What problem does this paper attempt to address?

The problem that this paper attempts to solve is the security vulnerability issues in smart contracts, especially evaluating and identifying potential vulnerable points in Solidity smart contracts through code complexity metrics. Specifically, the paper aims to explore the following points: 1. **Relationship between complexity metrics and vulnerabilities**: Research the differences in different complexity metric indicators between vulnerable and non - vulnerable codes to determine which complexity metrics can most effectively distinguish these two types of codes. 2. **Possibility of predicting vulnerabilities**: Explore the feasibility of using complexity metrics to predict which contracts in the entire smart contract ecosystem may have vulnerabilities. 3. **Correlation and redundancy of complexity metrics**: Analyze the correlation between each complexity metric and identify potential redundancies or inconsistencies. 4. **Association between complexity metrics and the existence of vulnerabilities**: Determine whether specific complexity metrics are associated with the existence of vulnerabilities. ### Main contributions of the paper - **Research objectives**: - Determine whether there are significant differences in complexity metrics between vulnerable and non - vulnerable functions and find the most effective complexity metrics. - Explore whether complexity metrics can be used as indicators to identify the location of potential vulnerable code. - Provide insights into the independent role of each complexity metric in vulnerability assessment. - **Research questions**: - **RQ1**: Is there a correlation between complexity metrics? The purpose is to identify potential redundancies or inconsistencies between various complexity metrics. - **RQ2**: Is there an association between each complexity metric and the existence of vulnerabilities? The purpose is to determine whether certain complexity metrics are associated with the existence of vulnerabilities in a single contract. - **RQ3**: Are there differences in complexity metrics between vulnerable and non - vulnerable codes? The purpose is to investigate whether complexity metrics can effectively distinguish between vulnerable and non - vulnerable functions in the report. - **RQ4**: How do the complexity metrics of vulnerable code differ from those of non - vulnerable code? The purpose is to examine whether code complexity is associated with a higher probability of vulnerability occurrence, so as to allocate resources more effectively to ensure the security of smart contracts. ### Conclusion By analyzing 21 complexity metrics, the paper reveals some high correlations and potential redundancies, but finds that the association between each independent complexity metric and vulnerabilities is weak. However, all complexity metrics can effectively distinguish between vulnerable and non - vulnerable codes, and most complexity metrics (except three) show higher values in vulnerable codes. This indicates that complexity metrics can be a valuable supplementary feature in smart contract vulnerability assessment. ### Method The paper uses the static analysis tool Solmet to extract complexity metrics from Solidity code and evaluates the relationship between these metrics and vulnerabilities through statistical analysis methods. The experimental design includes dataset description, experimental setup, and result analysis, which answers the above research questions in detail. Through this research, the author hopes to emphasize the importance of complexity metrics in smart contract security assessment and provide a valuable reference for future vulnerability detection.