This thesis presents a multi-layer dynamic security framework for protecting DeFi smart contracts against evolving attack vectors that traditional static analysis and security audits fail to detect. The framework addresses the critical challenge that many DeFi exploits succeed not due to source code bugs, but because of flawed assumptions about user behaviors and external dependencies that emerge only during runtime. The proposed system consists of three complementary components: (1) CrossGuard, a pre-deployment control flow integrity enforcement system that only whitelists legitimate function invocation patterns; (2) Trace2Inv, a runtime invariant generation and enforcement tool that learns user behavioral patterns from historical transaction data across 23 invariant templates; and (3) a systematic DeFi risk analysis tool that evaluates compositional risks and dependencies across the entire DeFi ecosystem. The framework leverages the programmable and upgradeable nature of modern smart contracts to progressively tighten security measures as protocols establish stable operational patterns. Initial evaluation targets demonstrate blocking 85% of historical exploits with less than 1% false positive rate and under 20% gas overhead. This approach provides an orthogonal defense layer that complements existing security measures.

Zhiyang is a PhD student at University of Toronto, supervised by Prof. Fan Long. Prior than that, he was luckily advised by Prof. Xinyu Wang at UMich, worked on multiple program synthesis projects. His current research focus on smart contract security with static and dynamic analysis and blockchain scaling (zkRollup). He is generally interested in Programming Languages, Software Engineering, Security and Distributed Systems. He also works as a Research Engineer at Zircuit. Prior to that, He also worked at Quantstamp.