Decentralized Finance (DeFi): A Survey

Erya Jiang∗ , Bo Qin∗ , Qin Wang¶ , Zhipeng Wang§ , Qianhong Wu† , Jian Weng‡
Xinyu Li∗ , Chenyang Wang∗ , Yuhang Ding∗ , Yanran Zhang∗
∗ Renmin University of China, China
¶ University of New South Wales, Australia
§ Imperial College London, UK
arXiv:2308.05282v2 [cs.CR] 30 Nov 2023

† Beihang University, China

‡ Jinan University, China

Abstract • Extensibility. DeFi’s open-source nature encourages user

contributions, facilitating the emergence of novel finan-
Decentralized Finance (DeFi) is a new paradigm in the cre-
cial concepts such as flash loans [6, 7].
ation, distribution, and utilization of financial services via the
As of Aug. 2023, the total locked value (TLV)1 in DeFi
integration of blockchain technology. Our research conducts
markets has reached US$40.257b, following a peak value of
a comprehensive introduction and meticulous classification
US$253b in Dec. 2021 (also claimed in [8]). This substantial
of various DeFi applications. Beyond that, we thoroughly
investment has sparked numerous innovations, including de-
analyze these risks from both technical and economic per-
centralized exchanges (DEXs, e.g., Uniswap [9], dYdX [10]),
spectives, spanning multiple layers. We point out research
lending (Compound [11], Aave [12]), yield aggregators (Con-
gaps and revenues, covering technical advancements, innova-
vex [13], Harvest [14]), liquid staking (Lido [15], Rocket
tive economics, and sociology and ecology optimization.
Pool [16]), and various other developments [1].
Previous investigations. We highlight several recent studies
1 Introduction that have elegantly reviewed DeFi-related concepts. Wener
et al. [1] conducted the first systematic studies focusing on
With blockchain’s rise, Decentralized Finance (DeFi) [1] has general DeFi protocols, covering layer-based protocols and
emerged as a disruptive financial paradigm in the middle services. Moin et al. [17] classified major stablecoin designs,
of 2020 (a period known as the DeFi summer), challenging while Zhao et al. [18] specifically explored algorithmic sta-
traditional finance [2]. DeFi utilizes blockchain for creating, blecoins. Bartoletti et al. [19] introduced lending protocols
distributing, and utilizing financial services [3], surpassing using a formal model that describes their transitions as a state
traditional finance in various aspects: machine reflecting user interactions. Xu et al. [20] presented
• Trustless. DeFi protocols eliminate centralized interme- a general business model for a small corpus of DeFi proto-
diaries like brokerages, banks, and insurance companies, cols, including protocols for loanable funds, DEXs, and yield
which come with defects such as high costs, cumbersome aggregators. Li et al. [21] describe the picture of confidential
processes, account opening restrictions, e.g., Know Your smart contrast that can be used for DeFi privacy. Xu et al. [22]
Customer (KYC), and lack of transparency. comprehensively reviewed DEXs and their corresponding au-
• Non-human intervention. DeFi’s trading rules are pre- tomated market maker (AMM) protocols. Erinle et al. [23]
written, making automation and immutability key fea- provided a comprehensive overview of cryptocurrency wallets
tures [4] while running on-chain that reduces counter- that support DeFi services. Lastly, Zhou et al. [8] thoroughly
party risk and eliminates the single point of failure. investigated a range of attacks and incidents in the DeFi space.
• Maximal availability. Most DeFi products have no down- Additionally, a series of research works have drawn their focus
time, enabling 24/7 financial services to everyone. on MEV extractions [24,25] and frontrunning attacks [26–28].
• Borderless. DeFi enables global accessibility without This paper follows the burgeoning prosperity of DeFi and
being restricted by national boundaries, allowing any- extends its research horizons. We explore the mechanisms of
one from anywhere including those from low economic DeFi apps and investigate the security risks from technologi-
levels or underserved regions to leverage its services. cal and economic perspectives (cf. Figure 1). In particular,
• Permissionless. Deployed in a decentralized manner • We conduct a comprehensive statistical analysis of the
across peer-to-peer (P2P) networks, opens new oppor- literature in the DeFi field. According to the analyti-
tunities for organizations, e.g., DAOs [5] to areas previ-
ously accessible only to licensed institutions. 1 Data source: https://defillama.com [Aug. 2023], marked as #DefiLlama.

1
 cal methods (Section 2), we obtain more than 10,000 trends, and statistical significance to analyze the data. We also
DeFi-related research articles and conduct qualitative employed qualitative analysis to complement the quantitative
and quantitative analyses. analysis. This allowed us to gain a holistic understanding of
• We propose a DeFi classification frame based on the the subject matter and capture nuanced insights.
complexity of financial services. The frame (summarized
asset management high
in Table 1) classifies DeFi applications into three cate- option perpetual contract

Service
Level
Derivative active
gories (Section 3): tool level, basic functionality level, insurance positive prediction market

and service level. We detail the structure of DeFi appli-

Financial Service Complexity

pool lending reserve pool
order on-chain

Basic Functions
Lending Exchange automatic market
cations and related research insights in each category. flash loan book off-chain
maker (AMM)

Level
• We discuss the security of DeFi applications from two
on-chain reserve over-collateralized issue
pillars: technical (Section 4) and economic perspectives Stablecoin off-chain reserve
algorithm issue
(Section 5). Our discussions are grounded in relevant off-chain polymerization sidechains
Oracles Asset Bridge relay
academic papers and real-world incidents, outlining a on-chain generation atomic swaps

Level
Tools
broad spectrum of DeFi risks, possible losses, implemen- fungible
hot cold
tations, and possible defenses (summarized in Table 2). Digital Asset cryptocurrency token semi-fungible Wallet wallet wallet
non-fungible
• We provide information on the gap between existing DeFi data source standard underlying asset management tool low
realizations and the ideal state. We conclude by propos-
ing technological, sociological, and economic research Figure 2: DeFi Ecological Structure
directions (Section 6).

Section 2-Methodology 3 DeFi Applications

Risks of DeFi Section 3-DeFi Applications
Section 4-Technical Security Risks Tools of DeFi We conducted a statistical analysis on over 10,000 DeFi-apps-
Infrastructural Layer
Protocol Layer
Basic Functins of DeFi Section 6- related literature pieces that we obtained.
Application Layer Services of DeFi Open
Research Observation. DeFi research literature availability correlates
Section 5-Economic Security Risks Challenges with proximity to blockchain logic. We observe that research
Liquidity Depletion Governance Risk
Market Manipulation Flashloan Attack on DeFi tools and functionalities closely tied to blockchain
Ponzi and Fraud emerged earlier and has more quantity. For example, digital
Death Spiral and Instability CeFi Impact
assets research, due to the native token-blockchain consensus
relationship, is the most abundant in DeFi.
Figure 1: Paper Structure
Insight. Initially, DeFi research focused on fundamental
tools and logic. This is because establishing a reliable and
secure blockchain infrastructure was crucial during the early
2 Methodology stages of blockchain and DeFi development. This involved
core technologies like decentralized development, consensus
We provide the analytical approach of statistical literature algorithms, network security, and smart contract platforms
analysis and outline the corresponding modeling process. The for automated financial functions. These studies deepened
results based on quantitative and qualitative analysis will be the understanding of blockchain’s underlying logic, resulting
presented in the following sections. in extensive literature. As the infrastructure was established,
Our analysis started with retrieving academic papers and exploration and development of complex DeFi tools and appli-
research articles related to DeFi from IEEE Xplore, ACM, cations followed. Early research mirrored the developmental
and Springer. After keyword screening and manual checking, process of the financial system, which begins with establish-
we obtained a total of 15,598 relevant articles. ing basic tools and infrastructure before expanding to a wider
In reviewing the existing literature, we realized that an ef- range of products and services. Similarly, DeFi progressed
fective way to classify the themes of existing works is based from infrastructure construction to the research and develop-
on the financial complexity of the DeFi application, as shown ment of diverse tools and applications.
in Figure 2. According to this classification, DeFi applica- Observation. DeFi research has seen a significant increase,
tions can be classified as digital assets, wallets, oracles and especially in 2022 and 2023. These papers explore previously
asset bridges at infrastructural level, stablecoins, lending, and unexplored aspects of DeFi, such as DeFi derivatives.
exchanges at functional level, and diverse derivatives at ser- Insight. The research boom in DeFi since 2022 is attributed
vice level. In addition, we have screened and classified the to several factors, including the maturation and expansion
literature that offers DeFi security risk solutions. of the DeFi market, technological innovations, and increased
We utilized quantitative techniques including employing involvement of institutions and enterprises. As the DeFi mar-
descriptive statistics and other tools to establish relationships, ket matures, there is a rising demand for diverse and complex

2
DeFi products, including derivatives. The validation of DeFi’s Insight. DeFi encompasses multiple disciplines, including
potential through industry practices has also played a role. economics, information security, law, and more. When review
Introduction of new technologies like Layer-2 scaling solu- articles lean towards a single disciplinary perspective, they
tions, cross-chain technologies, and privacy protection has tend to be influenced by specific viewpoints and limitations.
opened up new possibilities. Additionally, the participation This ultimately stems from the fact that authors may be in-
of enterprises and the regulatory measures and resources they fluenced by their own disciplinary viewpoints, leading to a
bring have further fueled research in DeFi. lack of understanding of other disciplines. This reflects the in-
sufficient depth of collaboration among different disciplinary
Digital Asset
Wallet
talents, highlighting the need to cultivate interdisciplinary
Oracle talents with a comprehensive perspective.
Asset Bridge Observation. Empirical research lacks a macro perspective
Stablecoin
Lending
and broader significance in investigating DeFi apps. Apart
Exchange from empirical research in the field of digital assets, which
Option includes market data analysis, other areas rely more on case
Insurance studies investigating specific projects, resulting in a lack of
re
Asset Management
befo macro perspectives and broader empirical investigations.
2016 2017 2018 2019 2020 2021 2022 2023 Perpetual Contract
2016
Prediction Market Insight. Due to the novelty of DeFi, empirical research in
this domain faces challenges. Inconsistent definitions and
Figure 3: Trend of Research Literature on DeFi Applications unclear models complicate empirical investigations. Privacy
(Log10 Scale): We illustrate the trends of literature related and data protection concerns surrounding DeFi apps make it
to different DeFi apps over time. Notably, literature on asset difficult to acquire sufficient data for macro perspectives and
management, prediction markets, and perpetual contracts is broad empirical studies. The rapid emergence of new DeFi
limited, leading to overlapping lines with the horizontal axis. apps and models also poses challenges in keeping up with the
pace of innovation and conducting comprehensive research.
Observation. Technical solutions constitute the main type of Consequently, empirical research in DeFi tends to focus more
literature in the DeFi field. on specific case studies rather than broader investigations.
Insight. Technical solutions being the focus of researchers
and practitioners is inherent as DeFi is driven by technology
3.1 Tools of DeFi
practice and application. They play a key role in transforming
theories into practical tools and platforms. Digital Asset. Native cryptocurrencies and derivative tokens
constitute the money flowing in DeFi.
Digital Asset Wallet Oracle Asset Bridge
4000 3952 250 900 813 100 Native cryptocurrency. Native cryptocurrency refers to the
3200 200 720 80
179 primary digital asset of a blockchain. Prominent exam-
2400 150 540 60
1600 100 360 40 34
ples include Bitcoin [29], Ethereum [30], Litecoin [31],
1018 60
800 755 50 39 180
53
20
7
Monero [32–34], and Zcash [35, 36], all operating on stan-
32 0
0 0 0 0
SA ES TS SA ES TS SA ES TS SA ES TS dalone blockchains and incentivized within their respective
Stablecoin Lending Exchange Option
100 100 250 50 economies. These cryptocurrencies can be directly transferred
80 80 78 200 40
145
on the chain that hosts them and used for paying transaction
60 54 60 150 30
40 35 40 100 20
fees, serving various functions within its ecosystem.
21 25 56
20 20
5
50
20
10
1
5 Derivative Token. Many DeFi apps issue tokens representing
0
0 0 0 0
SA ES TS SA ES TS SA ES TS SA ES TS the ownership of the assets corresponding to the app. Addi-
Insurance Asset Management Perpetual Contract Prediction Market
50 50 50 50 tionally, DeFi app-issued tokens can perform in lending [12],
40 37 40 40 40
staking [16], and insuring [37], and be empowered to par-
30 30 30 30
20 15 20 20 20
ticipate in governance. Tokens in physical form represent
10
1
10
1 1
10
1
10
1 3
ownership of real-world assets like real estate and collectibles.
0 0 0 0
0 0 0 0
SA ES TS SA ES TS SA ES TS SA ES TS Ethereum has a wide range of token standards for various
DeFi apps. The widely known ERC-20 standard is fungible
Figure 4: Publications of Literature Type: We classify the lit- and interchangeable and used for currencies, voting tokens,
erature into three categories: review articles (blue), empirical and pledge tokens. Other Ethereum token standards are tai-
studies (green), and technical solutions (yellow). We summa- lored for specific scenarios, such as non-fungible token stan-
rize the distribution of different types of literature. dard ERC-721 used in artwork and digital collections, and
semi-fungible token standard ERC-1155 utilized in GameFi
Observation. Review articles often assess from a single dis- and copyright. ERC-998 is designed to combine ERC-20
ciplinary perspective, restricting comprehensive evaluations. and ERC-721, enabling compatibility and interoperability.

