On-Chain Analysis of Smart Contract Dependency Risks on Ethereum

• URL: http://arxiv.org/abs/2503.19548v3
• Date: Wed, 02 Apr 2025 11:20:35 GMT
• Title: On-Chain Analysis of Smart Contract Dependency Risks on Ethereum
• Authors: Monica Jin, Raphina Liu, Martin Monperrus,
• Abstract summary: We analyze over 41 million contracts and 11 billion interactions on up to December 2024.<n>Our results yield four key insights.<n>Our work provides the first large-scale foundation for understanding smart contract dependency risks.
• Score: 7.570246812206772
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: In this paper, we present the first large-scale empirical study of smart contract dependencies, analyzing over 41 million contracts and 11 billion interactions on Ethereum up to December 2024. Our results yield four key insights: (1) 59% of contract transactions involve multiple contracts (median of 4 per transaction in 2024) indicating potential smart contract dependency risks; (2) the ecosystem exhibits extreme centralization, with just 11 (0.001%) deployers controlling 20.5 million (50%) of alive contracts, with major risks related to factory contracts and deployer privileges; (3) three most depended-upon contracts are mutable, meaning large parts of the ecosystem rely on contracts that can be altered at any time, which is a significant risk, (4) actual smart contract protocol dependencies are significantly more complex than officially documented, undermining Ethereum's transparency ethos, and creating unnecessary attack surface. Our work provides the first large-scale empirical foundation for understanding smart contract dependency risks, offering crucial insights for developers, users, and security researchers in the blockchain space.

Related papers

• A Comprehensive Study of Exploitable Patterns in Smart Contracts: From Vulnerability to Defense [1.1138859624936408]
  Vulnerabilities within smart contracts not only undermine the security of individual applications but also pose significant risks to the broader blockchain ecosystem. This paper provides a comprehensive analysis of key security risks in smart contracts, specifically those written in Solidity and executed on the Virtual Machine. We focus on two prevalent and critical types (reentrancy and integer overflow) by examining their underlying mechanisms, replicating attack scenarios, and assessing effective countermeasures.
  arXiv  Detail & Related papers  (2025-04-30T10:00:36Z)
• Demystifying Private Transactions and Their Impact in PoW and PoS Ethereum [43.548299433042835]
  Private transactions, a specialized transaction type employed to evade public Peer-to-Peer (P2P) network broadcasting, remain largely unexplored. We analyze large-scale datasets comprising 14,810,392 private transactions within a 15.5-month Proof-of-Work (PoW) dataset and 30,062,232 private transactions within a 15.5-month Proof-of-Stake (PoS) dataset.
  arXiv  Detail & Related papers  (2025-03-30T16:45:18Z)
• A Large-Scale Exploratory Study on the Proxy Pattern in Ethereum [8.328441582683034]
  The proxy pattern is a well-known design pattern with numerous use cases in several sectors of the software industry.<n>Our findings reveal that 14.2% of all deployed smart contracts are proxy contracts.<n>While the majority (67.8%) of proxies act as an interceptor, 32.2% enables upgradeability.
  arXiv  Detail & Related papers  (2025-01-01T21:52:22Z)
• Proxion: Uncovering Hidden Proxy Smart Contracts for Finding Collision Vulnerabilities in Ethereum [6.544211171664063]
  We present Proxion, an automated cross-contract analyzer that identifies all proxy smart contracts and their collisions. What sets Proxion apart is its ability to analyze hidden smart contracts that lack both source code and past transactions. We apply Proxion to analyze over 36 million alive contracts from 2015 to 2023, revealing that 54.2% of them are proxy contracts.
  arXiv  Detail & Related papers  (2024-09-20T15:03:19Z)
• End-user Comprehension of Transfer Risks in Smart Contracts [16.333145153972566]
  We focus on five transfer risks with severe impact on transfer outcomes and user objectives.<n>We conducted a user study investigating end-user comprehension of smart contract transfer risks with 110 participants and USDT/MetaMask.<n>We performed manual and automated source code analysis of the next top (78) ERC-20 smart contracts (after USDT) to identify the prevalence of these risks.
  arXiv  Detail & Related papers  (2024-07-16T07:18:45Z)
• Contract Usage and Evolution in Android Mobile Applications [45.44831696628473]
  We present the first large-scale empirical study on the presence and use of contracts in Android applications, written in Java or Kotlin. We analyzed 2,390 Android applications from the F-Droid repository and processed more than 51,749 KLOC. Our findings show that it would be desirable to have libraries that standardize contract specifications in Java and Kotlin.
  arXiv  Detail & Related papers  (2024-01-25T15:36:49Z)
• Vulnerability Scanners for Ethereum Smart Contracts: A Large-Scale Study [44.25093111430751]
  In 2023 alone, such vulnerabilities led to substantial financial losses exceeding a billion of US dollars. Various tools have been developed to detect and mitigate vulnerabilities in smart contracts. This study investigates the gap between the effectiveness of existing security scanners and the vulnerabilities that still persist in practice.
  arXiv  Detail & Related papers  (2023-12-27T11:26:26Z)
• Learning Optimal Contracts: How to Exploit Small Action Spaces [37.92189925462977]
  We study principal-agent problems in which a principal commits to an outcome-dependent payment scheme. We design an algorithm that learns an approximately-optimal contract with high probability. It can also be employed to provide a $tildemathcalO(T4/5)$ regret bound in the related online learning setting.
  arXiv  Detail & Related papers  (2023-09-18T14:18:35Z)
• Delegating Data Collection in Decentralized Machine Learning [67.0537668772372]
  Motivated by the emergence of decentralized machine learning (ML) ecosystems, we study the delegation of data collection. We design optimal and near-optimal contracts that deal with two fundamental information asymmetries. We show that a principal can cope with such asymmetry via simple linear contracts that achieve 1-1/e fraction of the optimal utility.
  arXiv  Detail & Related papers  (2023-09-04T22:16:35Z)
• Detecting Logical Relation In Contract Clauses [94.85352502638081]
  We develop an approach to automate the extraction of logical relations between clauses in a contract. The resulting approach should help contract authors detecting potential logical conflicts between clauses.
  arXiv  Detail & Related papers  (2021-11-02T19:26:32Z)
• ContractNLI: A Dataset for Document-level Natural Language Inference for Contracts [39.75232199445175]
  We propose "document-level natural language inference (NLI) for contracts" A system is given a set of hypotheses and a contract, and it is asked to classify whether each hypothesis is "entailed by", "contradicting to" or "not mentioned by" (neutral to) the contract. We release the largest corpus to date consisting of 607 annotated contracts.
  arXiv  Detail & Related papers  (2021-10-05T03:22:31Z)
• ESCORT: Ethereum Smart COntRacTs Vulnerability Detection using Deep Neural Network and Transfer Learning [80.85273827468063]
  Existing machine learning-based vulnerability detection methods are limited and only inspect whether the smart contract is vulnerable. We propose ESCORT, the first Deep Neural Network (DNN)-based vulnerability detection framework for smart contracts. We show that ESCORT achieves an average F1-score of 95% on six vulnerability types and the detection time is 0.02 seconds per contract.
  arXiv  Detail & Related papers  (2021-03-23T15:04:44Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.