Existing smart contract vulnerability classifications are fragmented and symptom-oriented (e.g., reentrancy), lacking a unified, program-structure-based root-cause taxonomy—hindering detection interpretability, audit reproducibility, and security education efficacy. Method: We propose the first attack-origin–driven classification framework grounded in Solidity’s program structure, attributing vulnerabilities to eight fundamental causes spanning control flow, external calls, and state integrity. We systematically map vulnerabilities across SmartBugs, SolidiFI, and other benchmarks to expose label drift and coverage gaps; further, we design a multi-modal detection signal framework integrating static analysis, dynamic execution, and learning-based techniques, accompanied by canonical examples and mitigation guidelines. Contribution/Results: Our framework significantly improves consistency in vulnerability understanding, enables traceable detection via root-cause linkage, and enhances pedagogical practicality—advancing both automated analysis and security education for smart contracts.

Smart contracts concentrate high value assets and complex logic in small, immutable programs, where even minor bugs can cause major losses. Existing taxonomies and tools remain fragmented, organized around symptoms such as reentrancy rather than structural causes. This paper introduces an attack-centric, program-structure taxonomy that unifies Solidity vulnerabilities into eight root-cause families covering control flow, external calls, state integrity, arithmetic safety, environmental dependencies, access control, input validation, and cross-domain protocol assumptions. Each family is illustrated through concise Solidity examples, exploit mechanics, and mitigations, and linked to the detection signals observable by static, dynamic, and learning-based tools. We further cross-map legacy datasets (SmartBugs, SolidiFI) to this taxonomy to reveal label drift and coverage gaps. The taxonomy provides a consistent vocabulary and practical checklist that enable more interpretable detection, reproducible audits, and structured security education for both researchers and practitioners.