3
Other blockchain platforms like Binance Smart Chain (BSC), data information. As of Oct. 2023, the total value of all oracles
Avalanche, and Bitcoin have also introduced their own token reached US$25b, with Chainlink holding nearly half of the
standards, such as BEP-20, BEP-721, ARC-721, and BRC-20, market among more than 40 different oracles (#DefiLlama).
following similar rules to the ERC standards.
There is controversy regarding the classification of DeFi To ensure trustworthy on-chain data, the accuracy of data is
tokens as currencies, commodities, or securities. Some DeFi the main concern [44]. We have observed that review articles
tokens exhibit currency attributes, possessing wide usability in this field generally classify oracles based on their opera-
and circulation, while others may be classified as securities tional mechanisms, which can be broadly categorized into
due to their characteristics of representing ownership, div- provider identity-based and voting-based oracles. Identity-
idends, or investment returns. The classification also relies based oracles involve specific implementation methods such
on regulatory standards, which are varied across regions and as setting whitelists/blacklists, incorporating identity verifica-
continuously adjusted given the technical complexity of DeFi. tion in transport layer protocols, or using machine learning
The digital asset research field within DeFi emerged early techniques to identify reliable and cost-effective oracles [45].
and has a wealth of literature. Quantitative and predictive MakerDao [46] is an example of this type of oracle. On the
research, specifically focused on the cryptocurrency market, other hand, voting-based oracles incentivize providers to ex-
is a significant area of study. Quantitative research employs hibit economically rational behavior and provide accurate
historical market data to develop trading strategies and al- data through monetary rewards and penalties. Implementation
gorithms based on technical analysis indicators, statistical methods for voting-based oracles include peer-to-peer pre-
models, and machine learning methods. Predictive research, diction [47, 48], reputation mechanisms [49], game-theoretic
on the other hand, involves constructing forecasting models approach for price data verification [50, 51], and others.
using time series analysis, machine learning, and deep learn-
While different approaches have been implemented, chal-
ing techniques. Notably, the integration of machine learning
lenges remain in ensuring data security. Identity-based oracles
and deep learning, along with comprehensive consideration
are vulnerable to single points of failure and bribery attacks.
of market characteristics and risks, are prominent features
Voting-based oracles have limited applicability due to the
within this research field.
need for data verification, which restricts them to publicly
Wallet. A wallet is a tool for managing the keys and addresses accessible information. These oracles also face challenges
of digital asset holders. Wallets serve to interact with the like data latency and high verification costs. Furthermore, the
blockchain instead of storing on-chain assets. In DeFi, users timeliness and freshness of time-sensitive data are often over-
can manage multiple accounts from a single wallet. looked in current research, creating a dilemma in balancing
Typically, a wallet has three basic functions: recording, re- security and timeliness.
ceiving, and transferring currencies. With the development,
its functions have evolved from simple transfers to encompass Asset Bridge. Heterogeneous blockchains present a chal-
multi-chain management, asset custody, and other scenarios. lenge to achieving smooth interoperability in DeFi. Asset
Numerous academic research and industry examples on the bridge is a solution for asset transfer and interoperability be-
functional expansion of wallets exist. Software wallets like tween different blockchains. In the days that have passed in
imToken [38], Bip [39], Wetez [40], TrustWallet [41], and 2023, the average daily trading volume of the asset bridge
hardware wallets like Ledger [42] and Trezor [43] have ex- exceeded $214 million, with the highest daily trading volume
plored and implemented these functionalities. In the industry, reaching $1.232b (#DefiLlama), reflecting active trading ac-
multi-chain wallets are typically developed by creating in- tivity in the business. The functioning of an asset bridge varies
terfaces for different blockchains. Some multi-chain wallets depending on the implementation. Atomic swaps allow the
have even introduced “flash exchange” functionality, utilizing direct exchange of cryptocurrency across blockchains [52].
exchange rates as a medium for transactions. Ripple introduced the InterLedger protocol (ILP) in 2012,
Wallet security is a critical consideration, encompassing facilitating cross-ledger interactions through third-party no-
key preservation, recovery procedures, and risk mitigation. taries. Pegged sidechains were proposed by the Bitcoin Core
Cold wallets offer physical isolation but carry the risk of loss, development team in 2014. Interoperability platforms such
which has led to the development of hot and non-custodial as Cosmos [53]and Polkadot [54] realize cross-chain commu-
wallets. Multi-factor authentication, such as biometrics and nication and interaction through relay chains or side chains.
behavioral features, has been implemented to enhance security. In 2015, Joseph Poon and Thaddeus Dryja conceptualized
Secret sharing and Trusted Third Party (TTP) verification have the Bitcoin Lightning Network. In 2016, BTC-Relay [55], a
also been employed to strengthen security of key recovery. cross-chain solution based on a relay chain, achieved one-way
Oracle. The execution of smart contracts requires meeting cross-chain connectivity between Ethereum and Bitcoin [56].
conditions specified in the contracts, while also requiring sup- Vitalik Buterin [57]’s effort provided an in-depth analysis of
port from external data. Oracle provides external data sources blockchain interoperability issues. Notable cross-chain DeFi
for smart contracts on the blockchain, supplying them with applications include Thorswap [58] and Chainswap [59].

4
3.2 Basic Functions of DeFi based on credit assessment models [76, 77] and incentive pun-
ishment mechanisms [78] are proposed, respectively. In the
Stablecoin. The prices of cryptocurrencies are highly volatile, industry, TrueFi [79], DeFi Passport [80], and CreDA [81]
but stablecoins offer price stability as they are pegged to fiat have carried out the practice of on-chain credit assessment.
currencies, which is exactly why stablecoins were born. As Flash loans are DeFi’s innovative non-collateralized lend-
a foundational currency, stablecoins support liquidity pools, ing tool and have various use cases, such as arbitrage, collat-
lending, insurance, and other financial activities [60], mitigat- eral swapping, and self-liquidation [6]. Flash swaps provide
ing the risks associated with market fluctuations. As of Oct. similar services to flash loans within DEXs. Both flash loans
2023, the stablecoin market contains a total market capitaliza- and flash swaps leverage the atomicity of transactions, uti-
tion of over $120b and over 100 projects (#DefiLlama). lizing optimistic transfers that enable collateral-free loans or
Stablecoins circulation involves reserve, insurance, and token exchange transactions as long as the loan is repaid by
other essential links.Methods of forming stablecoins include the end of the block (illustrated in Figure 3).
off-chain reserves, such as USDT [61], USDC [62], and
Exchange. In traditional exchanges, market makers summa-
GUSD [63], on-chain collateralization like Dai [46] and
rize trades based on the seller’s request and the buyer’s of-
LUSD [64], and algorithmic stablecoins without collater-
fer on the order book. Decentralized exchanges (DEXs) de-
alization such as AMPL [65], Basis [66], FRAX [67], and
centralize aggregation, clearing, and market making through
UST [68]. Among them, we have found that algorithmic sta-
blockchain [82, 83]. More than 1000 apps have made DEXs
blecoins are a controversial object of research. While hav-
the most abundant application type in DeFi, with a TLV of
ing the advantages of high transparency and low/no collat-
US$11.498b (#DefiLlama).
eral rates, multiple algorithmic stablecoin crashes, including
DEX can be divided into different models based on the
Luna-UST collapse in 2022 [69], have cast a shadow over this
implementation of trading pair discovery and order match-
solution. To address this challenge, Klages Mundt et al. [70]
ing [84]. These models include on-chain order book model
propose modeling-based approaches to enhance stablecoin
as implemented by Stellar, off-chain order book model as
design and resilience, ensuring price stability even amidst
implemented by 0x [85], AirSwap [86], IDEX [87] and
market shocks. Fu et al. [71] propose a rational Ponzi model
dYdX [10, 88], and non-order book model which is one
to analyze the sustainability of algorithmic stablecoins.
of the most important innovations of DeFi. Methods of
A critical issue we identified in stablecoin research is the
no-order book model, including reserve pool (implemented
lack of widely accepted definitions for stablecoins. Existing
by KyberNetwork [89]) and algorithms of AMM like con-
literature often lacks clarity in defining what precisely consti-
stant mean (adopted by Balancer [90]), constant product
tutes a stablecoin. While some review articles discuss various
(adopted by Uniswap [9]), dynamic weighting(adopted by
implementation approaches, they do not provide a definitive
Bancor [91]) and mixed-function algorithm(adopted by the
core definition. Many papers focus on highlighting the desired
Curve Finance [92]), have been implemented in the indus-
characteristics and advantages of an ideal stablecoin, without
try. This is also one of the hottest research areas, includ-
delving into a concrete definition. Only a few studies examine
ing reviews that categorically evaluate different implemen-
stablecoin definitions from a legislative perspective or attempt
tations [22, 93, 94] and specific algorithms that have been
to model specific types of stablecoins.
put into practice in the industry. We observe that empirical
Lending. DeFi lending abandons the centralized credit as- research is a kind of literature that is relatively lacking. There
sessment framework but relies on recognized collateral for are some case studies on individual algorithms like [95], but
pooling liquidity, enabling low-cost lending and arbitrage, there is a lack of empirical studies based on extensive data.
and improving the transferability of debt holdings. DeFi lend-
ing has a large market, with a TLV of $14.782b and 300+
3.3 Services of DeFi
Apps (#DefiLlama). It allows borrowers to engage in trading
activities, while lenders can earn additional revenue via collat- Inspired by traditional derivatives, DeFi offers on-chain op-
eral rates [72]. The primary motivation for users to use DeFi tions, asset management, and decentralized insurance by re-
lending is to obtain participation rewards, such as governance placing traditional processes with on-chain automatic execu-
tokens. In extreme cases, investors can form a borrowing tions [3]. New financial derivatives, such as perpetuity con-
spiral [73] or leverage spiral [74] to maximize benefit. tracts and prediction markets, have also emerged.
DeFi lending apps typically involve collateralization, lend- DeFi derivatives are a recent development in both industry
ing, and liquidation. Based on such a model, apps like Com- and academia. However, compared to the industry’s quick im-
pound [11] and AAVE [12], enable over-collateralized, trust- plementation and over US$1.8b TLV (#DefiLlama), research
less DeFi lending. But out of the demand for low/zero collat- on DeFi derivatives is limited, with only a few available pa-
eralization and regulatory requirements, undercollateralized pers. Empirical research in this field is almost non-existent,
lending is born, building credit on the blockchain and setting and most review articles focus on discussing the feasibility
the constraints for using the borrowed assets [75]. Solutions of DeFi derivatives. They emphasize the benefits compared

5
 Table 1: DeFi Construction and Classification

Feature Property

ns
hai

n
tio

Complexity
dC

on

Scalability
l

us
ode

za

ati

ue

Stability
cte

mo
ali
st M

niq
niz
nne

ony
ntr

h
Tok
Tru

Tec
Co

Ce

An
Project Type
Bitcoin [29] - One - M. - BC - - -
Digital Assets

Ethereum [30] - One - M. - BC - - -

Litecoin Native Crypocurrency - One - M. - BC - - -
Monero [96] - One - H. - Ring-sig, Stealth Address - - -
Zcash [97] - One - H. - zk-Snark, Multi-sig - - -
ERC-20 [98] Token Standard - One Up to Apps M. - SC - - -
Ledger [42] - Multiple - M. - TEE - - -
Cold Wallet
Trezor [43] - Multiple - H. - Multi-sig, 2FA - - -
Wallets

Metamask [99] - Multiple - H. - Offline Storage - - -

Zengo [100] Hot Wallet TTP Multiple - M. - MPC-TSS, 3FA - - -
Argent [101] TTP Multiple - H. - Multi-sig, 2FA - - -
MakerDao [46] Alliance Oracle, Stablecoin TTP One DAO M. Dai, MKR Allowlist H. M. L.
Oracle

Chainlink [49] Off-chain Input - Multiple - M. LINK Reputation, Staking H. H. M.

NEST [51] Fact Generation - One - M. QP Token Game Theory H. M. H.
Cosmos [53] TTP Multiple Hub H. ATOM IBC - H. L.
Polkadot [54] BC Engine TTP Multiple Validator M. DOT Parachain - H. L.
Bridges

BTC-relay [55] Relay TTP Two Mainchain M. ETH-BTC SPV - M. M.

Polygon Bridge [102] - Multiple - M. POL Lock&Mint - - -
DApps Based
ThorSwap [58] - Multiple(Cosmos) - M. RUNE Third Party Chains, LP - - -
Tether [61] Off-chain Reserve - Multiple Issuer L. USDT - H. H. L.
Stablecoins

Liquity [64] Over-collateral - One - M. LQTY, LUSD - M. M. M.

Ampleforth [65] - Multiple - M. AMPL QTM-based Algorithmic L. L. H.
Frax Finance [67] - One - M. FRAX, FXS Algorithmic Seigniorage L. L. H.
Algorithmic
Basis [66] - One - M. BAC, BAS, BAB Algorithmic Seigniorage L. L. H.
Terra [68] - One - M. UST, LUNA Parachain L. M. H.
AAVE [12] - Multiple No M. Aave - - - -
Over-collateral
Lendings

Compound [11] - Multiple No M. COMP - - - -

TrueFi [79] TTP One Staker M. TRU - - - -
Under-collateral
Maple Finance [103] TTP One Pool Delegates L. MPL - - - -
Stellar [104] On-chain Orderbook - Multiple - M. XLM Manual Matching - L. -
0x [85] - Multiple Orderbook M. ZRX Manual Matching - M. -
Off-chain Orderbook
Exchanges

dYdX [10] - Multiple(Cosmos) Orderbook M. DYDX Manual Matching - M. -

KyberNetwork [89] - One - M. KNC Reserve Pool - H. -
Bancor [91] - One - M. BNT Constant product - H. -
Uniswap [9] Non-orderbook - Multiple - M. UNI Constant mean - H. -
Balancer [90] - One - M. BAL Dynamic weight - H. -
Curve Finance [92] - One - M. CRV Hybrid function - H. -
Opium [105] TTP One Orderbook M. OPIUM Off-chain Orderbook - - -
Opyn [106] Option - One - M. Squeeth AMM - - -
Hegic [107] - One - M. HEGIC Peer-to-Pool - - -
Enzyme [108] TTP One DAO/Manager M. MLN Active Asset Management - - -
Asset Management
Derivatives

Set [109] - One - M. - Passive Strategy, Social Trading - - -

Nexus Manual [37] - One - M. - Risk Sharing Pool - H. -
VouchForMe [110] TTP One - M. - Social Network Proof - H. -
Augur [111] Insurance - One - M. REP Prediction Market - H. -
CDx [112] - One - M. CDX, Cred Tokenized CDS - L. -
Tokens [106] - One - M. oToken Put Option - L. -
Augur [111] - One Staker M. REP Voting - - -
Prediction Market
Omen [113] - One - M. OWL Conditional Tokens - - -

− = Does not provide property;

Abbr.: BC = Blockchain; Tx = Transaction; SC = Smart Contracts; QTM = Quantity Theory of Money;
LP = Liquity Pool; IBC = Inter-Blockchain Protocol; CDS = Credit Default Swap; H./M./L. = High/Medium/Low.

to traditional solutions but lack evaluations of implemented Furthermore, frequent DeFi incidents have raised significant
solutions. This may be related to the novelty of the field. concerns about the security of funds. Insurance is seen as a
Additionally, there is a more substantial and earlier body significant tool to mitigate risk and enhance capital security,
of research related to DeFi insurance, possibly because of which is why it received earlier attention and exploration. In
the high level of decentralization and collateral involved in contrast, research on other types of DeFi derivatives, such as
the DeFi space, making risk management a crucial concern. options, perpetual contracts, and asset management, is rela-

