Why rise in DeFi and Smart Contracts stealing the show?

Why rise in DeFi and Smart Contracts stealing the show?

Why rise in DeFi and Smart Contracts stealing the show?

Why rise in DeFi and Smart Contracts stealing the show?

Why rise in DeFi and Smart Contracts stealing the show?

Read Time: 6 minutes

Fast-food franchises are one of the best real-world examples of decentralization. Each restaurant in the chain is responsible for its operation.

In a similar way, is it possible to disrupt the traditional centralized financial instruments? YES, it is. 

Decentralized Finance (or) DeFi is the term coined to denote Blockchain-based finance that is independent of any central financial authority. But what do WE get from this?? 

Well, what if we remove the trusted third parties/intermediaries like banks & agents? It will slash off all the interest rates and significantly reduce the cost & complexity of transactions across the globe. This peer-to-peer transaction would be enabled by a Distributed Ledger Technology (DLT) and would ease cross-border payments remarkably.


The present digital ecosystem & advent of Ethereum & smart contracts gave a meteoric rise to DeFi. 

According to Forbes, DeFi has touched a market cap of $148 billion, & these protocols have held more than $90 billion in locked up assets this year in smart contracts. Up from $18 billion at the beginning of this year. This is the real traction & valuation carried by these platforms. 

But then what about the clouds of uncertainty & security hovering over the DeFi buzz?

DeFi and smart contracts scams on the RISE

According to global blockchain analytics firm, CipherTrace fraudsters have globally shelved out $432 million between January-April this year. Comparing this period with the same last year, the graph of scam reports increased to 12%. The amount churned out is estimated to be 1000% more than last year.  55% of all major cryptocurrency scams were indeed DeFi hacks. That implies, out of $432 million, $240 million are specifically attributed to DeFi.  

Well, the root cause behind these exploits is any loophole left unnoticed during the development phase. Thus, the need for security of these DeFi solutions gave birth to “Smart Contract Security”. And thus, providing robust & comprehensive smart contract audits started pacing up. Though audits are crucial to ensure the security and privacy of your smart contract, it is also important to look for a trustworthy firm such as QuillAudits. 

Although many vulnerabilities may exist in your smart contract, here are a few most common ones you can look for: 


Blockchain and all the related technologies are still maturing, which means proper standards and new bugs are being discovered every day. In such a volatile environment, project owners have to be a step ahead and be faster than exploiters. Many exploits have surfaced through the DeFi lifecycle. Some of the most notorious are listed below :

  1. Flash Loans Exploitation :

Maybe the most notorious of the bunch. Flash Loans are a new type of loans only possible via the power of DeFi and blockchain. 

Flash Loans require the payment of both the borrowed amount and interest within a single transaction. As this ensures that the lender receives his principal and interest without risk. Huge amounts of loan can be given without any collateral. Originally developed as a tool for developers, Flash loans have now become a thing of dread. 

Many DeFi projects have come up saying they are flash loan resistant only to be exploited for millions by the same technique. Value DeFi tweeted about their flash loan resistant architecture just a day before they lost about $10 million in a flash loan exploit. 

Exploiters take advantage of higher loans to destabilize a decentralized exchange pool and then attack the project that uses that pool for price. Causing prices to either skyrocket or become dirt cheap. Some victims of these attacks are : PancakeBunny, Value DeFi.

  1. Reentrancy Attacks:

Simply stated; a reentrancy attack is a malicious contract that makes a contract execute multiple times before it is done updating its state.

These are specially dangerous attacks as they have the potential to drain any smart contract of all the cryptocurrency that is stored in it. The execution of the contract will continue till the smart contract is empty of ether.

Image Source: https://quantstamp.com/blog/what-is-a-re-entrancy-attack

  1. Coding Mistakes / Bugs:

Smart Contracts are publicly visible through the blockchain and hence the code is under the scrutiny of malicious actors all the time. This means that every line of code must be studied over many times. As a simple typo, or a wrong identifier may result in an exploit. Such an example can be seen in Value DeFi who lost 10 million dollars just because they didn’t initialize a single variable.

Vulnerable Code :

Vulnerable code

The Fix :

Fix to the vulenrable code
  1. Oracle Exploitation: 

Smart Contracts are on chain entities and have no information that is off chain. Yet most often things happening off chain influence the chain more than anything else.

To get this information, contracts use something that is known as oracles. Oracle sources important data off chain which helps the smart contract functioning. They provide price data and influence events like liquidation of loans and current interest rates. 

For many smart contracts these are the only off chain information that they have. Hence oracles provide a single point of failure which may result in the entire smart contract malfunctioning. 

