Detecting non-price-related flash loan attacks—particularly those exploiting zero-day smart contract vulnerabilities—in DeFi platforms remains highly challenging. Method: This paper proposes the first runtime proactive defense framework, which identifies attack patterns in real time via smart contract function signatures and schedules stealthy dust transactions within the mempool observation window to perturb victim contract states, thereby breaking attack atomicity and forcing transaction rollbacks. Contribution/Results: It establishes the first proactive defense paradigm specifically for non-price-related flash loan attacks and introduces the first mempool-state-interference-based mitigation mechanism. Experiments demonstrate an average detection latency of 150.31 ms, a precision of 99.93%, and an average interference latency of 410.92 ms, successfully preventing over $405 million in historical losses.

Smart contracts in Decentralized Finance (DeFi) platforms are attractive targets for attacks as their vulnerabilities can lead to massive amounts of financial losses. Flash loan attacks, in particular, pose a major threat to DeFi protocols that hold a Total Value Locked (TVL) exceeding $106 billion. These attacks use the atomicity property of blockchains to drain funds from smart contracts in a single transaction. While existing research primarily focuses on price manipulation attacks, such as oracle manipulation, mitigating non-price flash loan attacks that often exploit smart contracts' zero-day vulnerabilities remains largely unaddressed. These attacks are challenging to detect because of their unique patterns, time sensitivity, and complexity. In this paper, we present FlashGuard, a runtime detection and mitigation method for non-price flash loan attacks. Our approach targets smart contract function signatures to identify attacks in real-time and counterattack by disrupting the attack transaction atomicity by leveraging the short window when transactions are visible in the mempool but not yet confirmed. When FlashGuard detects an attack, it dispatches a stealthy dusting counterattack transaction to miners to change the victim contract's state which disrupts the attack's atomicity and forces the attack transaction to revert. We evaluate our approach using 20 historical attacks and several unseen attacks. FlashGuard achieves an average real-time detection latency of 150.31ms, a detection accuracy of over 99.93%, and an average disruption time of 410.92ms. FlashGuard could have potentially rescued over $405.71 million in losses if it were deployed prior to these attack instances. FlashGuard demonstrates significant potential as a DeFi security solution to mitigate and handle rising threats of non-price flash loan attacks.