6
tively scarce. This may be because insurance is a traditional and turns the decision on insurance claims into a transpar-
financial instrument with well-established concepts and ap- ent and verifiable process achieved through implementing
plications, while other derivatives such as perpetual contracts shared pool models(e.g. Nexus Mutual [37]), social proof en-
are still in relatively early stages of development, involving dorsement(e.g. VouchForMe [110]) or prediction markets(e.g.
more technical and compliance challenges. Augur [111]) and financial derivatives(e.g. oTokens [106]).
Option. DeFi options enable the buying or selling of an asset Insurance is one of the most widely studied applications
at a predetermined price in the future through decentralized in DeFi derivatives. The review literature has discussed the
platforms. The process is automated by smart contracts and potential [124] and risk [125] of blockchain technology in
involves two main participants: the buyer and the seller. DeFi the insurance industry and the possible application for the
markets offer higher efficiency and liquidity compared to tradi- entire insurance process [126]. Various solutions have also
tional options trading. These decentralized options protocols been proposed including the construction of the entire frame-
cater to investors seeking high-risk, high-leverage cryptocur- work [127] and the enhancement of efficiency [128], verifia-
rencies for speculation, as well as traders looking for hedging bility [129], traceability [130] and other performance.
and protection against volatile cryptocurrencies. Perpetual Contract. DeFi perpetual contracts allow partici-
The workflow of DeFi options trading is similar to tradi- pants to speculate or hedge against the price movements of an
tional options, with two main players facilitated by smart con- underlying asset, similar to leveraged spot trades, but without
tracts. Various solutions exist based on the matching process, an expiration date, and use a fund fee mechanism to track
including off-chain order matching models like Opium [105], the price index of the underlying asset. DeFi perpetual con-
where orders are handled off-chain and settled on-chain. tracts are usually implemented as NFTs by smart contracts
AMM mechanisms are implemented by Opyn [106], while and can be traded in DEXs. Participants can be incentivized
Hegic adopts liquid sharing pools [107]. DeFi options en- by providing liquidity and receiving rewards.
compass standardized European options, some non-standard Prediction Market. Prediction markets involve the creation,
options, and over-the-counter (OTC) options. Deribit [114], trading, and settlement based on real-world event outcomes
OKEx [115], and other exchanges have launched standardized using smart contracts. Participants are motivated by profit-
options trading services. MatrixPort [116] offers "watch cur- sharing for accurate predictions and liquidity rewards. The
rency rise" OTC options, while Babel Finance [117] provides revenue in prediction markets is directly impacted by event
a “sharkfin” capital-protected income management product outcomes, making it a significant incentive. To determine
based on barrier options. event outcomes, prediction markets use incentive mechanisms
Asset Management. DeFi asset management combines func- like reward and punishment or oracles providing real-world
tions of digital assets, oracles, lending, and more DeFi apps data. Augur [111], for example, incentivizes accurate report-
to achieve asset management, portfolio management, and risk ing through a dispute mechanism where the winner receives
management. It allows investors to delegate investment deci- the loser’s staked tokens. Omen Prediction Market [113] intro-
sions to third parties while maintaining trustless functional- duced Reality.eth, a decentralized oracle challenging previous
ity. Smart contracts handle investments, trades, and portfolio user results to approach the truth.
adjustments based on investor requirements. DeFi asset man-
agement offers low start-up costs, and quick set-up times, and 4 Technical Security Risks
enables anyone to become a fund manager or investor.
DeFi asset management can be categorized as active or We identified three types of technical security risks based on
passive. Active asset management involves a professional DeFi architectural design (Table 2): infrastructure layer risk,
team making investment decisions and trades, for example, protocol layer risk, and application layer attacks.
Enzyme [108]’s managers or DAO members and Babylon
Finance [118]’s community governance. Passive asset man-
agement such as Set [109] and Index Coop [119], on the other 4.1 DeFi Infrastructural Layer
hand, allows users to create their own indices, structured prod- Risks in Network Communication. DeFi relies on network
ucts, and more in the form of smart contracts. Integrated protocols like TCP/IP, which directly impact the security of
platforms combine active and passive ways, offering quantita- networks. Attackers can exploit vulnerabilities, manipulate
tive analysis with machine learning, such as SW DAO [120], messages, or control network service providers, posing risks
Kava DeFi Platform [121], and DAOventures [122]. to the security of transactions. Denial of Service (DoS) attacks
Insurance. DeFi insurance has the same working aspects as pose a threat where attackers may leverage network conges-
traditional insurance, including creation, purchase, and claim tion to flood the system with invalid transactions or consume
of insurance. The differences between DeFi insurance and excessive bandwidth and computing resources. Additionally,
traditional are that DeFi insurance enables all users to create node transparency risks such as Eclipse attacks [131] and
their own insurance content as can be seen in Etherisc [123] Sybil attacks [132] and centralized control by a few entities in

7
 mempool
51% attacks [133] can undermine trust, security, and stability. ①
✔ ��1 ✔
��1 ④ discorver ③ scan
Researchers have proposed various approaches to analyze approve Eve
②
network security, including attack graph analysis [134, 135] Alice 100 Token ⑤ ���1 ✔
Eve
40 Gwei ���1
and mathematical models quantifying parameters like risk,
transfer From ✔ ��2 ！
vulnerability, and threat [136]. Alice to Eve
��2
100 Token
Risks in Consensus Algorithm. Consensus algorithms en- revoke approve
45 Gwei ✔ ��3 ✔
Eve 50 Token
able nodes to reach agreement on tasks such as transaction 40 Gwei
ordering, block generation, and data validation. Nodes are in- ���2
transfer From ���2 ✔
centivized with block rewards and transaction fees. However, ��3
approve Eve Alice to Eve Expected Actual
this decision-making power introduces uncertainty regarding 50 Token 50 Token order order
Block i 40 Gwei 40 Gwei
the transactions included in a block, which can be exploited Block i+k
by attackers through Miner Extractable Value (MEV) [24]. (a) Front-running Attack
While MEV can have legitimate uses, such as ensuring timely mempool ���1
①
liquidation in lending protocols, facilitating accurate price ��1 use TokenB
formation, and arbitraging in DEX, it also creates problems buy x Token� ��1
Alice gas g Gwei
for users. MEV can result in advantageous forks over the
② scan ���2
main chain [137, 138]. Attackers utilize MEV for front- ���1 use TokenB order
③ discover buy x TokenA

TokenB
running [139, 140] or sandwich attacks [27], compromising Price3
gas g+1 Gwei
fairness [141] and colluding with nodes for profit. ④
Eve Price2
Forks. A fork occurs when the main chain splits into two ���2 sell Token� Price1
separate chains. The forked chain may have different security for TokenB
Block i gas g Gwei Block i+k Token�
and stability, making it more susceptible to new vulnerabili-
ties and attacks. This can disrupt the compatibility of smart (b) Sandwich Attack
contracts on both chains, requiring redevelopment and migra-
tion. In DeFi, chain forks can fragment markets and reduce Figure 5: Front-running and Sandwich Attack
liquidity. Users may lose funds by mistakenly operating on counterparty trades for additional revenue. The main differ-
the wrong chain. Attackers can exploit forks to gain unearned ence between sandwich attacks and front-running attacks is
rewards by overtaking and overwriting the main chain. the timing of target transaction execution and their respective
Front-running. Front-running attacks (cf. Figure 5a) occur targets. Sandwich attacks impact prices by executing counter-
when an attacker predicts or monitors a user’s transactions and party trades simultaneously, causing unfair trading losses for
submits their own transactions with higher priority, blocking the target trader. Front-running attacks gain an advantage by
others and altering outcomes for additional profit [26, 142]. submitting trades before execution, resulting in unfair trading
They exploit blockchain transparency and transaction latency. costs for other traders. Although confirming specific sand-
The bZx lending platform suffered a front-running attack in wich attacks can be challenging, there have been reports of
Feb. 2020, where attackers borrowed assets and sold them numerous DeFi sandwich attacks exploiting illiquidity, price
at manipulated prices, earning significant profits. Mitigation slippage, and execution delays on DEXs for additional profit.
front-running risks solutions include lightning networks for
off-chain transactions, batch order processing to narrow the
window and raise costs for attackers, sealed transactions to 4.2 DeFi Protocol Layer
prevent eavesdropping, and fee market efficiency improve-
ment to reduce MEV and front-running profitability [143,144]. Smart contracts are vital for implementing and securing DeFi
FaaS like Flashbots enables traders to directly send transac- functions. However, they are vulnerable to common vulnera-
tions to miners, aiming to reduce front-running risks and give bilities, which have been recognized by academia [147] and
users more control. However, Weintraub et al. [145] found industry [148]. Beyond coding, improper protocol design can
that over 80% of Ethereum’s MEV occurs through Flashbots, also introduce security risks.
raising questions about the feasibility of FaaS and potential Risks in Writing Smart Contracts. Coding errors such as
competitive concerns for other participants. arithmetic errors, conversion errors, inconsistent access con-
Sandwich Attack. A sandwich attack [27] (cf. Figure 5b) trol, and functional reentry are some representative vulnera-
is an exploitation tactic where an attacker executes coun- bilities in smart contracts [149, 150].
terparty trades before and after a target trade to profit from Reentry. A reentry attack is a significant threat to smart con-
price discrepancies and illiquidity. The attacker manipulates tract security. Attackers exploit this vulnerability by repeat-
the price by squeezing the low-cost trade between the target edly executing a specific contract function and invoking ma-
trade [146]. Attackers monitor DEX order books and trading licious contracts during each execution [151]. The attacker
activity to identify profitable opportunities and swiftly submit deploys a malicious contract with callable functions into the

8
target contract and re-invokes it multiple times by calling a test, audit upgrades, establish monitoring, and rollback mech-
function of the target contract. This attack allows unautho- anisms to detect and mitigate problems promptly.
rized access to contract funds, modifies the contract status, or Risks in Design of Protocols. Alongside code vulnerabili-
performs other malicious actions. The DAO, a community- ties, security risks can arise from inadequate protocol design,
based investment and fund allocation platform, experienced a including logical vulnerabilities, flawed economic models,
reentry attack in 2016. The attacker successfully steals mil- insufficient risk management, and inappropriate authorization.
lions of Ether by repeatedly calling the withdrawal function Complex algorithms or models may overlook specific scenar-
through a malicious contract. To prevent reentry attacks, the ios, impeding proper functionality. Economic models with
Ethereum community has implemented improvements such inflationary, deflationary, or unfair revenue sharing may lead
as a "backward transfer" mode, modifiers to restrict external to revenue loss or instability. Insufficient risk management
contract calls, locking mechanisms, status markers, state vari- measures hinder responses to adverse events and risk miti-
ables, and lock flags to track and prevent re-calls of functions. gation. In Jun. 2021, Iron Finance faced a crisis due to its
Overflow. Overflow is common in smart contracts and can re- economic model when its governing token TITAN’s price
sult in unexpected money transfers, contract lockouts, or DoS. collapsed. Massive selling of both TITAN and its stablecoin
These vulnerabilities include integer overflow, array overflow, IRON triggered a mechanism that minted more TITAN as
and memory overflow. Attackers exploit integer overflow to IRON’s price dropped, intensifying the price drop and caus-
alter contract states or transfer funds. Array overflow allows ing a death spiral. Furthermore, flawed designs may grant
attackers to access other data in a contract’s memory, leading administrators undue control, enabling manipulation or Rug
to data tampering. Memory overflow can cause contract exe- Pull. The Compounder Finance team misused administrator
cution failure. In 2018, attackers exploited an integer overflow privileges to replace audited contracts with malicious ones,
vulnerability in BeautyChain, an Ethereum-based platform, resulting in the misappropriation of user funds.
resulting in the theft of approximately $3 million in cryp-
tocurrency. Similarly, Meerkat Finance, a BSC-based lending
protocol, suffered a loss of $31 million in Mar. 2021 due to 4.3 DeFi Application Layer
an overflow vulnerability. To prevent such vulnerabilities, de-
velopers should focus on boundary checking during coding The security risks of DeFi extend beyond the system’s internal
and conduct thorough code reviews. workings to include external attacks towards asset bridges,
irregular services provided by auxiliary applications like ora-
Random Numbers Misuse. Misuse of random numbers in
cles, and users’ misconceptions about smart contracts.
smart contracts can lead to security and fairness issues [152]
[153]. Attackers exploit this vulnerability to predict or manip- Risks in Cross-chain. Cross-chain attacks exploit the mecha-
ulate outcomes, gaining unfair advantages. In 2018, hackers nism of cross-chain transactions, posing risks to the security
manipulated the random number generator of the EOSPlay and stability of cross-chain DeFi apps. These attacks can lead
gambling contract on the EOS blockchain, receiving signifi- to asset loss, transaction delays, and information tampering.
cant rewards. Insecure random numbers in functions like key There are two main types of cross-chain attacks: native-chain
generation compromise encryption algorithms. To prevent attacks and inter-chain attacks. Native-chain attacks include
misuse, developers should carefully assess the need for ran- double-spend attacks, false proof attacks, vulnerability ex-
dom numbers. Verifiable generators like Blockchain-based ploits, reverse transaction attacks, and replay attacks [178].
Random Number Generators (BRNGs) and protocols like Dis- Inter-chain attacks encompass relay blocking and inter-chain
tributed Random Number Generation (DRNG) can enhance route hijacking [181]. Payment channels may also be vulner-
security. Security audits and code reviews are also essential. able to wormhole attacks, where intermediate node fees can
Risks in Updating Smart Contracts. Smart contract up- be stolen [183]. DeFi cross-chain applications face unique
dates pose potential issues and security risks such as contract security risks. Cross-chain smart contracts in DeFi apps are
misbehavior, funds loss, contract unavailability, or reduced exposed to vulnerabilities in their own code and the calling
security. Incompatibility between new and previous versions relationship between contracts. Price manipulation attacks
can introduce vulnerabilities, hinder data migration, or disrupt and repeated borrowing and lending attacks are examples of
contract dependencies. Incorrect configuration parameters or cross-chain attacks faced by DeFi apps, as seen in the case of
tampering can lead to contract failures or unexpected out- the attack on PancakeSwap in Apr. 2021.
comes [154]. New permission mechanisms or access control Risks in Auxiliary Tools. Auxiliary services are entities that
rules may result in incorrect or overly permissive configu- promote efficiency but are external to the system.
rations, enabling unauthorized actions. Mismanagement of Oracle Manipulate. Oracle manipulation by hackers involves
multiple contract versions can lead to inconsistencies. For providing false data to smart contracts, leading to improper
instance, in April 2021, Uranium Finance on BSC suffered benefits or disruption of normal operations [187]. This manip-
an attack due to neglected parameter changes during a con- ulation can result in negative consequences, including stable-
tract upgrade. To prevent such issues, developers should plan, coin unanchoring, malicious carry trades, forced liquidation,

9
 Table 2: Concerns and Solutions in DeFi Applications and Open Research Challenges

Incidents Research Perspective

Affected Layers Attacks Time Application Loss Solutions Technology Sociology Economy Ecology
Dos (DDoS) [155] [156] 2020/05 Youbi N/A [156] [157] ✓
Network Eclipse Attack [131] [158] [159] ✓
Infrastructural

