

























Software built on poor structural patterns often shows higher exposure to security defects. When code differs from established best practices, verification and maintenance become increasingly difficult, thereby raising the risk of unintentional vulnerabilities. In the context of blockchain technology, where immutable smart contracts handle high-value transactions, the need for strict security assurance is important. This research analyzes the utility of software complexity metrics as diagnostic tools for identifying vulnerable Solidity smart contracts. We evaluate the hypothesis that complexity measures serve as vital, complementary signals for security assessment. Through an empirical examination of 21 distinct metrics, we analyzed their inter-dependencies, statistical association with vulnerabilities, and discriminative capabilities. Our findings indicate a significant degree of redundancy among certain metrics and a relatively low correlation between any single metric and the presence of vulnerabilities. However, the data demonstrates that these metrics possess strong power to distinguish between secure and vulnerable code when analyzed collectively. Notably, with only three exceptions, vulnerable contracts consistently exhibited higher mean complexity scores than their neutral counterparts. While our results show a statistical association, we emphasize that complexity is an indicator rather than a direct cause of vulnerability.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。