Enforcing Control Flow Integrity on DeFi Smart Contracts
Zhiyang Chen, Sidi Mohamed Beillahi, Pasha Barahimi, Cyrus Minwalla, Han Du, Andreas Veneris, Fan Long
TL;DR
CrossGuard addresses the security gap in DeFi smart contracts by enforcing onchain control flow integrity using a one-time deployment configuration. It relies on four whitelisting policies and two runtime simplification heuristics to distinguish benign from malicious control-flow patterns, enabling preemptive rejection of unsafe transactions without requiring historical benign traces. Empirical evaluation on 37 hacked DeFi protocols shows CrossGuard blocks 35 attacks with a low average false positive rate of 0.26% and modest gas overhead (3.53% on average, 7.52% on major protocols), outperforming Trace2Inv in both baseline and trained scenarios. The work demonstrates practical, scalable protection for DeFi ecosystems and outlines avenues for refinement via administrator feedback and expanded whitelisting of legitimate complex flows.
Abstract
Smart contracts power decentralized financial (DeFi) services but are vulnerable to security exploits that can lead to significant financial losses. Existing security measures often fail to adequately protect these contracts due to the composability of DeFi protocols and the increasing sophistication of attacks. Through a large-scale empirical study of historical transactions from the 37 hacked DeFi protocols, we discovered that while benign transactions typically exhibit a limited number of unique control flows, in stark contrast, attack transactions consistently introduce novel, previously unobserved control flows. Building on these insights, we developed CrossGuard, a novel framework that enforces control flow integrity onchain to secure smart contracts. Crucially, CrossGuard does not require prior knowledge of specific hacks. Instead, configured only once at deployment, it enforces control flow whitelisting policies and applies simplification heuristics at runtime. This approach monitors and prevents potential attacks by reverting all transactions that do not adhere to the established control flow whitelisting rules. Our evaluation demonstrates that CrossGuard effectively blocks 35 of the 37 analyzed attacks when configured only once at contract deployment, maintaining a low false positive rate of 0.26% and minimal additional gas costs. These results underscore the efficacy of applying control flow integrity to smart contracts, significantly enhancing security beyond traditional methods and addressing the evolving threat landscape in the DeFi ecosystem.