- - -
Communication Sybil Attack [132] Various Arbitrum 253M ARB [160] ✓
Layer

51% Attack [133] [161] 2020/04 PegNet 0.6M USD [162] ✓

Fork [163] [139] [27] - - - [163] ✓ ✓
Consensus Front-running Attack [26] [142] 2021/03 DODO 0.7M USD [143] [144] ✓ ✓
Technical Security Risk

MEV
Algorithm Sandwich Attack [146] [27] 2021/10 Alpha Homora V2 40.93 ETH [164] [165] ✓ ✓
Arbitrage Attack [166] 2021/01 Saddle Finance 8 BTC [167] ✓ ✓
Reentry [168] [151] 2016/06 The DAO 3.6M ETH [151] ✓
Protocol
Layer

Smart Contract Overflow [169] [170] 2018/07 Bancor 1.2M USD [171] [172] ✓
Misuse of Random Number [152] [153] 2021/07 AnySwap 8M USD [172] ✓
Protocol Rug Pull [173] 2021/03 Meerkat Finance 20M USD [174] ✓ ✓
Double Spend Attack [175] 2020/02 DForce 2.5M USD [176] ✓
False Proof Attack [175] [177] 2022/02 Wormhole 1.2M ETH [177] ✓
Replay Attack [178] 2022/09 OmniBridge 2M ETHW [179] [180] ✓
Application

Bridge Inter-Chain Route Hijacking [181] - - - [182] [180] ✓

Layer

Wormhole Attack [183] - - - [184] ✓

Cross-chain Price Manipulation [185] 2023/08 Neutra Finance 23.5 ETH [185] [186] ✓ ✓
Auxiliary Tools Oracle Manipulation [187] [1] [44] 2023/06 Themis Protocol 0.37M USD [188] ✓ ✓
Usage Method Phishing Attack [183] [189] 2022/12 Bitkeep 8M USD [190] [191] ✓ ✓ ✓
Real Collapse/Incidents
Economic Risk

Liquidity Depletion 2019/09 Compound - [192] [193] ✓

Infrastructural

+ Applicatoin

Governance Risk 2022/04 Beanstalk 77M USD [194] [195] ✓ ✓ ✓ ✓

+ Protocol

✓ ✓ ✓ ✓
Layers

Market Manipulation 2022/10 Mango 114M USD [196] [197]

Flashloan various various various [139] [7] ✓ ✓
Death Spiral 2022/05 Luna-UST Collapse 60B USD [198] [71] ✓
Ponzi and Fraud 2022/11 FTX Collapse 32B USD [199] ✓ ✓ ✓
CeFi Impact 2023/03 SVB Collapse 23B USD [200] [201] ✓

and depleted protocol liquidity. Attackers target data sources cient liquidity can result from adverse market conditions, in-
by attacking API interfaces or tampering with supply chains. creased risk sentiment, or rapid fund withdrawals. Factors like
They provide false or inaccurate data, modify prices or offer market fluctuations, falling collateral prices, or manipulation
incorrect market information. To prevent oracle manipulation, can also contribute to liquidity depletion. The Black Thursday
developers must prioritize secure and tamper-resistant oracles, event in Mar. 2020, involving MakerDAO, exemplifies the
along with incentivizing their usage. Ensuring the quality of consequences of liquidity depletion [204]. To mitigate this
connected markets is also crucial. risk, DeFi platforms should attract diverse liquidity providers
Risks of Ignorance. Users’ limited understanding of smart and reduce dependency on specific sources. Incentives can be
contracts and their associated security risks can lead to unfore- implemented to attract and retain liquidity providers [84,205].
seen circumstances [202]. Moreover, the shortage of security Additionally, DeFi applications should develop risk manage-
awareness makes them susceptible to phishing attacks, re- ment strategies and contingency plans to address liquidity
sulting in personal information leaks and fund theft [203]. depletion scenarios.
Phishing attacks in DeFi involve impersonating legitimate Flashloan Attack. Flash loan security risks involve vul-
entities or creating deceptive environments like fake DeFi nerabilities, contracts, and attack risks associated with flash
platforms or sending fraudulent notifications to trick users loans [7, 139]. We observed that such attacks occur frequently
into revealing sensitive information, private keys, or login cre- and can be categorized into code vulnerabilities, bid arbi-
dentials. For example, in Dec. 2021, Badger DAO suffered a trage, and price manipulation. Attackers exploit flash loans to
$120 million loss due to a phishing attack involving malicious execute sophisticated strategies that exploit smart contract vul-
wallet requests. Similarly, in 2021, attackers stole assets by nerabilities. Bid arbitrage manipulates transaction sequences
sharing fraudulent links on social media, leading users to a to capitalize on arbitrage opportunities using borrowed funds.
fake Uniswap website. Price manipulation involves using flash loan funds for large-
scale trading, influencing prices. Defending against flash loan
attacks requires managing protocol security, auditing con-
5 Economic Security Risks tracts, and implementing measures like transaction order re-
DeFi economic risks stem from rational players’ actions strictions, delays, or time windows.
within the ecosystem, rather than traditional vulnerabilities. Market Manipulation. Market manipulation artificially in-
Liquidity Depletion. DeFi liquidity depletion risk occurs fluences asset prices to profit. Illiquid assets pose higher risks
when there is a shortage of market liquidity, causing transac- to underlying financial products. Manipulative strategies in-
tion delays, price fluctuations, and market instability. Insuffi- clude spoofing [206], ramping [207], bear raids, cross-market

10
manipulation, and oracle manipulation [188], which can ma- CeFi Impact. The crypto market has become increasingly
nipulate segments or the entire market. Market manipulation influenced by macroeconomics, exhibiting a trajectory that
has resulted in various negative impacts on the DeFi ecosys- parallels traditional stock markets. It is susceptible to the
tem, such as bad debts due to failure of timely liquidation, impacts of conventional financial crises. The SVB (Silicon
losses for liquidity providers due to false price-based payouts Valley Bank) collapse [200,201] in early 2023 is an illustrative
in synthetic assets, and depeg for algorithm stablecoins [71]. case. SVB, a Centralized Finance (CeFi) bank for high-tech
Distinguishing normal fluctuations from manipulation in and crypto startups, experienced a crisis that resulted in the
DeFi is challenging due to anonymity, trading freedom, and loss of deposits. This event eroded confidence in secure crypto
regulatory gaps. Anonymous transactions hinder accurate asset storage methods and raised concerns about asset safety.
tracking of participant behavior. Trading freedom and liq-
uidity provision enable price influence through large-scale 6 Open Research Challenges
transactions or exploiting limited market depth. Regulatory
gaps and the lack of mechanisms like KYC requirements Observation. There exists a time lag between the industry
hamper monitoring manipulative behavior. To reduce mar- and academia, as industry innovation often precedes academic
ket manipulation risks in the DeFi market, it is necessary to research. However, the implementation of DeFi in the industry
strengthen regulatory compliance and enhance investor edu- currently is primarily driven by commercial intuition, lacking
cation. Monitoring tools and algorithms can detect abnormal comprehensive academic research in problem definition, the-
trading patterns and manipulative behavior in a timely manner. oretical analysis, mechanism design, and economic models.
Strengthening investor education can increase awareness of This gap hinders theoretical innovation and the timely resolu-
market risks, encouraging cautious participation. tion of emerging issues, limiting efficiency and sustainability.
Governance Risk. Governance and incentives can drive Gap. The relative lag in academic research, particularly with
choices that benefit DeFi apps. However, inadequate incen- regard to information security concerns, can result in potential
tives may lead token holders to prioritize external gains, poten- inadequacies in the security assessment of newly emerging
tially harming the system. Immediate governance updates can DeFi protocols. Accidents and risks that arise during the use
be vulnerable if malicious contract code is executed using ac- of new technologies (emerging financial products) cannot be
quired governance tokens. The Beanstalk protocol faced gov- anticipated, forewarned, or prevented in advance, posing risks
ernance risks when an attacker accumulated tokens and pro- to user assets and impeding comprehensive development.
posed a malicious proposal to divert funds. In Ethereum 2.0
Revenue. Therefore, further research on DeFi requires in-
(post-Merge), validators face censorship pressure due to The
depth exploration of new technologies and models, encom-
Office of Foreign Assets Control of the US Department of the
passing different perspectives such as information security,
Treasury(US OFAC) sanctions on Tornado Cash [208, 209].
and game theory mechanisms, and conducting systematic
Death Spiral and Instability. Stablecoins aim to maintain a evaluations that are aligned with industry practices. To bridge
consistent value by being pegged to a fiat currency. A "death the gap between industry and academia, it is necessary to ad-
spiral" refers to a scenario where a stablecoin rapidly and dress the lack of research and validation tools in the academic
uncontrollably loses its value. This decline can trigger a com- community. Academic researchers require models, simulation
pounding effect, intensifying the downward spiral and eroding tools, and data analysis capabilities to establish and validate
confidence in the stablecoin, ultimately culminating in a self- DeFi solutions. Effective data and analysis tools are needed
perpetuating cycle of value deterioration. The concept of a to collect, organize, and analyze transaction and contract data.
death spiral is particularly relevant in crypto stablecoins, es- Comprehensive security audit tools are also necessary to eval-
pecially algorithmic ones. An example is the deppeg of UST, uate the security of smart contracts and protocols. Joint efforts
which led to the collapse of Luna’s value in 2022 [71, 198]. between academia and the industry can promote the develop-
This event marked the onset of a "crypto winter," a period of ment and improvement of these tools. Academic researchers
prolonged market decline and reduced investor optimism. can focus on developing models and simulation tools, while
Ponzi and Fraud. The Ponzi game is named after Charles the industry can provide real-time data and practical experi-
Ponzi, who deceived investors with a postage stamp specu- ence to support data and analysis tool development. Collabo-
lation scheme. It involves funding preexisting liabilities by ration between the academic community and security audit
issuing new debt. Ponzi schemes have infiltrated the crypto teams can enhance the security of DeFi projects by jointly
markets, especially during ICOs, IEOs, IDOs, and similar researching and developing security audit tools.
events. A recent example is the FTX collapse [199] in 2022, Gap. Regarding economic security concerns, the relative
where SVB sold FTT tokens to Alameda, a high-frequency lag in academia has resulted in a lack of in-depth analysis and
trading company under the same ownership, in an attempt to theoretical modeling of economic interactions and mechanism
inflate token prices. Ponzi’s collapse extends beyond immedi- designs in DeFi. Firstly, the industry lacks a proper under-
ate losses of rug pull with far-reaching implications. standing of participant behavior and incentive mechanisms,

11
leading to product designs that heavily rely on experience 6.1 DeFi Technology Construction
and intuition. Secondly, information asymmetry and incom-
plete information exacerbate the industry’s limited awareness Functionality. There are numerous protocols and function-
and application of existing academic research. DeFi appli- alities in DeFi. Function integration platforms can provide
cations lack guidance from economic equilibrium theories, unified access, simplifying user operations and enhancing user
leading to potential risks, instability, manipulation, attacks, experience. Their goals include user-friendly interfaces, pro-
and systemic risks. Inappropriate incentive structures and mar- tocol integration, security, and interoperability for seamless
ket imbalances undermine the achievement of economic and asset and data transfers. However, these aspects have not been
societal objectives, efficiency, fairness, and sustainability. extensively explored by both the industry and the academic.
Research challenges for function integration platforms en-
Revenue. The academic community should utilize analyti- compass staying updated and incorporating the developments
cal tools such as economic equilibrium and game theory to and innovations, implementing better risk management prac-
establish technical and economic models for DeFi applica- tices to adapt to the dynamic nature of the DeFi market, con-
tions and conduct research on game mechanism design and ducting comprehensive security audits and vulnerability fixes,
analysis. Progress can be made from multiple perspectives and addressing challenges related to interoperability, stability,
of economic modeling, mechanism design, and technical im- and availability that arise from integrating multiple protocols.
plementation, and combining theoretical analysis, practical
Security. DeFi security involves analyzing attack and threat
solutions, and empirical research.
models at the network [134–136], smart contract [234] (sin-
Gap. Regardless of the improvement in technology, secu- gle contract, multiple contracts, and contract audit [8]), proto-
rity, or economics in the field of DeFi, the interdisciplinary col [235], and application layers [236, 237].
nature of DeFi cannot be overlooked. Collaboration between We found that in-depth research on DeFi network commu-
economists, computer scientists, legal experts, and other stake- nication security, standardized evaluation, audit methods, and
holders is crucial. As mentioned earlier, the limitations of a defense strategies is lacking. Researchers can enhance DeFi
single-disciplinary perspective have been highlighted, and it security by analyzing network topology, node communica-
has been pointed out that the core issue lies in the insufficient tion, and protocols like authentication, access control, and
depth of interdisciplinary collaboration and the shortage of secure smart contracts. Existing smart contract audit tools
talent with interdisciplinary expertise. have limitations in detecting complex attack strategies and
Revenue. To address this issue, on one hand, it is neces- advanced vulnerabilities. Research is needed on tracking con-
sary to encourage and facilitate interdisciplinary collabora- tract changes, conducting timely audits, and establishing secu-
tion among experts from different disciplines through cross- rity standards and best practices. Moreover, there is limited re-
disciplinary projects or platforms. On the other hand, it is search on secure DeFi application models and security issues
important to cultivate talents with multidisciplinary skills re- arising from the collaboration between different applications.
quired in DeFi research. Specifically, these talents need to Incident Detection and Emergency Response. DeFi acts as
possess expertise in areas such as blockchain, network secu- an amplifier for information security issues and risks, making
rity, code analysis, financial markets, investment analysis, risk disaster recovery and emergency response more urgent. Cur-
management, and financial technology, spanning disciplines rently, this is a relatively unexplored research field. Timely
like economics, computer science, and cryptography. incident detection and handling are essential for protecting
In addition to the overall observations in DeFi mentioned user assets and the health of DeFi. Detecting incidents based
above, there are also research gaps and challenges in specific on historical data is commonly done, but real-time monitoring
aspects such as technological construction, sociological con- remains understudied. Future research should focus on devel-
struction, economic construction, and ecosystem construction. oping intelligent monitoring systems that analyze data and
We will elaborate on each of these areas (cf. Table 3). traffic patterns, using machine learning to identify abnormal
activities and risks in advance. Establishing effective incident
Table 3: Open Research Challenges response mechanisms, as well as post-incident cooperation
and asset recovery protocols, are important research gaps.
Direction Open Research Challenge Literature (paper count)
General Tools Definition and Model 283, e.g., [1]
Performance 137, [210] [211] [212] 6.2 DeFi Sociology Construction
DeFi Technical Function Integration Platforms N/A
Construction Contract Audition 600, [213] [214] [215] Privacy. DeFi privacy protection aims to safeguard users’
Incident Detection 308, [216] [217] [218]
personal information, transaction data, and financial flows
DeFi Economy Sustainable Tokenomics 193, [219] [220] [221]
Construction Balanced Incentive 122, [222] [223] [224] from unauthorized tracking, monitoring, and access. As the
DeFi Sociology Privacy 216, [225] [226] user base expands, privacy concerns in DeFi become more
Construction Compliance 75, [227] [228] [229] apparent, as existing analysis techniques can de-anonymize
DeFi Ecology User Engagement and Education 11, [230] [231] [232] [233] pseudonyms and infer user identities from external informa-

