Smart Contracts in the Real World: A Statistical Exploration of External Data Dependencies

TL;DR

This paper provides a comprehensive statistical analysis of external data dependencies in smart contracts, highlighting security concerns, application domains, and interaction methods to improve their reliability and safety.

Contribution

It introduces a large-scale analysis of smart contracts' external data dependencies, including keyword identification, classification, and correlation with complexity, filling a gap in empirical research.

Findings

Approximately 9% of security audits relate to external data dependencies.

External data dependencies vary across application domains.

Complexity correlates with the likelihood of external data interactions.

Abstract

Smart contracts with external data are crucial for functionality but pose security and reliability concerns. Statistical and quantitative studies on this interaction are scarce. To address this gap, we analyzed 10,500 smart contracts, retaining 9,356 valid ones after excluding outdated or erroneous ones. We employed code parsing to transform contract code into abstract syntax trees and identified keywords associated with external data dependencies. We conducted a quantitative analysis by comparing these keywords to a reference list. We manually classified the 9,356 valid smart contracts to ascertain their application domains and typical interaction methods with external data. Additionally, we created a database with this data to facilitate research on smart contract dependencies. Moreover, we reviewed over 3,600 security audit reports, manually identifying 249 (approximately 9%) related to external data interactions and categorized their dependencies. We explored the correlation between smart contract complexity and external data dependency to provide insights for their design and auditing processes. These studies aim to enhance the security and reliability of smart contracts and offer practical guidance to developers and auditors.