DApps Ecosystems: Mapping the Network Structure of Smart Contract Interactions

TL;DR

This work treats dApps as interconnected networks of smart contracts and their functions to uncover architectural patterns and security implications. Using MindTheDApp, the authors extract Solidity code from $66$ dApps, construct weighted contract networks, and derive function networks via a bipartite Function–Contract representation and one-mode projection, reinforced by a disparity-filter backbone. They reveal a common, modular architecture: sparsely connected contract networks with self-loops and denser, highly clustered function networks that feature a core component spanning multiple contracts. Importantly, a small set of high-betweenness functions governs network connectivity, indicating targeted vulnerabilities and informing strategies for security hardening and cost optimization. The findings have practical impact for developers and auditors by highlighting structural hotspots to monitor and optimize interaction patterns across diverse blockchain ecosystems.

Abstract

In recent years, decentralized applications (dApps) built on blockchain platforms such as Ethereum and coded in languages such as Solidity, have gained attention for their potential to disrupt traditional centralized systems. Despite their rapid adoption, limited research has been conducted to understand the underlying code structure of these applications. In particular, each dApp is composed of multiple smart contracts, each containing a number of functions that can be called to trigger a specific event, e.g., a token transfer. In this paper, we reconstruct and analyse the network of contracts and functions calls within the dApp, which is helpful to unveil vulnerabilities that can be exploited by malicious attackers. We show how decentralization is architecturally implemented, identifying common development patterns and anomalies that could influence the system's robustness and efficiency. We find a consistent network structure characterized by modular, self-sufficient contracts and a complex web of function interactions, indicating common coding practices across the blockchain community. Critically, a small number of key functions within each dApp play a pivotal role in maintaining network connectivity, making them potential targets for cyber attacks and highlighting the need for robust security measures.

Figures (28)

• Figure 1: Scheme of a dApp structure. The dApp is composed of $3$ contracts, each with a varying number of functions. Contracts can interact between them via function calls (black arrows).
• Figure 2: Scheme of a toy dApp example vulnerable to re-entrancy and time dependency attacks.
• Figure 3: Composition of the dataset in terms of dApp's category/use-case and compatible blockchain.
• Figure 4: Distribution of dApp sizes. The number of Source Contracts is a proxy for the size. Our dataset is composed of $20$ Small dApps, $22$ Medium dApps, and $22$ Large dApps.
• Figure 5: Box plot of the number of functions per contract. The ends of the box represent the first and third quartiles, the median (second quartile) is marked by a line inside the box, and the end of the whiskers represent the minimum and the maximum.