12
 Infrastractural Protocol Application DeFi
tion on the blockchain [238, 239]. Existing research explores Layer Layer Layer Ecology
privacy-enhancing technologies such as zero-knowledge
Performance Issue
proofs (ZKPs) [240], ring signatures [33], Trusted Execution (Speed, Scalability)
Environments (TEEs) for anonymous computation, crypto- Funtionality
graphic techniques, and mixing schemes for transaction pri-

Open Research Challenges

Technical Security
vacy protection, as well as confidential smart contracts for data
Economic Security
privacy protection [21, 241]. Initially applied to privacy coins
Privacy
like Zerocoin [242], zero-knowledge proofs (ZKPs) such as
zk-SNARKs [243] and Bulletproofs [244] have been utilized Sustainable Tokenomics

to enhance transaction privacy on the blockchain. Simpler Balanced Incentive

and more efficient privacy coin schemes, including mixing Compliance
schemes, have also been proposed. These technologies of- User Engagement
fer improved privacy protection, data security, anonymous
User Education
transactions, and smart contract verification in DeFi. How-
ever, how these technologies can adapt to the specific and
complex application scenarios in DeFi, enhance performance, Figure 6: Open Research Challenges
and achieve scalability, remains an unresolved research ques-
tion. Additionally, striking a balance between anonymity and
traceability to meet regulatory requirements poses significant tors, and operators). Within the PoW consensus model, the
challenges. Readers interested in exploring privacy-enhancing majority of regular users often find it challenging to secure
technologies in DeFi are recommended to refer to relevant stable rewards, given their limited impact on the network.
Systematization of Knowledge (SoK) papers [245]. In contrast, miners wield substantial power, affording them
the ability to generate MEV revenues. Meanwhile, in PoS
Compliance. Compliance in DeFi is vital for protecting funds settings, stakeholders have the opportunity to earn a steady
for users, ensuring stability for the system, and preventing ille- income. However, the issuance of tokens without associated
gal activities such as money laundering and terrorist financing costs can lead to potential token issuance abuse. Striking a
for regulators. However, the decentralized and permissionless balance between incentivizing network contributors while pre-
nature of DeFi conflicts with compliance and regulation. For venting token issuance abuse is crucial. This will create a fair
instance, Tornado Cash faced sanctions by the US OFAC for ecosystem where rewards align with contributions, promoting
enabling anonymous transfers used in illicit activities. Bal- healthier and equitable participation from all stakeholders.
ancing these conflicting aspects poses a challenge. Moreover,
the rapid growth of DeFi requires the development of an
appropriate compliance framework, including cross-border 6.4 DeFi Ecology Construction
cooperation and leveraging technology for efficient processes.
User Engagement and Education. User engagement and
user education are crucial for the DeFi ecosystem’s growth.
6.3 DeFi Economy Construction Low user engagement can lead to reduced liquidity, increased
transaction costs, and insufficient market depth, while user
Sustainable Tokenomics. Token issuers should prioritize ignorance can elevate the risk of fraud and attacks. Enhancing
the design and implementation of a cryptocurrency or token usability is paramount in addressing these challenges. The
ecosystem that promotes long-term viability, equilibrium, and industry should prioritize creating user-friendly interfaces and
positive impact. Rather than engaging in deceptive practices, streamlining processes to attract a broader user base. Addi-
their focus should be on crafting mechanisms that enhance tionally, effective incentive mechanisms can encourage user
economic stability, while incentivizing productive and sustain- participation and contributions. Comprehensive and easily
able behaviors among token holders, users, and participants. understandable educational resources, including textbooks,
Initiatives should be geared towards creating enduring value online courses and guides, must be made available. Establish-
for the token, rather than relying on short-term speculative ing a supportive community can further bolster user education
gains. By contributing to a resilient token ecosystem charac- by promoting collaboration and knowledge sharing, enabling
terized by responsible practices and sustainable growth, token users to assist and support each other on their DeFi journey.
issuers can foster a positive and sustainable impact. Conclusion. This paper presents a comprehensive litera-
Balanced Incentive. Incentives hold a crucial role for to- ture review and proposes a classification framework based
ken investors and holders. An effective incentive mechanism on the complexity of DeFi services. We evaluate DeFi ap-
should extend benefits to all participants, encompassing both plications and discuss their security from both technical and
regular users (utilizing mobile clients, light clients, or web economic perspectives. Furthermore, we identify research
browsers) and network contributors (such as miners, valida- gaps and future directions, exploring relevant research topics.

13
References [12] AAVE. Aave protocol whitepaper v1.0. Retrieved
from https://github.com/aave/aave-protoco
[1] Sam Werner, Daniel Perez, Lewis Gudgeon, Ariah l/blob/master/docs/Aave_Protocol_Whitepape
Klages-Mundt, Dominik Harz, and William Knotten- r_v1_0.pdf, 2020.
belt. SoK: Decentralized finance (DeFi). In ACM
Conference on Advances in Financial Technologies [13] Convex Finance. Convex. Retrieved from https:
(AFT), pages 30–46, 2022. //www.convexfinance.com/, 2023.

[2] Kaihua Qin, Liyi Zhou, Yaroslav Afonin, Ludovico [14] Harvest Finance. Harvest finance document. Retrieved
Lazzaretti, and Arthur Gervais. CeFi vs. DeFi– from https://docs.harvest.finance/, 2023.
comparing centralized to decentralized finance. arXiv
[15] Lido. Lido docs. Retrieved from https://docs.l
preprint arXiv:2106.08157, 2021.
ido.fi/, 2023.
[3] Patrick Schueffel. DeFi: Decentralized finance-an in- [16] Rocket Pool. Rocket pool documentation. Re-
troduction and overview. Journal of Innovation Man- trieved from https://docs.rocketpool.net/gu
agement, 9(3):I–XI, 2021. ides/, 2023.
[4] Rujia Li, Qin Wang, Qi Wang, and David Galindo. How [17] Amani Moin, Kevin Sekniqi, and Emin Gun Sirer. SoK:
do smart contracts benefit security protocols? arXiv A classification framework for stablecoin designs. In
preprint arXiv:2202.08699, 2022. International Conference on Financial Cryptography
and Data Security (FC), pages 174–197. Springer,
[5] Guangsheng Yu et al. Leveraging architectural
2020.
approaches in Web3 applications-a DAO perspec-
tive focused. In IEEE International Conference on [18] Wenqi Zhao, Hui Li, and Yuming Yuan. Understand
Blockchain and Cryptocurrency (ICBC), pages 1–6. volatility of algorithmic stablecoin: Modeling, verifi-
IEEE, 2023. cation and empirical analysis. In International Con-
ference on Financial Cryptography and Data Secu-
[6] Dabao Wang, Siwei Wu, Ziling Lin, Lei Wu, Xingliang rity Workshop on Decentralized Finance (DeFi@FC),
Yuan, Yajin Zhou, Haoyu Wang, and Kui Ren. Towards pages 97–108. Springer, 2021.
understanding flash loan and its applications in DeFi
ecosystem. International Workshop on Security in [19] Massimo Bartoletti, James Hsin-yu Chiang, and Al-
Blockchain and Cloud Computing (SBC@AsiaCCS), berto Lluch Lafuente. SoK: Lending pools in decen-
2021. tralized finance. In International Conference on Fi-
nancial Cryptography and Data Security Workshop on
[7] Kaihua Qin, Liyi Zhou, Benjamin Livshits, and Arthur Decentralized Finance (DeFi@FC), pages 553–578.
Gervais. Attacking the DeFi ecosystem with flash Springer, 2021.
loans for fun and profit. In International Conference
on Financial Cryptography and Data Security (FC), [20] Teng Andrea Xu and Jiahua Xu. A short survey on busi-
pages 3–32. Springer, 2021. ness models of decentralized finance (defi) protocols.
International Conference on Financial Cryptography
[8] Liyi Zhou, Xihan Xiong, Jens Ernstberger, Stefanos and Data Security Workshop on Decentralized Finance
Chaliasos, Zhipeng Wang, Ye Wang, Kaihua Qin, (DeFi@FC), 2022.
Roger Wattenhofer, Dawn Song, and Arthur Gervais.
SoK: Decentralized finance (DeFi) attacks. IEEE Sym- [21] Rujia Li et al. SoK: TEE-assisted confidential smart
posium on Security and Privacy (SP), 2023. contract. Proceedings on Privacy Enhancing Technolo-
gies (PETs), 3:1–21, 2022.
[9] Hayden Adams, Noah Zinsmeister, Moody Salem,
River Keefer, and Dan Robinson. Uniswap v3 core. [22] Jiahua Xu, Krzysztof Paruch, Simon Cousaert, and
Tech. rep., Uniswap, Tech. Rep., 2021. Yebo Feng. SoK: Decentralized exchanges (DEX)
with automated market maker (AMM) protocols. ACM
[10] Antonio Juliano. dydx: A standard for decentralized Computing Surveys (CSUR), 55(11):1–50, 2023.
margin trading and derivatives. Retrieved from http
s://whitepaper.dydx.exchange, 2018. [23] Yimika Erinle, Yathin Kethepalli, Yebo Feng, and
Jiahua Xu. SoK: Design, vulnerabilities and de-
[11] Compound Labs. Compound finance. Retrieved from fense of cryptocurrency wallets. arXiv preprint
https://compound.finance/, 2019. arXiv:2307.12874, 2023.

14
[24] Kaihua Qin, Liyi Zhou, and Arthur Gervais. Quanti- [36] George Kappos, Haaroon Yousaf, Mary Maller, and
fying blockchain extractable value: How dark is the Sarah Meiklejohn. An empirical analysis of anonymity
forest? In IEEE Symposium on Security and Privacy in Zcash. In USENIX security symposium (USENIX
(SP), pages 198–214. IEEE, 2022. Sec), pages 463–477, 2018.

[25] Sen Yang, Fan Zhang, Ken Huang, Xi Chen, Youwei [37] Nexus Mutual. The nexus mutual protocol. Re-
Yang, and Feng Zhu. SoK: Mev countermeasures: trieved from https://docs.nexusmutual.io/pr
Theory and practice. arXiv preprint arXiv:2212.05111, otocol/, 2020.
2022. [38] ConsenLabs. imtoken. Retrieved from https://gi
thub.com/consenlabs, 2023.
[26] Shayan Eskandari, Seyedehmahsa Moosavi, and
Jeremy Clark. SoK: Transparent dishonesty: Front- [39] Minter Team. Bip wallet. Retrieved from https://
running attacks on blockchain. In International Con- github.com/MinterTeam/bip-wallet-web, 2023.
ference on Financial Cryptography and Data Security
(FC), pages 170–189. Springer, 2020. [40] Wetez. Wetez. Retrieved from https://docs.wet
ez.io/wetez/, 2023.
[27] Liyi Zhou, Kaihua Qin, Antoine Cully, Benjamin
[41] Trust Wallet. Trust wallet developer documentation.
Livshits, and Arthur Gervais. On the just-in-time dis-
Retrieved from https://developer.trustwalle
covery of profit-generating transactions in DeFi pro-
t.com/developer/, 2023.
tocols. In IEEE Symposium on Security and Privacy
(SP), pages 919–936. IEEE, 2021. [42] Ledger. Ledger developer portal. Retrieved from
https://developers.ledger.com/, 2023.
[28] Qin Wang, Rujia Li, Qi Wang, Shiping Chen, and Yang
Xiang. Exploring unfairness on proof of authority: [43] Trezor company. Trezor hardware wallet (official).
Order manipulation attacks and remedies. In ACM on Retrieved from https://trezor.io/, 2013.
Asia Conference on Computer and Communications [44] Torgin Mackinga, Tejaswi Nadahalli, and Roger Wat-
Security (AsiaCCS), pages 123–137, 2022. tenhofer. Twap oracle attacks: Easier done than said?
In IEEE International Conference on Blockchain and
[29] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic
Cryptocurrency (ICBC), pages 1–8. IEEE, 2022.
cash system. Decentralized Business Review, 2008.
[45] Mona Taghavi, Jamal Bentahar, Hadi Otrok, and Kaveh
[30] Vitalik Buterin et al. A next-generation smart contract Bakhtiyari. A reinforcement learning model for the
and decentralized application platform. white paper, reliability of blockchain oracles. Expert Systems with
3(37):2–1, 2014. Applications, 214:119160, 2023.
[31] Litecoin Wiki contributors. Main page — litecoin [46] Maker Foundation. The maker protocol: Makerdao’s
wiki. Retrieved from https://litecoin.info/in multi-collateral dai (mcd) system. Retrieved from
dex.php/Main_Page, 2019. https://makerdao.com/en/whitepaper/, 2023.

[32] Kurt M Alonso et al. Zero to monero, 2020. [47] Yuxi Cai, Nafis Irtija, Eirini Eleni Tsiropoulou, and
Andreas Veneris. Truthful decentralized blockchain or-
[33] Shi-Feng Sun, Man Ho Au, Joseph K Liu, and Tsz Hon acles. International Journal of Network Management,
Yuen. Ringct 2.0: A compact accumulator-based 32(2):e2179, 2022.
(linkable ring signature) protocol for blockchain cryp-
[48] Naman Goel, Aris Filos-Ratsikas, and Boi Faltings. De-
tocurrency monero. In European Symposium on Re-
centralized oracles via peer-prediction in the presence
search in Computer Security (ESORICS), pages 456–
of lying incentives, 2019.
474. Springer, 2017.
[49] Lorenz Breidenbach, Christian Cachin, Benedict Chan,
[34] Abraham Hinteregger and Bernhard Haslhofer. An Alex Coventry, Steve Ellis, Ari Juels, Farinaz Koushan-
empirical analysis of monero cross-chain traceability. far, Andrew Miller, Brendan Magauran, Daniel Moroz,
International Conference on Financial Cryptography et al. Chainlink 2.0: Next steps in the evolution of de-
and Data Security (FC), 2019. centralized oracle networks. Chainlink Labs, 1, 2021.
[35] Daira Hopwood, Sean Bowe, Taylor Hornby, and [50] nestprotocol.org. Nest: Decentralized martingale net-
Nathan Wilcox. Zcash protocol specification. GitHub: work. Retrieved from https://www.nestprotocol
San Francisco, CA, USA, 4:220, 2016. .org/doc/ennestwhitepaper.pdf, 2023.

