The security of decentralized applications (DApps) and smart contracts has emerged as a critical research area, as various security issues (e.g., vulnerabilities in upgradeable smart contracts and off-chain message signing) are posing significantrisks to the blockchain ecosystem. Although numerous studies have been conducted to identify and mitigate these security issues, they continue to evolve in complexity due to the unique characteristics of decentralized systems, which often renderprior research efforts insufficient. For upgradeable smart contracts in DApp, their flexibility introduces complex security challenges, requiring in-depth analysis to understand their vulnerabilities. Off-chain message signing, increasingly prevalent inDApps, facilitates many innovative features but also expose new risks that could result in significant financial losses. Additionally, various ERC standard tokens, which are widely used in DApps, introduce further security considerations that must be addressed. Therefore, a comprehensive understanding and security analysis of DApps is essential to understand the current state of the blockchain landscape and to propose effective mitigation strategies. As a result, we propose a series of studies and characterization to analyze these systems and their associated risks. More specifically, we propose 1) a large-scale study and taxonomy of upgradeable smart contracts to identify their design patterns and security vulnerabilities; 2) a novel automated hybrid analysis framework to detect security issues in off-chain message signing withinDApps; 3) a framework to detect and analyze ERC standard tokens in DApps, focusing on their functionalities and associated security risks; and 4) an in-depth analysis of multi-token smart contracts and batch operations to uncover systemic vulnerabilities and design flaws in large-scale deployments.