Researchers took an automated walk through almost a million live Ethereum contracts to search for vulnerabilities. They successfully identified and tracked down 3,686 errors, with ties to millions of dollars worth of Ethereum, suggesting that about 0.36% of all Ethereum contracts might be flawed.

The system they used to uncover these errors was also able to uncover the famous Parity bug which recently locked away about $160 million at-the-time-worth of Ether forever, in one of history's more expensive programming errors.

The researchers divided the flawed contracts into three rough categories and gave each one a vaguely poetic name.

    Prodigal contracts – A contract which can be robbed and manipulated to carelessly release Ether to another address, such as in the DAO attack.
    Suicidal contracts – A contract which can be killed by an outside attacker.
    Greedy contracts – A contract which can be manipulated to lock away the Ether held.

Systems will frequently depend on multiple contracts, so incidents will often involve more than one of these. For example, the Parity library contract was suicidal, while the its wallet contracts were greedy.