End-user Comprehension of Transfer Risks in Smart Contracts

TL;DR

End-user comprehension of transfer risks in smart contracts is examined using USDT and a broad ERC-20 corpus. The authors combine a user study with 110 participants and automated/manual source-code analysis of 78 ERC-20 contracts to assess risk prevalence and user perception. Key findings show that users misjudge significant risks like contract upgrades and blacklisting, and that the MetaMask UI often fails to convey risky outcomes; risks also appear in up to 19.2% of ERC-20 contracts, with three additional risk types up to 25.6% prevalence. The study argues for explainable smart contracts and improved UI to enhance end-user safety and trust.

Abstract

Smart contracts are increasingly used in critical use cases (e.g., financial transactions). Thus, it is pertinent to ensure that end-users understand the transfer risks in smart contracts. To address this, we investigate end-user comprehension of risks in the most popular Ethereum smart contract (i.e., USD Tether (USDT)) and their prevalence in the top ERC-20 smart contracts. We focus on five transfer risks with severe impact on transfer outcomes and user objectives, including users being blacklisted, contract being paused, and contract being arbitrarily upgraded. Firstly, we conducted a user study investigating end-user comprehension of smart contract transfer risks with 110 participants and USDT/MetaMask. Secondly, we performed manual and automated source code analysis of the next top (78) ERC-20 smart contracts (after USDT) to identify the prevalence of these risks. Results show that end-users do not comprehend real risks: most (up to 71.8% of) users believe contract upgrade and blacklisting are highly severe/surprising. More importantly, twice as many users find it easier to discover successful outcomes than risky outcomes using the USDT/MetaMask UI flow. These results hold regardless of the self-rated programming and Web3 proficiency of participants. Furthermore, our source code analysis demonstrates that the examined risks are prevalent in up to 19.2% of the top ERC-20 contracts. Additionally, we discovered (three) other risks with up to 25.6% prevalence in these contracts. This study informs the need to provide explainable smart contracts, understandable UI and relevant information for risky outcomes.

Figures (11)

• Figure 1: Overview of Research Methodology
• Figure 2: Sequence of events and corresponding MetaMask flow for a user's failure to make a USDT transfer. The MetaMask flow shows our functionally-equivalent clone of the USDT contract named YUSDT, with bounding boxes highlighting relevant aspects. All scenarios are based on the USDT source code, reflecting intentional features and not fraudulent behavior.
• Figure 3: Source code retrieval process
• Figure 4: Median scores for rejection and reduction reasons
• Figure 5: A violin plot comparing distributions of risk perception response scores, segmented by programming skill. Exhaustive plots for the facets of risk perception questions (unawareness, surprisingness, severity), realness (real, fake) and skill level (programming and Web3) at two different thresholds are found in \ref{['sec:appendix:distributions']}.