Oracles are an important piece of the puzzle but it requires trusting other people’s code for projects that deal with millions of dollars. Oracles are most commonly manipulated in conjecture with flash loans using them to influence prices. 

An example of an exploit that happened through oracle manipulation was Warp Finance where about $7 million dollars were stolen through the use of flash loans to influence the Uniswap oracle that was employed by Warp Finance giving the hacker an influenced amount of tokens. 

Possible solutions to SMART CONTRACT SECURITY:

With the advent of more exploits, Smart Contract Security has picked up the pace. DeFi projects with their need to get secure have given birth to smart contract auditing, newer standards and coding practices. Many new techniques and methods have come up to deal with these attacks:

  1. Pausable Contracts: 

Pausable Contracts would completely stop any hacker in its tracks by stopping all the contract activity until the exploit is fixed. This is a fail-safe mechanism implemented in many newer DeFi projects to ensure that in case of exploits, the developers can do something to stop the hacker.

  1. Bug Bounties:

DeFi projects keeping in line with decentralized principles have taken to asking the community for help and are rewarding people with cryptocurrencies for finding exploits in their code. This has induced an influx of WhiteHat hackers into the community who find exploits for DeFi projects.

  1. Community Transparency:

DeFi differs from traditional finance and hence most DeFi projects make a conscious project to be more vocal with their communities and build trust. 

Active social media presence and clear and concise communication has helped the community build trust in DeFi projects stuck with them through thick and thin. This is the true power of Decentralized Finance and how it differs from traditional finance where others have control over your money and you don’t have any say in it.

  1. Smart Contract Audits:

Smart Contract Audits have Solidified themselves as the go to for building trust between the community and upcoming projects. Audited contracts are better optimized and more trusted by the community. Many new companies have come up in the space guaranteeing to provide the best audits. 

Final Words:

DeFi is a relatively new space with innovations, use cases and bugs being discovered daily. DeFi holds a lot of promise but it has an uphill road to climb in becoming trustworthy and come at par with traditional finance in terms of security, but with such a dedicated community and more mainstream attention, it’s just a matter of time before we talk of decentralized finance in the same breath as traditional finance. 


Blockchain for dog nose wrinkles' Ponzi makes off ~$127M🐶

Project promised up to 150% returns on investment in 100 days, raising about 166.4 billion South Korean won — or about $127 million — from 22,000 people.

Latest blogs for this week

Understanding Fuzzing and Fuzz Testing: A Vital Tool in Web3 Security

Read Time: 5 minutes When it comes to smart contracts, ensuring the robustness and security of code is paramount. Many techniques are employed to safeguard these contracts against vulnerabilities
Read More

How EigenLayer’s Restaking Enhances Security and Rewards in DeFi

Read Time: 7 minutes Decentralized finance (DeFi) relies on Ethereum staking to secure the blockchain and maintain consensus. Restaking allows liquid staking tokens to be staked with validators in
Read More

ERC 404 Standard: Everything You Need to Know

Read Time: 7 minutes Introduction Ethereum has significantly shaped the crypto world with its introduction of smart contracts and decentralized applications (DApps). This has led to innovative developments in
Read More

DNS Attacks:  Cascading Effects and Mitigation Strategies

Read Time: 8 minutes Introduction DNS security is vital for a safe online space. DNS translates domain names to IP addresses, crucial for internet functionality. DNS ensures unique name-value
Read More

EIP-4844 Explained: The Key to Ethereum’s Scalability with Protodanksharding

Read Time: 7 minutes Introduction  Ethereum, the driving force behind dApps, has struggled with scalability. High fees and slow processing have limited its potential. They have kept it from
Read More

QuillAudits Powers Supermoon at ETH Denver!

Read Time: 4 minutes Calling all the brightest minds and leaders in the crypto world! Are you ready to build, connect, and innovate at the hottest event during ETH
Read More

Decoding the Role of Artificial Intelligence in Metaverse and Web3

Read Time: 7 minutes Introduction  Experts predict a transformative shift in global software, driven by AI and ML, marking the dawn of a new era. PwC predicts AI will
Read More

Transforming Assets: Unlocking Real-World Asset Tokenization

Read Time: 7 minutes In the blockchain, real-world assets (RWAs) are digital tokens that stand for tangible and conventional financial assets, including money, raw materials, stocks, and bonds. As
Read More
Scroll to Top

Become a Quiffiliate!
Join our mission to safeguard web3

Sounds Interesting, Right? All you have to do is:


Refer QuillAudits to Web3 projects for audits.


Earn rewards as we conclude the audits.


Thereby help us Secure web3 ecosystem.

Total Rewards Shared Out: $200K+