Why rise in DeFi and Smart Contracts stealing the show?

Why rise in DeFi and Smart Contracts stealing the show?

Table of Contents

Read Time: 6 minutes

Fast-food franchises are one of the best real-world examples of decentralization. Each restaurant in the chain is responsible for its operation.

In the similar way, is it possible to disrupt the traditional centralized financial instruments? YES, it is. 

Decentralized Finance (or) DeFi is the term coined to denote Blockchain based finance that is independent of any central financial authority. But what do WE get from this?? 

Well, what if we remove the trusted third parties/intermediaries like banks & agents? It will slash off all the interest rates and significantly reduce the cost & complexity of the transactions across the globe. This peer-to-peer transaction would be enabled by a Distributed Ledger Technology (DLT) and would ease the cross-border payments remarkably.


The present digital ecosystem & advent of Ethereum & smart contracts gave a meteoric rise to the DeFi. 

According to Forbes, DeFi has touched a market cap of $148 billion, & these protocols have held more than $90 billion in locked up assets this year in smart contracts. Up from $18 billion at the beginning of this year. This is the real traction & valuation carried by these platforms. 

But then what about the clouds of uncertainty & security hovering over the DeFi buzz?

DeFi and smart contracts scams on the RISE

According to global blockchain analytics firm, CipherTrace fraudsters have globally shelved out $432 million between January-April this year. Comparing this period with the same last year, the graph of scam reports increased to 12%. The amount that churned out is estimated to be 1000% more as compared to last year.  It is true that 55% of all major cryptocurrency scams were DeFi hacks. That implies, out of $432 million, $240 million are specifically attributed to DeFi.  

Well, the root cause behind these exploits is any loophole left unnoticed during the development phase. Thus, the need for security of these DeFi solutions gave birth to “Smart Contract Security”. And thus, providing robust & comprehensive smart contract audits started pacing up. Though audits are a very crucial part to ensure the security, and privacy of your smart contract, it is also important to look for a trustworthy firm such as QuillAudits. 

Although many vulnerabilities may exist in your smart contract, here are a few most common ones you can look for: 


Blockchain and all the related technologies are still maturing which means proper standards and new bugs are being discovered every day. In such a volatile environment project owners have to be a step ahead and be faster than exploiters. Many exploits have surfaced through the DeFi lifecycle some of the most notorious are listed below :

  1. Flash Loans Exploitation :

Maybe the most notorious of the bunch. Flash Loans are a new type of loans only possible via the power of DeFi and blockchain. 

Flash Loans require the payment of both the borrowed amount and interest within a single transaction. As this ensures that the lender receives his principal and interest without risk. Huge amounts of loan can be given without any collateral. Originally developed as a tool for developers, Flash loans have now become a thing of dread. 

Many DeFi projects have come up saying they are flash loan resistant only to be exploited for millions by the same technique. Value DeFi tweeted about their flash loan resistant architecture just a day before they lost about $10 million in a flash loan exploit. 

Exploiters take advantage of higher loans to destabilize a decentralized exchange pool and then attack the project that uses that pool for price. Causing prices to either skyrocket or become dirt cheap. Some victims of these attacks are : PancakeBunny, Value DeFi.

  1. Reentrancy Attacks:

Simply stated; a reentrancy attack is a malicious contract that makes a contract execute multiple times before it is done updating its state.

These are specially dangerous attacks as they have the potential to drain any smart contract of all the cryptocurrency that is stored in it. The execution of the contract will continue till the smart contract is empty of ether.

Image Source:

  1. Coding Mistakes / Bugs:

Smart Contracts are publicly visible through the blockchain and hence the code is under the scrutiny of malicious actors all the time. This means that every line of code must be studied over many times. As a simple typo, or a wrong identifier may result in an exploit. Such an example can be seen in Value DeFi who lost 10 million dollars just because they didn’t initialize a single variable.

Vulnerable Code :

Vulnerable code

The Fix :

Fix to the vulenrable code
  1. Oracle Exploitation: 

Smart Contracts are on chain entities and have no information that is off chain. Yet most often things happening off chain influence the chain more than anything else.

