Blockchain smart contracts are increasingly used in critical use cases (e.g., financial transactions). Thus, it is pertinent to ensure that their end-users understand risks in attempting token transfers. Addressing this, we investigate end-user comprehension of five transfer risks (e.g. the end-user being blacklisted) in the most popular Ethereum contract, USD Tether (USDT), and their prevalence in other top ERC-20 contracts. First, we conducted a user study investigating end-user comprehension of transfer risks in USDT with 110 participants. Second, we performed source code analysis of the next top (78) ERC-20 smart contracts to identify the prevalence of these risks. Study results show that the majority of end-users do not comprehend some real risks, and confuse real and fictitious risks. This holds regardless of participants’ self-rated programming and Web3 proficiency. Source code analysis demonstrates that examined risks are prevalent in up to 19.2% of the top ERC-20 contracts.
https://dl.acm.org/doi/10.1145/3706598.3713887
The ACM CHI Conference on Human Factors in Computing Systems (https://chi2025.acm.org/)