Decentralized Applications (DApps) serve as the gateway to utilizing blockchain technology. As their prevalence continues to grow, DApps are becoming increasingly interconnected. For instance, a DApp does not need to manage the prices of various tokens internally, as it can retrieve this information from other DApps that provide more up-to-date data. However, such deep reliance also introduces more attack surfaces, posing greater risks to both DApps and their users. In this paper, we refer to the security threat arising from the interdependence of DApps as Insecure State Dependency (ISD). Public reports indicate that ISD has led to losses exceeding 340 million USD. Existing ISDs are mostly found by extensive manual auditing and lucky incident, as automated discovery of such issues is extremely difficult. More specifically, it is by no means trivial to (1) achieve precise data tracking in the intertwined and invisible interactions of DApps, (2) obtain fine-grained semantic information in low semantic bytecode. In this paper, we propose a novel framework, called InsFinder, for detecting ISD in DApps. Specifically, InsFinder consists of three unique modules to overcome the aforementioned challenges. (1) InsFinder employs dynamic cross-DApp taint analysis to achieve accurate multi-source data tracking in heavily coupled DApp interactions. (2) InsFinder uses source mapping to map bytecode identifiers into meaningful source code, such as variable names or statements, enabling a deeper understanding of bytecode. (3) InsFinder implements fine-grained access control and static analysis for ISD entry point detection. Evaluation on a manually annotated dataset with 93 real-world ISDs shows that InsFinder successfully detects 72 of them, achieving a precision of 84.7% and a recall of 77.4%. Furthermore, InsFinder successfully uncovers 165 previously unreported ISDs across 122 DApp projects. These ISDs collectively impact over 2 million USD.