15
[51] nestprotocol.org. Nest: Decentralized martingale net- [66] Nader Al-Naji, Josh Chen, and Lawrence Diao. Basis: a
work. Retrieved from https://www.nestprotocol price-stable cryptocurrency with an algorithmic central
.org/doc/ennestwhitepaper.pdf, 2023. bank. Retrieved from https://basis.io/basis_w
hitepaper_en.pdf, 2017.
[52] Gang Wang et al. Exploring blockchains interoper-
ability: A systematic survey. ACM Computing Surveys [67] Sam Kazemian, Jason Huan, Jonathan Shomroni, and
(CSUR), 2023. Kedar Iyer. Frax: A fractional-algorithmic stablecoin
protocol. In 2022 IEEE International Conference on
[53] Jae Kwon and Ethan Buchman. Cosmos whitepaper. Blockchain (Blockchain), pages 406–411. IEEE, 2022.
A Netw. Distrib. Ledgers, 27, 2019.
[68] Evan Kereiakes, Marco Di Maggio Do Kwon, and
[54] Gavin Wood. Polkadot: Vision for a heterogeneous Nicholas Platias. Terra money: Stability and adoption.
multi-chain framework. White paper, 21(2327):4662, White Paper, Apr, 2019.
2016.
[69] Antonio Briola, David Vidal-Tomás, Yuanrong Wang,
[55] Ethereum and Consensys. Btc-relay. Retrieved from and Tomaso Aste. Anatomy of a stablecoin’s fail-
http://btcrelay.org/, 2016. ure: The terra-luna case. Finance Research Letters,
51:103358, 2023.
[56] BTC Relay. Frequently asked questions—btc relay 1.0
documentation. retrieved april 7, 2019, 2016. [70] Ariah Klages-Mundt and Andreea Minca. (in) stability
for the blockchain: Deleveraging spirals and stablecoin
[57] Vitalik Buterin. Chain interoperability. R3 research attacks, 2021.
paper, 9:1–25, 2016.
[71] Shange Fu et al. Rational ponzi game in algorith-
[58] Thorchain. Thorchain whitepapers. Retrieved mic stablecoin. In IEEE International Conference on
from https://github.com/thorchain/Resourc Blockchain and Cryptocurrency (ICBC), pages 1–6.
es/tree/master/Whitepapers, 2021. IEEE, 2023.

[59] Bin Wang, Xiaohan Yuan, Li Duan, Hongliang Ma, [72] Matthew Black, Tingwei Liu, and Tony Cai. Atomic
Chunhua Su, and Wei Wang. Defiscanner: Spot- loans: Cryptocurrency debt instruments. arXiv preprint
ting DeFi attacks exploiting logic vulnerabilities on arXiv:1901.05117, 2019.
blockchain. IEEE Transactions on Computational So-
cial Systems (TCSS), pages 1–12, 2022. [73] Viet-Bang Pham and Tuan-Dat Trinh. Analysis model
for decentralized lending protocols. In International
[60] Christian Catalini, Alonso de Gortari, and Nihar Shah. Symposium on Information and Communication Tech-
Some simple economics of stablecoins. Annual Review nology (SOICT), pages 405–412, 2022.
of Financial Economics, 14, 2022.
[74] Kanis Saengchote. Decentralized lending and its
[61] Tether. Tether: Fiat currencies on the Bit- users: Insights from compound. arXiv preprint
coin blockchain. Retrieved from https: arXiv:2212.05734, 2022.
//assets.ctfassets.net/vyse88cgwfbl/5U
WgHMvz071t2Cq5yTw5vi/c9798ea8db99311bf90e [75] Zhipeng Wang, Kaihua Qin, Duc Vu Minh, and Arthur
be0810938b01/TetherWhitePaper.pdf, 2023. Gervais. Speculative multipliers on DeFi: Quantifying
on-chain leverage risks. In International Conference
[62] Coinbase. Usdc: The dollar for the digital age. on Financial Cryptography and Data Security (FC),
Retrieved from https://www.coinbase.com/usd pages 38–56. Springer, 2022.
c, 2023.
[76] Wisnu Uriawan, Omar Hasan, Youakim Badr, and Li-
[63] Gemini Trust Company. Gemini. Retrieved from onel Brunie. Collateral-free trustworthiness-based per-
https://www.gemini.com/dollar, 2023. sonal lending on a decentralized application (DApp).
In SECRYPT, pages 839–844, 2021.
[64] Liquity. Official liquity documentation. Retrieved
from https://docs.liquity.org/, 2023. [77] Yining Xie, Xin Kang, Tieyan Li, Cheng-Kang Chu,
and Haiguang Wang. Towards secure and trustworthy
[65] Evan Kuo, Brandon Iles, and Manny Rincon Cruz. Am- flash loans: A blockchain-based trust management ap-
pleforth: A new synthetic commodity. Ampleforth proach. In International Conference on Network and
White Paper, 2019. System Security (NSS), pages 499–513. Springer, 2022.

16
[78] Vikas Hassija, Gaurang Bansal, Vinay Chamola, Neeraj [90] Fernando Martinelli and Nikolai Mushegian. A non-
Kumar, and Mohsen Guizani. Secure lending: custodial portfolio manager, liquidity provider, and
Blockchain and prospect theory-based decentralized price sensor. Retrieved from https://balancer.f
credit scoring model. IEEE Transactions on Network inance/whitepaper, 2019.
Science and Engineering (TNSE), 7(4):2566–2575,
2020. [91] Eyal Hertzog, Guy Benartzi, and Galia Benartzi. Ban-
cor protocol: Continuous liquidity for cryptographic
[79] TrueFi. Truefi docs. Retrieved from https://docs tokens through their smart contracts. Available online:
.truefi.io/faq/, 2023. https://storage.googleapis.com/website-b
ancor/2018/04/01ba8253-bancor_protocol_w
[80] Michael Elisha. Introducing arcx sapphire (v3). Re- hitepaper_en.pdf, 2017.
trieved from https://arcx.substack.com/p/in
troducing-arcx-sapphire-v3, 2021. [92] Michael Egorov and Curve Finance. Automatic market-
making with dynamic peg, 2021.
[81] CreDA. Creda whitepaper: Turn data into wealth.
Retrieved from https://creda-app.gitbook.io/ [93] Vijay Mohan. Automated market makers and decentral-
creda-protocol/introduction/creda-protoco ized exchanges: a DeFi primer. Financial Innovation,
l-whitepaper, 2022. 8(1):20, 2022.

[82] Andrea Barbon and Angelo Ranaldo. On the quality [94] Guillermo Angeris and Tarun Chitra. Improved price
of cryptocurrency markets: Centralized versus decen- oracles: Constant function market makers. In ACM
tralized exchanges. arXiv preprint arXiv:2112.07386, Conference on Advances in Financial Technologies
2021. (AFT), pages 80–91, 2020.

[83] Jan Arvid Berg, Robin Fritsch, Lioba Heimbach, and [95] Michael Egorov. Stableswap-efficient mechanism for
Roger Wattenhofer. An empirical study of market inef- stablecoin liquidity. Retrieved Feb, 24:2021, 2019.
ficiencies in Uniswap and SushiSwap. arXiv preprint
[96] The Monero Project. Moneropedia. Retrived
arXiv:2203.07774, 2022.
from https://www.getmonero.org/resources/
[84] Lioba Heimbach, Ye Wang, and Roger Wattenhofer. moneropedia/, 2014.
Behavior of liquidity providers in decentralized ex-
[97] Electric Coin Company. Zcash. Retrieved from http
changes. arXiv preprint arXiv:2105.13822, 2021.
s://z.cash/learn/, 2016.
[85] Will Warren and Amir Bandeali. 0x: An open pro-
[98] Fabian Vogelsteller and Vitalik Buterin. Erc-20: Token
tocol for decentralized exchange on the Ethereum
standard. Retrieved from https://eips.ethereum.
blockchain. Retrieved from https://github.com
org/EIPS/eip-20, 2015.
/0xProject/whitepaper, 2017.
[99] MetaMask. The crypto wallet for defi, Web3 dapps
[86] Michael Oved and Don Mosites. Swap: A peer-to- and nfts. Retrieved from https://metamask.io/,
peer protocol for trading Ethereum tokens. Whitepaper 2016.
Database, 21, 2017.
[100] Ouriel Ohayon. Zengo: What is zengo recovery kit?
[87] Aurora Labs. Idex: A real-time and high-throughput Retrieved from https://help.zengo.com/en/ar
Ethereum smart contract exchange. Retrieved ticles/2603673-what-is-zengo-recovery-kit,
from https://static1.squarespace.com/st 2018.
atic/5d641c0fc8f92f0001cd9358/t/5d691f20e
b666000012a45a7/1567170337906/IDEX-White [101] argentlabs. Argent smart wallet specification. Re-
paper-V0.7.6.pdf, 2019. trieved from https://github.com/argentlabs/
argent-contracts/blob/develop/specificat
[88] StarkEx. Starkex documentation. Retrieved ions/specifications.pdf, 2021.
from https://docs.starkware.co/starkex/in
dex.html, 2023. [102] Polygon Bridge. Matic whitepaper. Retrieved
from https://github.com/maticnetwork/whit
[89] Yaron Velner Loi Luu and Y Velner. Kybernetwork: A epaper/, 2020.
trustless decentralized exchange and payment service.
Retrieved from https://home.kyber.network/a [103] Maple Labs. Maple finance. Retrieved from https:
ssets/KyberNetworkWhitepaper.pdf, 2017. //maplefinance.gitbook.io/maple/, 2023.

17
[104] Stellar. Liquidity on stellar: Sdex and liquidity pools. [119] Index Coop. The definitive guide to earning yield on
Retrieved from https://developers.stellar.o digital assets. Retrieved from https://indexcoop.
rg/docs/encyclopedia/liquidity-on-stellar com/whitepapers/the-definitive-guide-to-e
-sdex-liquidity-pools#sdex, 2023. arning-yield-on-digital-assets, 2020.

[105] Opium Team. Opium protocol whitepaper. Retrieved [120] Sunlabs. Sw dao. Retrieved from https://www.su
from https://github.com/OpiumProtocol/opi ninvest.com/, 2020.
um-contracts/blob/master/docs/opium_whit
[121] Kava. DeFi for crypto: Leverage assets with
epaper.pdf, 2020.
kava’s cross-chain cdp platform. Retrieved from
[106] Zubin Koticha. Building a generalized liquid options https://api-new.whitepaper.io/documents/p
protocol in DeFi. Opyn, 2019. df?id=Sk_Ny2S9v, 2022.

[107] Molly Wintermute. Hegic: On-chain options trading [122] Daoventures. Daoventures whitepaper. Retrieved
protocol on Ethereum powered by hedge contracts and from https://daoventures.gitbook.io/daove
liquidity pools. Technical report, Tech. Rep., 2020.[On- ntures/, 2022.
line]. Available: https://github.com/hegic/whi [123] Simon Cousaert, Nikhil Vadgama, and Jiahua Xu.
tepaper~âò e, 2020. Token-based insurance solutions on blockchain. In
[108] Enzyme Finance. Enzyme user docs(v4). Retrieved Blockchains and the Token Economy: Theory and Prac-
from https://docs.enzyme.finance/, 2023. tice, pages 237–260. Springer, 2022.
[124] Fabrizio Lamberti, Valentina Gatteschi, Claudio De-
[109] F Feng and B Weickmann. Set: A protocol for baskets
martini, Matteo Pelissier, Alfonso Gomez, and Vic-
of tokenized assets, 2019.
tor Santamaria. Blockchains can work for car insur-
[110] Insurepal. Vouvhforme(insurepal) whitepaper. Re- ance: Using smart contracts and sensors to provide
trieved from http://vouchforme.co/VouchForMe on-demand coverage. IEEE Consumer Electronics
_whitepaper_2018.pdf, 2018. Magazine, 7(4):72–81, 2018.

[111] Jack Peterson, Joseph Krug, Micah Zoltu, Austin K [125] Andrew W Singer. Can blockchain improve insurance?
Williams, and Stephanie Alexander. Augur: a decen- Risk Management, 66(1):20–25, 2019.
tralized oracle and prediction market platform. arXiv [126] Mayank Raikwar, Subhra Mazumdar, Sushmita Ruj,
preprint arXiv:1501.01042, 2015. Sourav Sen Gupta, Anupam Chattopadhyay, and Kwok-
[112] CDx. Cdx whitepaper. Retrieved from Yan Lam. A blockchain framework for insurance pro-
https://cdxproject.com/assets/resource cesses. In IFIP International Conference on New Tech-
s/whitepaper.pdf, 2018. nologies, Mobility and Security (NTMS), pages 1–4.
IEEE, 2018.
[113] Omen. Omen. Retrieved from https://omen.eth
.link/, 2020. [127] Tancrede Lepoint, Gabriela Ciocarlie, and Karim Elde-
frawy. Blockcis—a blockchain-based cyber insurance
[114] Deribit Insights. The best information for crypto deriva- system. In IEEE International Conference on Cloud
tives trading. Retrieved from https://insights.d Engineering (IC2E), pages 378–384. IEEE, 2018.
eribit.com/, 2021.
[128] K Sayegh and M Desoky. Blockchain application
[115] OKX Team. Okx exchange. Retrieved from https: in insurance and reinsurance. france: Skema business
//wp.whitepaper.io/okx/, 2022. school. Work in Progress papers, 2019.

[116] Matrixport Technologies. Matrixport: All-in-one [129] Guoming Zhang, Xuyun Zhang, Muhammad Bilal,
crypto financial services platform. Retrieved from Wanchun Dou, Xiaolong Xu, and Joel JPC Rodrigues.
https://matrixport.com/, 2021. Identifying fraud in medical insurance based on
blockchain and deep learning. Future Generation Com-
[117] Babel Finance. Babel business and solutions. Retrieved puter Systems (FGCS), 130:140–154, 2022.
from https://babel.finance/solutions.html,
2021. [130] Chin-Ling Chen, Yong-Yuan Deng, Woei-Jiunn Tsaur,
Chun-Ta Li, Cheng-Chi Lee, and Chih-Ming Wu. A
[118] Babylon Finance. Babylon litepaper. Retrieved traceable online insurance claims system based on
from https://docs.babylon.finance/protoco blockchain and smart contract technology. Sustain-
l/litepaper, 2022. ability, 13(16):9386, 2021.

