Smart contracts are pieces of code that run under specific conditions and are stored on the blockchain. Crypto currency, voting, digital rights, escrow, music rights management, health care applications, IoT, record keeping, smart land and e-governance are some of the applications of smart contracts. In these applications, smart contracts are important, but there are attackers. The DAO assault, Govern Mental, Dynamic libraries, Parity Multisig, King of the Ether Throne, Rubixi and Batch Transfer Overflow are examples of adversaries exploiting smart contracts due to vulnerabilities in smart contracts and draining millions of dollars in a matter of years. As a result of these factors, thorough research into smart contract attacks is needed, as well as effective detective and preventive methods. In this paper, we focus on smart contract vulnerabilities, which are the source of the attacks. Current research on these attacks has only covered a few of the flaws, and there is a need to cover all smart contract flaws over Ethereum through blockchain. The taxonomy of vulnerabilities is described below, along with smart contract code and investigations into how attackers are leveraging these vulnerabilities in Smart Contracts.