A Systematic Review and Performance Evaluation of Open-Source Tools for Smart Contract Vulnerability Detection

With the rise of blockchain technology, the security issues of smart contracts have become increasingly critical. Despite the availability of numerous smart contract vulnerability detection tools, many face challenges such as slow updates, usability issues, and limited installation methods. These challenges hinder the adoption and practicality of these tools. This paper examines smart contract vulnerability detection tools from 2016 to 2023, sourced from the Web of Science (WOS) and Google Scholar. By systematically collecting, screening, and synthesizing relevant research, 38 open-source tools that provide installation methods were selected for further investigation. From a developer's perspective, this paper offers a comprehensive survey of these 38 open-source tools, discussing their operating principles, installation methods, environmental dependencies, update frequencies, and installation challenges. Based on this, we propose an Ethereum smart contract vulnerability detection framework. This framework enables developers to easily utilize various detection tools and accurately analyze contract security issues. To validate the framework's stability, over 1700 h of testing were conducted. Additionally, a comprehensive performance test was performed on the mainstream detection tools integrated within the framework, assessing their hardware requirements and vulnerability detection coverage. Experimental results indicate that the Slither tool demonstrates satisfactory performance in terms of system resource consumption and vulnerability detection coverage. This study represents the first performance evaluation of testing tools in this domain, providing significant reference value.