum systems security: vulnerabilities, attacks, and defenses. We draw insights into vulnerability root causes, attack consequences, and defense capabilities, which shed light on future research directions.

中文翻译：

---

以太坊系统安全性调查

区块链技术被许多人认为是许多应用领域的游戏规则改变者。第一代区块链技术（即区块链 1.0）几乎专门用于加密货币，而以以太坊为代表的第二代（即区块链 2.0）是一个开放的去中心化平台，支持新的计算范式——去中心化应用（DApps）在区块链之上运行。DApp 丰富的应用程序和语义不可避免地引入了许多安全漏洞，这些漏洞在比特币等纯加密货币系统中是没有的。由于以太坊是一个新的但复杂的系统，因此必须从整体的角度对其安全性进行系统和全面的了解，这在以前的文献中是没有的。据我们所知，目前的调查，它也可以用作教程，填补了这一空白。我们系统化了以太坊系统安全的三个方面：漏洞、攻击和防御。我们深入了解漏洞根本原因、攻击后果和防御能力，从而为未来的研究方向提供启示。