Smart contracts with external data are crucial for functionality but pose security and reliability concerns. Statistical and quantitative studies on this interaction are scarce. To address this gap, we analyzed 10,500 smart contracts, retaining 9,356 valid ones after excluding outdated or erroneous ones.We employed code parsing to transform contract code into abstract syntax trees and identified keywords associated with external data dependencies. We conducted a quantitative analysis by comparing these keywords to a reference list. We manually classified the 9,356 valid smart contracts to ascertain their application domains and typical interaction methods with external data. Additionally, we created a database with this data to facilitate research on smart contract dependencies. Moreover, we reviewed over 3,600 security audit reports, manually identifying 249 (approximately 9%) related to external data interactions and categorized their dependencies. We explored the correlation between smart contract complexity and external data dependency to provide insights for their design and auditing processes. These studies aim to enhance the security and reliability of smart contracts and offer practical guidance to developers and auditors.
翻译:依赖外部数据的智能合约对功能实现至关重要,但也带来了安全性和可靠性方面的隐患。目前针对这种交互的统计与量化研究尚显不足。为填补这一空白,我们分析了10,500份智能合约,在排除过时或存在错误的合约后,保留了9,356份有效合约。我们采用代码解析技术将合约代码转换为抽象语法树,并识别出与外部数据依赖相关的关键词。通过将这些关键词与参考列表进行比对,我们开展了定量分析。我们对这9,356份有效智能合约进行了人工分类,以确定其应用领域及与外部数据的典型交互方式。此外,我们基于这些数据构建了一个数据库,以促进智能合约依赖性的相关研究。同时,我们审阅了超过3,600份安全审计报告,人工识别出其中249份(约占总数的9%)涉及外部数据交互,并对其依赖类型进行了分类。我们进一步探究了智能合约复杂性与外部数据依赖性之间的关联,旨在为合约的设计与审计流程提供参考。这些研究致力于提升智能合约的安全性与可靠性,并为开发者和审计人员提供实践指导。