18
[131] Ethan Heilman, Alison Kendler, Aviv Zohar, and [142] Christof Ferreira Torres, Ramiro Camino, et al. Fron-
Sharon Goldberg. Eclipse attacks on {Bitcoin’s}{peer- trunner jones and the raiders of the dark forest: An
to-peer} network. In 24th USENIX security symposium empirical study of frontrunning on the Ethereum
(USENIX Sec), pages 129–144, 2015. blockchain. In USENIX Security Symposium (USENIX
Sec), pages 1343–1359, 2021.
[132] John R. Douceur. The sybil attack. In Peer-to-
Peer Systems, pages 251–260, Berlin, Heidelberg, 2002. [143] Peyman Momeni, Sergey Gorbunov, and Bohan Zhang.
Springer Berlin Heidelberg. Fairblock: Preventing blockchain front-running with
[133] Muhammad Saad, Jeffrey Spaulding, Laurent Njilla, minimal overheads. In International Conference on
Charles Kamhoua, Sachin Shetty, DaeHun Nyang, and Security and Privacy in Communication Systems (Se-
David Mohaisen. Exploring the attack surface of cureComm), pages 250–271. Springer, 2022.
blockchain: A comprehensive survey. IEEE Commu-
nications Surveys & Tutorials (COMST), 22(3):1977– [144] Xinrui Zhang et al. Frontrunning block attack in PoA
2008, 2020. Clique: A case study. In IEEE International Confer-
ence on Blockchain and Cryptocurrency (ICBC), pages
[134] Oleg Sheyner, Joshua Haines, Somesh Jha, Richard 1–3. IEEE, 2022.
Lippmann, and Jeannette M Wing. Automated genera-
tion and analysis of attack graphs. In IEEE Symposium [145] Ben Weintraub, Christof Ferreira Torres, Cristina Nita-
on Security and Privacy (SP), pages 273–284. IEEE, Rotaru, and Radu State. A flash (bot) in the pan: mea-
2002. suring maximal extractable value in private pools. In
Proceedings of the 22nd ACM Internet Measurement
[135] Lingyu Wang, Anoop Singhal, and Sushil Jajodia. Conference, pages 458–471, 2022.
Toward measuring network security using attack
graphs. In ACM workshop on Quality of Protection [146] Ye Wang, Patrick Zuest, Yaxing Yao, Zhicong Lu, and
(QoP@CCS), pages 49–54, 2007. Roger Wattenhofer. Impact and user perception of sand-
wich attacks in the DeFi ecosystem. In Proceedings of
[136] M Asif Khan and Mureed Hussain. Cyber security
the CHI Conference on Human Factors in Computing
quantification model. In International Conference on
Systems (CHI), pages 1–15, 2022.
Security of Information and Networks (SIN), pages 142–
148, 2010.
[147] Purathani Praitheeshan, Lei Pan, Jiangshan Yu, Joseph
[137] Daniel Perez and Benjamin Livshits. Smart contract Liu, and Robin Doss. Security analysis methods
vulnerabilities: Vulnerable does not imply exploited. on Ethereum smart contract vulnerabilities: a survey.
In USENIX Security Symposium (USENIX Sec), pages arXiv preprint arXiv:1908.08605, 2019.
1325–1341, 2021.
[148] Zhiyuan Wan, Xin Xia, David Lo, Jiachi Chen, Xiapu
[138] Xinrui Zhang, Rujia Li, et al. Time-manipulation at- Luo, and Xiaohu Yang. Smart contract security: A
tack: Breaking fairness against proof of authority aura. practitioners’ perspective. In IEEE/ACM International
In Proceedings of the ACM Web Conference (WWWW), Conference on Software Engineering (ICSE), pages
pages 2076–2086, 2023. 1410–1422. IEEE, 2021.
[139] Philip Daian, Steven Goldfeder, Tyler Kell, Yunqi Li, [149] Huashan Chen, Marcus Pendleton, Laurent Njilla, and
Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, and Shouhuai Xu. A survey on Ethereum systems security:
Ari Juels. Flash boys 2.0: Frontrunning in decentral- Vulnerabilities, attacks, and defenses. ACM Computing
ized exchanges, miner extractable value, and consensus Surveys (CSUR), 53(3):1–43, 2020.
instability. In IEEE Symposium on Security and Pri-
vacy (SP), pages 910–927. IEEE, 2020. [150] Nicola Atzei, Massimo Bartoletti, and Tiziana Cimoli.
[140] Ye Wang, Yan Chen, Haotian Wu, Liyi Zhou, A survey of attacks on Ethereum smart contracts (SoK).
Shuiguang Deng, and Roger Wattenhofer. Cyclic ar- In International Conference on Principles of Security
bitrage in decentralized exchanges. In Companion and Trust (POST), pages 164–186. Springer, 2017.
Proceedings of the Web Conference (WWW), pages
12–19, 2022. [151] Zexu Wang, Bin Wen, Ziqiang Luo, and Shaojie Liu.
MAR: A dynamic symbol execution detection method
[141] Rujia Li, Xuanwei Hu, et al. Transaction fairness for smart contract reentry vulnerability. In Interna-
in blockchains, revisited. Cryptology ePrint Archive, tional Conference on Blockchain and Trustworthy Sys-
2023. tems (BlockSys), pages 418–429. Springer, 2021.

19
[152] Daojing He, Zhi Deng, Yuxing Zhang, Sammy Chan, [163] Kaihua Qin, Liyi Zhou, and Arthur Gervais. Quanti-
Yao Cheng, and Nadra Guizani. Smart contract vul- fying blockchain extractable value: How dark is the
nerability analysis and security audit. IEEE Network, forest? In IEEE Symposium on Security and Privacy
34(5):276–282, 2020. (SP), pages 198–214, 2022.

[153] Sunbeom So, Seongjoon Hong, and Hakjoo Oh. [164] Patrick Züst, Tejaswi Nadahalli, and Ye Wang Roger
Smartest: Effectively hunting vulnerable transaction Wattenhofer. Analyzing and preventing sandwich at-
sequences in smart contracts through language model- tacks in Ethereum. ETH Zürich, 2021.
guided symbolic execution. In USENIX Security Sym-
[165] Lioba Heimbach and Roger Wattenhofer. Eliminating
posium (USENIX Sec), pages 1361–1378, 2021.
sandwich attacks with the help of game theory. In ACM
[154] Mengya Zhang, Xiaokuan Zhang, Yinqian Zhang, and on Asia Conference on Computer and Communications
Zhiqiang Lin. Txspector: Uncovering attacks in Security (AsiaCCS), pages 153–167, 2022.
Ethereum from transactions. In USENIX Security Sym- [166] Yuheng Wang, Jiliang Li, Zhou Su, and Yuyi Wang.
posium (USENIX Sec), 2020. Arbitrage attack: Miners of the world, unite! In Inter-
national Conference on Financial Cryptography and
[155] Michael Mirkin, Yan Ji, Jonathan Pang, Ariah Klages- Data Security (FC), pages 464–487. Springer, 2022.
Mundt, Ittay Eyal, and Ari Juels. Bdos: Blockchain
denial-of-service. In ACM SIGSAC conference on [167] Kushal Babel, Philip Daian, Mahimna Kelkar, and Ari
Computer and Communications Security (CCS), pages Juels. Clockwork finance: Automated analysis of eco-
601–619, 2020. nomic security in smart contracts. In IEEE Symposium
on Security and Privacy (SP), pages 2499–2516. IEEE,
[156] Rajasekhar Chaganti, Rajendra V. Boppana, Vinayaku- 2023.
mar Ravi, Kashif Munir, Mubarak Almutairi, Furqan
Rustam, Ernesto Lee, and Imran Ashraf. A com- [168] Baptiste Pretre. Attacks on peer-to-peer networks.
prehensive review of denial of service attacks in Dept. of Computer Science Swiss Federal Institute of
blockchain ecosystem and open challenges. IEEE Ac- Technology (ETH) Zurich Autumn, 2005.
cess, 10:96538–96555, 2022.
[169] Wenkai Li, Jiuyang Bu, Xiaoqi Li, Hongli Peng,
[157] Mayank Raikwar and Danilo Gligoroski. Dos attacks Yuanzheng Niu, and Yuqing Zhang. A survey of DeFi
on blockchain ecosystem. In Euro-Par 2021: Paral- security: Challenges and opportunities. arXiv preprint
lel Processing Workshops, pages 230–242. Springer arXiv:2206.11821, 2022.
International Publishing, 2022. [170] Kris Oosthoek. Flash crash for cash: Cyber
threats in decentralized finance. arXiv preprint
[158] Karl Wüst and Arthur Gervais. Ethereum eclipse at-
arXiv:2106.10740, 2021.
tacks. Technical report, ETH Zurich, 2016.
[171] Jianjun Huang, Songming Han, Wei You, Wenchang
[159] Yuval Marcus, Ethan Heilman, and Sharon Goldberg. Shi, Bin Liang, Jingzheng Wu, and Yanjun Wu. Hunt-
Low-resource eclipse attacks on Ethereum’s peer-to- ing vulnerable smart contracts via graph embedding
peer network. Cryptology ePrint Archive, 2018. based bytecode matching. IEEE Transactions on Infor-
mation Forensics and Security (TIFS), 16:2144–2156,
[160] Bulat Nasrulin, Georgy Ishmaev, and Johan Pouwelse. 2021.
Meritrank: Sybil tolerant reputation for merit-based
tokenomics. In Conference on Blockchain Research [172] Zhipeng Gao, Vinoj Jayasundara, Lingxiao Jiang, Xin
& Applications for Innovative Networks and Services Xia, David Lo, and John Grundy. Smartembed: A tool
(BRAINS), pages 95–102. IEEE, 2022. for clone and bug detection in smart contracts through
structural code embedding. In IEEE International
[161] Daniel J Moroz, Daniel J Aronoff, Neha Narula, and Conference on Software Maintenance and Evolution
David C Parkes. Double-spend counterattacks: Threat (ICSME), pages 394–397. IEEE, 2019.
of retaliation in proof-of-work systems. arXiv preprint
arXiv:2002.10736, 2020. [173] Saulo Dos Santos, Japjeet Singh, Ruppa K Thulasiram,
Shahin Kamali, Louis Sirico, and Lisa Loud. A new era
[162] Martijn Bastiaan. Preventing the 51%-attack: a stochas- of blockchain-powered decentralized finance (DeFi)-
tic analysis of two phase proof of work in Bitcoin. In a review. In IEEE Annual Computers, Software, and
Availab le at https://fmt.ewi.utwente.nl Applications Conference (COMPSAC), pages 1286–
/media/175.pdf, 2015. 1292. IEEE, 2022.

20
[174] Bruno Mazorra, Victor Adan, and Vanesa Daza. Do not [185] Christopher G Harris. Cross-chain technologies: Chal-
rug on me: Leveraging machine learning techniques lenges and opportunities for blockchain interoperabil-
for automated scam detection. Mathematics, 10(6):949, ity. In 2023 IEEE International Conference on Omni-
2022. layer Intelligent Systems (COINS), pages 1–6. IEEE,
2023.
[175] Sung-Shine Lee, Alexandr Murashkin, Martin Derka,
and Jan Gorzny. SoK: Not quite water under the bridge: [186] Siwei Wu, Dabao Wang, Jianting He, Yajin Zhou, Lei
Review of cross-chain bridge hacks. In IEEE Interna- Wu, Xingliang Yuan, Qinming He, and Kui Ren. Defi-
tional Conference on Blockchain and Cryptocurrency Ranger: Detecting price manipulation attacks on DeFi
(ICBC), pages 1–14. IEEE, 2023. applications. arXiv preprint arXiv:2104.15068, 2021.
[176] Kuheli Sai and David Tipper. Disincentivizing double [187] Liya Su, Xinyue Shen, Xiangyu Du, Xiaojing Liao,
spend attacks across interoperable blockchains. In XiaoFeng Wang, Luyi Xing, and Baoxu Liu. Evil
First IEEE International Conference on Trust, Privacy under the sun: Understanding and discovering attacks
and Security in Intelligent Systems and Applications on Ethereum decentralized applications. In USENIX
(TPS-ISA), pages 36–45. IEEE, 2019. Security Symposium (USENIX Sec), pages 1307–1324,
2021.
[177] Maurice Herlihy, Barbara Liskov, and Liuba Shrira.
Cross-chain deals and adversarial commerce. arXiv [188] Shayan Eskandari, Mehdi Salehi, Wanyun Catherine
preprint arXiv:1905.09743, 2019. Gu, and Jeremy Clark. SoK: Oracles from the ground
truth to market manipulation. In ACM Conference
[178] Alberto Sonnino, Shehar Bano, Mustafa Al-Bassam, on Advances in Financial Technologies (AFT), pages
and George Danezis. Replay attacks and defenses 127–141, 2021.
against cross-shard consensus in sharded distributed
ledgers. In IEEE European Symposium on Security [189] Philipp Winter, Anna Harbluk Lorimer, Peter Snyder,
and Privacy (EuroSP), pages 294–308. IEEE, 2020. and Benjamin Livshits. What’s in your wallet? pri-
vacy and security issues in web 3.0. arXiv preprint
[179] Panpan Han, Zheng Yan, Wenxiu Ding, Shufan Fei, arXiv:2109.06836, 2021.
and Zhiguo Wan. A survey on cross-chain technolo-
gies. Distributed Ledger Technologies: Research and [190] Shucheng Li, Fengyuan Xu, Runchuan Wang, and
Practice, 2(2):1–30, 2023. Sheng Zhong. Self-supervised incremental deep graph
learning for Ethereum phishing scam detection. arXiv
[180] Li Duan, Yangyang Sun, Wei Ni, Weiping Ding, preprint arXiv:2106.10176, 2021.
Jiqiang Liu, and Wei Wang. Attacks against cross-
chain systems and defense approaches: A contempo- [191] Jinhuan Wang, Pengtao Chen, Xinyao Xu, Jiajing Wu,
rary survey. IEEE/CAA Journal of Automatica Sinica, Meng Shen, Qi Xuan, and Xiaoniu Yang. Tsgn: Trans-
10(8):1647–1667, 2023. action subgraph networks assisting phishing detection
in Ethereum. arXiv preprint arXiv:2208.12938, 2022.
[181] Maqsood Ahamed Abdul Careem and Aveek Dutta.
Reputation based routing in manet using blockchain. In [192] alethio. Illiquidity and bank run risk in defi. Retrieved
International Conference on COMmunication Systems from https://medium.com/alethio/overlooke
& NETworkS (COMSNETS), pages 1–6. IEEE, 2020. d-risk-illiquidity-and-bank-runs-on-compo
und-finance-5d6fc3922d0d, 2019.
[182] Zhuo Lv, Di Wu, Wen Yang, and Li Duan. Attack and
protection schemes on fabric isomorphic crosschain [193] Sirio Aramonte, Wenqian Huang, and Andreas
systems. International Journal of Distributed Sensor Schrimpf. Defi risks and the decentralisation illusion.
Networks, 18(1):15501477211059945, 2022. BIS Quarterly Review, 2021.
[183] Giulio Malavolta, Pedro Moreno-Sanchez, Clara [194] Beanstalk Farms. Beanstalk governance exploit. Re-
Schneidewind, Aniket Kate, and Matteo Maffei. trieved from https://bean.money/blog/beanst
Anonymous multi-hop locks for blockchain scalability alk-governance-exploit, 2022.
and interoperability. Cryptology ePrint Archive, 2018.
[195] Brian Sanya Mondoh, Sara M Johnson, Matthew Green,
[184] Yangyang Sun, Longyang Yi, Li Duan, and Wei Wang. and Aris Georgopoulos. Decentralised autonomous
A decentralized cross-chain service protocol based on organisations: The future of corporate governance or an
notary schemes and hash-locking. In IEEE Interna- illusion? Aris (Aristeidis), Decentralised Autonomous
tional Conference on Services Computing (SCC), pages Organisations: The Future of Corporate Governance
152–157. IEEE, 2022. or an Illusion, 2022.

