Existing cross-chain solutions primarily focus on asset transfers and rely on centralized intermediaries, suffering from security vulnerabilities and scalability bottlenecks. This paper proposes the first decentralized framework enabling general-purpose smart contract execution across heterogeneous blockchains—extending beyond asset transfer to support trustless, atomic invocation and state synchronization among multi-chain contracts. Our contributions are fourfold: (1) a compact on-chain state attestation mechanism that minimizes verification overhead; (2) a secure cross-chain messaging protocol coupled with a lightweight state synchronization algorithm; (3) a stake-based incentive and penalty model to mitigate DoS attacks; and (4) end-to-end formal modeling and verification ensuring strict atomicity, consistency, and tamper resistance. Experimental evaluation demonstrates that the framework significantly improves both security and efficiency of cross-chain contract execution—without requiring any trusted third party.

This paper introduces CrossLink, a decentralized framework for secure cross-chain smart contract execution that effectively addresses the inherent limitations of contemporary solutions, which primarily focus on asset transfers and rely on potentially vulnerable centralized intermediaries. Recognizing the escalating demand for seamless interoperability among decentralized applications, CrossLink provides a trustless mechanism for smart contracts across disparate blockchain networks to communicate and interact. At its core, CrossLink utilizes a compact chain for selectively storing authorized contract states and employs a secure inter-chain messaging mechanism to ensure atomic execution and data consistency. By implementing a deposit/collateral fee system and efficient state synchronization, CrossLink enhances security and mitigates vulnerabilities, offering a novel approach to seamless, secure, and decentralized cross-chain interoperability. A formal security analysis further validates CrossLink's robustness against unauthorized modifications and denial-of-service attacks.