This paper addresses the critical security issue of dependency risks in Ethereum smart contracts. Leveraging a comprehensive dataset comprising 41 million deployed contracts and 11 billion on-chain transactions截至 December 2024, it conducts the first network-wide empirical study. Methodologically, the work employs on-chain crawling, call-graph modeling, centrality analysis, and temporal evolution analysis. Key contributions include: (1) revealing that 59% of transactions involve multi-contract interactions (median: four contracts per transaction), with dependency networks substantially exceeding documented interfaces; (2) identifying extreme concentration among deployers—just 11 entities control 50% of active contracts; and (3) demonstrating that critical dependency contracts are frequently mutable, with the top three hub contracts permitting arbitrary code modification, thereby undermining trustlessness. The study quantifies, for the first time, systemic centralization induced by factory patterns and deployer privileges, significantly expanding the recognized attack surface for smart contracts.

In this paper, we present the first large-scale empirical study of smart contract dependencies, analyzing over 41 million contracts and 11 billion interactions on Ethereum up to December 2024. Our results yield four key insights: (1) 59% of contract transactions involve multiple contracts (median of 4 per transaction in 2024) indicating potential smart contract dependency risks; (2) the ecosystem exhibits extreme centralization, with just 11 (0.001%) deployers controlling 20.5 million (50%) of alive contracts, with major risks related to factory contracts and deployer privileges; (3) three most depended-upon contracts are mutable, meaning large parts of the ecosystem rely on contracts that can be altered at any time, which is a significant risk, (4) actual smart contract protocol dependencies are significantly more complex than officially documented, undermining Ethereum's transparency ethos, and creating unnecessary attack surface. Our work provides the first large-scale empirical foundation for understanding smart contract dependency risks, offering crucial insights for developers, users, and security researchers in the blockchain space.