Smart contracts power decentralized financial (DeFi) services but are vulnerable to security exploits that can lead to significant financial losses. Existing security measures often fail to adequately protect these contracts due to the composability of DeFi protocols and the increasing sophistication of attacks. Through a large-scale empirical study of historical transactions from the 37 hacked DeFi protocols, we discovered that while benign transactions typically exhibit a limited number of unique control flows, in stark contrast, attack transactions consistently introduce novel, previously unobserved control flows. Building on these insights, we developed CrossGuard, a novel framework that enforces control flow integrity onchain to secure smart contracts. Crucially, CrossGuard does not require prior knowledge of specific hacks. Instead, configured only once at deployment, it enforces control flow whitelisting policies and applies simplification heuristics at runtime. This approach monitors and prevents potential attacks by reverting all transactions that do not adhere to the established control flow whitelisting rules. Our evaluation demonstrates that CrossGuard effectively blocks 35 of the 37 analyzed attacks when configured only once at contract deployment, maintaining a low false positive rate of 0.26% and minimal additional gas costs. These results underscore the efficacy of applying control flow integrity to smart contracts, significantly enhancing security beyond traditional methods and addressing the evolving threat landscape in the DeFi ecosystem.

翻译：智能合约为去中心化金融（DeFi）服务提供支持，但其安全漏洞可能导致重大财务损失。由于DeFi协议的可组合性及攻击手段日益复杂，现有安全措施往往无法充分保护这些合约。通过对37个遭黑客攻击的DeFi协议历史交易进行大规模实证研究，我们发现：良性交易通常仅展现有限数量的独特控制流，而攻击交易则持续引入前所未有的新型控制流。基于这些发现，我们开发了CrossGuard——一种在链上强制执行控制流完整性的新型智能合约安全框架。关键的是，CrossGuard无需预先了解具体攻击模式。该框架仅在部署时配置一次，即可在运行时实施控制流白名单策略并应用简化启发式规则。该方法通过回滚所有违反既定控制流白名单规则的交易，实现潜在攻击的监测与阻断。评估结果表明：在合约部署时仅配置一次的情况下，CrossGuard能有效阻断37个被分析攻击中的35个，同时保持0.26%的低误报率及可忽略的额外燃气成本。这些结果证实了控制流完整性机制应用于智能合约的有效性，其安全性显著超越传统方法，能够应对DeFi生态系统中不断演变的威胁态势。