This study found exploits in 89% of smart contracts analyzed, mainly Ethereum


#1

https://arxiv.org/abs/1802.06038


#2

Our analysis of nearly one million contracts flags 34,200 (2,365 distinct) contracts vulnerable, in 10 seconds per contract. On a subset of3,759 contracts which we sampled for concrete validation and manual analysis, we reproduce real exploits at a true positive rate of 89%, yielding exploits for3,686 contracts.

I don’t think it’s that bad, as I read it 3.42% were flagged vulnerable and 89% of a subset of them had exploits reproduced.