Smart contracts with external data are crucial for functionality but pose security and reliability concerns. Statistical and quantitative studies on this interaction are scarce. To address this gap, we analyzed 10,500 smart contracts, retaining 9,356 valid ones after excluding outdated or erroneous ones. We employed code parsing to transform contract code into abstract syntax trees and identified keywords associated with external data dependencies. We conducted a quantitative analysis by comparing these keywords to a reference list. We manually classified the 9,356 valid smart contracts to ascertain their application domains and typical interaction methods with external data. Additionally, we created a database with this data to facilitate research on smart contract dependencies. Moreover, we reviewed over 3,600 security audit reports, manually identifying 249 (approximately 9%) related to external data interactions and categorized their dependencies. We explored the correlation between smart contract complexity and external data dependency to provide insights for their design and auditing processes. These studies aim to enhance the security and reliability of smart contracts and offer practical guidance to developers and auditors.
翻译:依赖外部数据的智能合约对实现功能至关重要,但也引发了安全性与可靠性问题。目前关于此类交互的统计与定量研究仍较为匮乏。为填补这一空白,我们分析了10,500份智能合约,在排除过时或存在错误的合约后,保留了9,356份有效合约。我们采用代码解析技术将合约代码转换为抽象语法树,并识别出与外部数据依赖相关的关键词。通过将这些关键词与参考列表进行比对,我们开展了定量分析。我们对9,356份有效智能合约进行了人工分类,以确定其应用领域及与外部数据的典型交互方式。此外,我们基于这些数据构建了一个数据库,以促进智能合约依赖性的相关研究。进一步地,我们审阅了超过3,600份安全审计报告,人工识别出其中249份(约占总数的9%)涉及外部数据交互,并对其依赖类型进行了分类。我们还探究了智能合约复杂度与外部数据依赖性之间的关联,以期为合约设计与审计流程提供参考。这些研究旨在提升智能合约的安全性与可靠性,并为开发者和审计人员提供实践指导。