DeFi protocols have lost billions to exploits since the sector's inception. The composability that makes DeFi powerful also creates complex attack surfaces that are difficult to secure. Flash loan attacks, oracle manipulation, governance exploits, and smart contract vulnerabilities continue to drain protocols despite growing awareness. Here is how to build DeFi systems that resist the most common attack vectors.
Flash Loan Attack Prevention
Flash loans allow anyone to borrow unlimited capital without collateral, as long as the loan is repaid within a single transaction. Attackers use this capital to manipulate prices, exploit vulnerable protocols, and extract value. Defences include using time-weighted average prices (TWAPs) instead of spot prices for critical calculations, implementing minimum time delays between deposits and withdrawals, using Chainlink oracles or similar decentralised price feeds rather than relying on single-source AMM prices, and adding circuit breakers that pause operations when unusual price movements are detected. Any function that relies on token balances or prices within its execution context should be reviewed for flash loan exploitability.
Oracle Security
Price oracles are the most critical external dependency in DeFi. Secure oracle integration requires:
- Multiple oracle sources: Never rely on a single oracle. Use Chainlink as primary with fallback to Uniswap TWAP or other decentralised sources. Compare prices across sources and reject outliers.
- Staleness checks: Verify that oracle data is fresh. If a price feed has not updated within expected intervals, operations depending on that price should be paused rather than using stale data.
- Deviation bounds: Reject price updates that deviate beyond reasonable thresholds from the previous value. Sudden large price changes should trigger review rather than automatic execution.
Access Control and Upgrade Security
Privileged functions — those that can modify protocol parameters, pause operations, or upgrade contracts — must be protected with robust access control. Use timelocks on all governance actions so the community can review changes before they take effect. Implement multi-sig requirements for admin functions, with keys distributed across independent parties. For upgradeable contracts, use the UUPS pattern with governance-controlled upgrade authority and timelock delays. Consider making critical parameters immutable once the protocol is mature — removing the ability to change parameters eliminates the risk of malicious parameter changes. Document all privileged roles and their capabilities transparently.
Incident Response and Monitoring
Despite best efforts, incidents happen. Prepare for them: implement emergency pause functionality that can halt protocol operations within seconds. Run real-time monitoring on all critical contract interactions, watching for unusual transaction patterns, large withdrawals, and unexpected function calls. Set up alerts through services like Forta, Tenderly, or custom monitoring infrastructure. Maintain an incident response plan that defines who can trigger emergency actions, communication procedures, and post-incident analysis processes. War-gaming exercises — simulating attacks against your own protocol — reveal gaps in both code and operational procedures. At Born Digital, we build DeFi protocols with security as the primary design constraint, implementing defence in depth from smart contract architecture through to operational monitoring.