In recent years, decentralized applications (dApps) built on blockchain platforms such as Ethereum and coded in languages such as Solidity, have gained attention for their potential to disrupt traditional centralized systems. Despite their rapid adoption, limited research has been conducted to understand the underlying code structure of these applications. In particular, each dApp is composed of multiple smart contracts, each containing a number of functions that can be called to trigger a specific event, e.g., a token transfer. In this paper, we reconstruct and analyse the network of contracts and functions calls within the dApp, which is helpful to unveil vulnerabilities that can be exploited by malicious attackers. We show how decentralization is architecturally implemented, identifying common development patterns and anomalies that could influence the system's robustness and efficiency. We find a consistent network structure characterized by modular, self-sufficient contracts and a complex web of function interactions, indicating common coding practices across the blockchain community. Critically, a small number of key functions within each dApp play a pivotal role in maintaining network connectivity, making them potential targets for cyber attacks and highlighting the need for robust security measures.

翻译：近年来，基于以太坊等区块链平台并使用Solidity等语言编写的去中心化应用（dApps），因其颠覆传统中心化系统的潜力而受到关注。尽管其被快速采用，但关于这些应用底层代码结构的研究仍十分有限。具体而言，每个dApp由多个智能合约组成，每个合约包含若干可被调用以触发特定事件（如代币转账）的函数。本文重建并分析了dApp内部的合约与函数调用网络，这有助于揭示可能被恶意攻击者利用的漏洞。我们展示了去中心化在架构上如何实现，并识别出可能影响系统鲁棒性与效率的常见开发模式与异常。研究发现，该网络结构具有一致性特征：模块化且自给自足的合约构成，以及复杂的函数交互网络，这表明区块链社区中存在普遍的编码实践。关键在于，每个dApp中少量核心函数在维持网络连通性方面起关键作用，使其成为网络攻击的潜在目标，凸显了加强安全措施的必要性。