Blockchain has recently emerged as a research trend, with potential applications in a broad range of industries and context. One particular successful Blockchain technology is smart contract, which is widely used in commercial settings (e.g., high value financial transactions). This, however, has security implications due to the potential to financially benefit from a security incident (e.g., identification and exploitation of a vulnerability in the smart contract or its implementation). Among, Ethereum is the most active and arresting. Hence, in this paper, we systematically review existing research efforts on Ethereum smart contract security, published between 2015 and 2019. Specifically, we focus on how smart contracts can be maliciously exploited and targeted, such as security issues of contract program model, vulnerabilities in the program and safety consideration introduced by program execution environment. We also identify potential research opportunities and future research agenda.

区块链最近已成为一种研究趋势，在许多行业和环境中都有潜在的应用。一种特别成功的区块链技术是智能合约，它广泛用于商业环境（例如，高价值金融交易）。但是，由于可能从安全事件中获得经济收益（例如，识别和利用智能合约或其实施中的漏洞），因此具有安全隐患。其中，以太坊是最活跃和吸引人的。因此，在本文中，我们系统地回顾了2015年至2019年发布的有关以太坊智能合约安全性的现有研究成果。特别是，我们重点研究如何恶意利用和针对智能合约，例如合约程序模型的安全性问题，程序中的漏洞和程序执行环境引入的安全注意事项。我们还将确定潜在的研究机会和未来的研究议程。