To get this information, contracts use something that is known as oracles. Oracle sources important data off chain which helps the smart contract functioning. They provide price data and influence events like liquidation of loans and current interest rates. 

For many smart contracts these are the only off chain information that they have. Hence oracles provide a single point of failure which may result in the entire smart contract malfunctioning. 

Oracles are an important piece of the puzzle but it requires trusting other people’s code for projects that deal with millions of dollars. Oracles are most commonly manipulated in conjecture with flash loans using them to influence prices. 

An example of an exploit that happened through oracle manipulation was Warp Finance where about $7 million dollars were stolen through the use of flash loans to influence the Uniswap oracle that was employed by Warp Finance giving the hacker an influenced amount of tokens. 

Possible solutions to SMART CONTRACT SECURITY:

With the advent of more exploits Smart Contract Security has picked up pace. DeFi projects with their need to get secure have given birth to smart contract auditing, newer standards and coding practices. Many new techniques and methods have come up to deal with these attacks:

  1. Pausable Contracts: 

Pausable Contracts are something that would completely stop any hacker in its tracks by stopping all the contract activity till the exploit is fixed. This is a fail-safe mechanism that is being implemented in many newer DeFi projects to ensure that in case of exploits the developers can do something to stop the hacker.

  1. Bug Bounties:

DeFi projects keeping in line with decentralized principles have taken to asking the community for help and are rewarding people with cryptocurrencies for finding exploits in their code. This has induced an influx of WhiteHat hackers into the community who find exploits for DeFi projects.

  1. Community Transparency:

DeFi differs from traditional finance and hence most DeFi projects make a conscious project to be more vocal with their communities and build trust. 

Active social media presence and clear and concise communication has helped the community build trust in DeFi projects stuck with them through thick and thin. This is the true power of Decentralized Finance and how it differs from traditional finance where others have control over your money and you don’t have any say in it.

  1. Smart Contract Audits:

Smart Contract Audits have Solidified themselves as the go to for building trust between the community and upcoming projects. Audited contracts are better optimized and more trusted by the community. Many new companies have come up in the space guaranteeing to provide the best audits. 

Final Words:

DeFi is a relatively new space with innovations, use cases and bugs being discovered daily. DeFi holds a lot of promise but it has an uphill road to climb in becoming trustworthy and come at par with traditional finance in terms of security, but with such a dedicated community and more mainstream attention it’s just a matter of time before we talk of decentralized finance in the same breath as traditional finance. 

Reach out to QuillAudits

QuillAudits is accomplished in delivering efficient smart contract audits. If you need any assistance in the smart contracts audit, feel free to reach out to our experts here!

Follow QuillAudits for more updates

Twitter | LinkedIn Facebook


Related Articles

View All

Leave a Comment

Your email address will not be published.



In one of the protocol's lending pools, an exploiter escaped with over 44 RBTC by employing a price manipulation method.



We request BSC Validators to get in touch with us within the next few hours so that we can plan a node upgrade.

We'd like to thank the community again for their continuous support.


A spammer has caused havoc for Zcash node operators by filling transaction Blocks with a large number of shielded transaction outputs. Many believe this is a FUD designed to draw attention.





[MUST KNOW] Security Tips for Web3—

Don’t ever think it can’t happen to you🚫!

Don’t Rush⚡

In crypto, we all like to move fast, grab the most hyped thing to shell out millions in a minute.

But at the same time, we forget that we are the most vulnerable ones as well.

Hashing Bits | Week - 39 📮

A recap of last week’s Web3 security exploits unwrapped –

‣MEV bot earns $1M to find them all lost to a hack due to the contract vulnerabilities
‣Jason Falovitch, a cryptocurrency entrepreneur, lost six ETH and four NFTs of $150K to a hack.


Load More

90 Types of Crypto Worth $160M Stolen 🚨

It was observed from the Omni bridge source code that the logic to verify chainID was present, but the verified chainID used in the contract was pulled from a value stored in the storage named uintStorage.

Become a Quiffiliate!
Join our mission to safeguard web3

Sounds Interesting, Right? All you have to do is:


Refer QuillAudits to Web3 projects for audits.


Earn rewards as we conclude the audits.


Thereby help us Secure web3 ecosystem.

Total Rewards Shared Out: $190K+