21
[196] Nathan Reiff. Cryptocurrency spoofing: How [208] Zhipeng Wang, Xihan Xiong, and William J Knotten-
it works, protecting yourself. Retrieved from belt. Blockchain transaction censorship:(in) secure and
https://www.investopedia.com/tech/what-c (in) efficient? Cryptology ePrint Archive, 2023.
ryptocurrency-spoofing/, 2021.
[209] Anton Wahrstätter, Jens Ernstberger, Aviv Yaish, Liyi
[197] Raphael Auer, Jon Frost, and Jose María Vidal Pastor. Zhou, Kaihua Qin, Taro Tsuchiya, Sebastian Steinhorst,
Miners as intermediaries: extractable value and market Davor Svetinovic, Nicolas Christin, Mikolaj Barczen-
manipulation in crypto and defi. Technical report, Bank tewicz, et al. Blockchain censorship. arXiv preprint
for International Settlements, 2022. arXiv:2305.18545, 2023.
[210] Bogdan Florin Cornea, Julien Bourgeois, The Tung
[198] David S Kerr, Karen A Loveland, Katherine Taken
Nguyen, and Didier El-Baz. Scalable performance
Smith, and Lawrence Murphy Smith. Cryptocurrency
predictions of distributed peer-to-peer applications. In
risks, fraud cases, and financial performance. Risks,
IEEE International Conference on High Performance
11(3):51, 2023.
Computing and Communication & IEEE International
[199] Shange Fu, Qin Wang, Jiangshan Yu, and Shiping Conference on Embedded Software and Systems, pages
Chen. FTX collapse: a Ponzi story. arXiv preprint 193–201, 2012.
arXiv:2212.09436, 2022. [211] Shuai Yang and Wei Cui. An evaluation system for
defi lending protocols. In 2023 42nd Chinese Control
[200] Imran Yousaf, Yasir Riaz, and John W Goodell. The
Conference (CCC), pages 8888–8893, 2023.
impact of the SVB collapse on global financial markets:
Substantial but narrow. Finance Research Letters, page [212] Mengqi Hao and Jingzhi Ding. Decision-making and
103948, 2023. impact of blockchain on accounts receivable financ-
ing. In LISS 2021, pages 465–477, Singapore, 2022.
[201] Qin Wang, Guangsheng Yu, and Shiping Chen. Cryp- Springer Nature Singapore.
tocurrency in the aftermath: Unveiling the impact of
the SVB collapse. HAL-04216338, 2023. [213] Lohith J. J, Anusree Manoj K, Guru Nanma P, and
Pooja Srinivasan. Tp-detect: trigram-pixel based vul-
[202] CoinGeco. Coingecko yield farming survey 2020. Re- nerability detection for ethereum smart contracts. Mul-
trieved from https://www.coingecko.com/, timedia Tools and Applications, 82(23):36379–36393,
2020. 2023.

[203] Fabian Schär. Decentralized finance: On blockchain- [214] Lejun Zhang, Yuan Li, Ran Guo, Guopeng Wang, Jing
and smart contract-based financial markets. FRB of St. Qiu, Shen Su, Yuan Liu, Guangxia Xu, Huiling Chen,
Louis Review, 2021. and Zhihong Tian. A novel smart contract reentrancy
vulnerability detection model based on bigas. Journal
[204] Qin Wang, Guangsheng Yu, Yilin Sai, Caijun Sun, of Signal Processing Systems, 2023.
Lam Duc Nguyen, Sherry Xu, and Shiping Chen. An
empirical study on Snapshot DAOs. arXiv preprint [215] Chuang Ma, Shuaiwu Liu, and Guangxia Xu. Hgat:
arXiv:2211.15993, 2022. smart contract vulnerability detection method based on
hierarchical graph attention network. Journal of Cloud
[205] Lioba Heimbach, Eric Schertenleib, and Roger Wat- Computing, 12(1):93, 2023.
tenhofer. Risks and returns of Uniswap v3 liquidity
[216] Ke Ye, Meng Shen, Zhenbo Gao, and Liehuang Zhu.
providers. ACM Conference on Advances in Financial
Real-time detection of cryptocurrency mining behavior.
Technologies (AFT), 2022.
In Blockchain and Trustworthy Systems, pages 278–
291, Singapore, 2022. Springer Nature Singapore.
[206] Federico Cernera, Massimo La Morgia, Alessandro
Mei, and Francesco Sassi. Token spammers, rug pulls, [217] P. Mercy Praise, S. Basil Xavier, Anoop Jose, G. Jas-
and sniperbots: An analysis of the ecosystem of to- pher W. Kathrine, and J. Andrew. Variants of crypto-
kens in Ethereum and the Binance smart chain (BNB). jacking attacks and their detection techniques. In Appli-
USENIX Security Symposium (USENIX Sec), 2023. cations and Techniques in Information Security, pages
71–87, Singapore, 2023. Springer Nature Singapore.
[207] Jiahua Xu and Benjamin Livshits. The anatomy of a
cryptocurrency Pump-and-Dump scheme. In USENIX [218] Xun Sun, Xi Xiao, Wentao Xiao, Bin Zhang, Guangwu
Security Symposium (USENIX Sec), pages 1609–1625, Hu, and Tian Wang. Short and distort manipulations
2019. in the cryptocurrency market: Case study, patterns and

22
 detection. In Algorithms and Architectures for Paral- [228] Ryosuke Ushida and James Angel. Regulatory consid-
lel Processing, pages 494–508, Cham, 2022. Springer erations on centralized aspects of defi managed by daos.
International Publishing. In Financial Cryptography and Data Security Work-
shops, pages 21–36, Berlin, Heidelberg, 2021. Springer
[219] Oleksandr Letychevskyi, Volodymyr Peschanenko, Berlin Heidelberg.
Maksym Poltoratskyi, and Yuliia Tarasich. Our ap-
proach to formal verification of token economy mod- [229] José Carlos Laguna De Paz. Some implications of the
els. In Information and Communication Technologies new global digital economy for financial regulation and
in Education, Research, and Industrial Applications, supervision. Journal of Banking Regulation, 24(2):146–
pages 348–363, Cham, 2020. Springer International 155, 2023.
Publishing.
[230] Dieter Reichert. How customer communications and
[220] Li Zhihong and Zhang Jie. Online knowledge commu- interactions become digital assets and critical resources
nity governance based on blockchain token incentives. in customer engagement — an interview with dieter
In Knowledge and Systems Sciences, pages 64–72, Sin- reichert, co-founder of censhare ag. Journal of Digital
gapore, 2019. Springer Singapore. Asset Management, 6(4):232–242, 2010.
[221] Philipp Lesche, Philipp Sandner, and Horst Treiblmaier. [231] Chetan Saiya. Dam in marketing operations and the
Implications of the Token Economy: A Taxonomy and emergence of customer engagement objects – an inter-
Research Agenda, pages 1–30. Springer International view with chetan saiya, ceo of assetlink. Journal of
Publishing, Cham, 2022. Digital Asset Management, 6(2):124–129, 2010.
[222] Liu B., Zhou J., and Z. Lim Y. Being accountable [232] Paul Medeiros and Leonidas Deligiannidis. An ed-
never cheats: An incentive protocol for DeFi oracles. ucational guide to creating your own cryptocurrency.
In IEEE International Conference on Decentralized In Advances in Software Engineering, Education, and
Applications and Infrastructures (DAPPS), pages 1–10, e-Learning, pages 163–177, Cham, 2021. Springer In-
2022. ternational Publishing.
[223] Chenquan Gan, Akanksha Saini, Qingyi Zhu, Yong [233] Shi Y., Shahriar H., Lo D., and Chi H. Enhancing
Xiang, and Zufan Zhang. Blockchain-based access blockchain technology education with innovative ac-
control scheme with incentive mechanism for ehealth tive learning. In 2022 IEEE 2nd International Confer-
systems: patient as supervisor. Multimedia Tools and ence on Advanced Learning Technologies on Educa-
Applications, 80(20):30605–30621, 2021. tion & Research (ICALTER), pages 1–4, 2022.
[224] Aljosha Judmayer, Nicholas Stifter, Alexei Zamyatin, [234] Petar Tsankov, Andrei Dan, Dana Drachsler-Cohen,
Itay Tsabary, Ittay Eyal, Peter Gaži, Sarah Meiklejohn, Arthur Gervais, Florian Buenzli, and Martin Vechev.
and Edgar Weippl. Sok: Algorithmic incentive manip- Securify: Practical security analysis of smart contracts.
ulation attacks on permissionless PoW cryptocurren- In Proceedings of the ACM SIGSAC conference on
cies. In Financial Cryptography and Data Security Computer and Communications Security (CCS), pages
Workshops, pages 507–532, Berlin, Heidelberg, 2021. 67–82, 2018.
Springer Berlin Heidelberg.
[235] Shehar Bano, Alberto Sonnino, Mustafa Al-Bassam,
[225] Zhiyu Xu, Minfeng Qi, Ziyuan Wang, Sheng Wen, Sarah Azouvi, Patrick McCorry, Sarah Meiklejohn,
Shiping Chen, and Yang Xiang. Ib2p: An image-based and George Danezis. SoK: Consensus in the age of
privacy-preserving blockchain model for financial ser- blockchains. In Proceedings of the ACM Conference
vices. In 2021 IEEE International Conference on on Advances in Financial Technologies (AFT), pages
Blockchain (Blockchain), pages 552–558, 2021. 183–198, 2019.
[226] Janka Hartmann and Omar Hasan. Privacy considera- [236] Zeinab Amin. A practical road map for assessing cyber
tions for a decentralized finance (defi) loans platform. risk. Journal of Risk Research, 22(1):32–43, 2019.
Cluster Computing, 26(4):2147–2161, 2023.
[237] Daniel W Woods and Rainer Böhme. SoK: Quantify-
[227] Stéphane Blemus. The compatibility of cbdcs with ing cyber risk. In IEEE Symposium on Security and
“defi” protocols: A governance rather than a technolog- Privacy (SP), pages 211–228. IEEE, 2021.
ical issue to comply with financial crime regulations. In
Financial Cryptography and Data Security Workshops, [238] Sarah Meiklejohn, Marjori Pomarole, Grant Jordan,
pages 97–105, Cham, 2023. Springer International Pub- Kirill Levchenko, Damon McCoy, Geoffrey M Voelker,
lishing. and Stefan Savage. A fistful of bitcoins: characterizing

23
 payments among men with no names. In Proceed- [250] Reza Soltani, Uyen Trang Nguyen, and Aijun An. Prac-
ings of the 2013 conference on Internet measurement tical key recovery model for self-sovereign identity
conference, pages 127–140, 2013. based digital wallets. In IEEE Intl Conf on Depend-
able, Autonomic and Secure Computing, Intl Conf on
[239] Elli Androulaki, Ghassan O Karame, Marc Roeschlin, Pervasive Intelligence and Computing, Intl Conf on
Tobias Scherer, and Srdjan Capkun. Evaluating user Cloud and Big Data Computing, Intl Conf on Cyber
privacy in bitcoin. In International Conference on Fi- Science and Technology Congress (DASC/PiCom/CB-
nancial Cryptography and Data Security, pages 34–51, DCom/CyberSciTech), pages 320–325. IEEE, 2019.
Berlin, Heidelberg, 2013. Springer, Springer Science
& Business Media. [251] Gyeong-Jin Ra, Chang-Hyun Roh, and Im-Yeong Lee.
A key recovery system based on password-protected se-
[240] Zhipeng Wang, Stefanos Chaliasos, Kaihua Qin, Liyi cret sharing in a permissioned blockchain. Computers,
Zhou, Lifeng Gao, Pascal Berrang, Benjamin Livshits, Materials & Continua, 65(1):153–170, 2020.
and Arthur Gervais. On how zero-knowledge proof
blockchain mixers improve, and worsen user privacy. [252] Ali Bagherzandi, Stanislaw Jarecki, Nitesh Saxena, and
In Proceedings of the ACM Web Conference (WWW), Yanbin Lu. Password-protected secret sharing. In ACM
pages 2022–2032, 2023. conference on Computer and Communications Security
(CCS), pages 433–444, 2011.
[241] Rujia Li et al. An accountable decryption system based
on privacy-preserving smart contracts. In International [253] Jan Camenisch, Anja Lehmann, Anna Lysyanskaya,
Conference on Information Security (ISC), pages 372– and Gregory Neven. Memento: How to reconstruct
390. Springer, 2020. your secrets from a single password in a hostile envi-
ronment. In Annual Cryptology Conference (CRYPTO),
[242] Ian Miers, Christina Garman, Matthew Green, and
pages 256–275. Springer, 2014.
Aviel D Rubin. Zerocoin: Anonymous distributed e-
cash from Bitcoin. In IEEE Symposium on Security [254] Shuangyu He, Qianhong Wu, Xizhao Luo, Zhi Liang,
and Privacy (SP), pages 397–411. IEEE, 2013. Dawei Li, Hanwen Feng, Haibin Zheng, and Yanan
Li. A social-network-based cryptocurrency wallet-
[243] Jens Groth. On the size of pairing-based non-
management scheme. IEEE Access, 6:7654–7663,
interactive arguments. In International Conference
2018.
on the Theory and Applications of Cryptographic Tech-
niques, pages 305–326. Springer, 2016. [255] Niko Lehto, Kimmo Halunen, Outi-Marja Latvala,
Anni Karinsalo, and Jarno Salonen. Cryptovault-a
[244] Benedikt Bünz, Jonathan Bootle, Dan Boneh, Andrew
secure hardware wallet for decentralized key manage-
Poelstra, Pieter Wuille, and Greg Maxwell. Bullet-
ment. In 2021 IEEE International Conference on
proofs: Short proofs for confidential transactions and
Omni-Layer Intelligent Systems (COINS), pages 1–4.
more. In IEEE Symposium on Security and Privacy
IEEE, 2021.
(SP), pages 315–334. IEEE, 2018.
[256] Weiqi Dai, Yan Lv, Kim-Kwang Raymond Choo,
[245] Carsten Baum, James Hsin-yu Chiang, Bernardo
Zhongze Liu, Deqing Zou, and Hai Jin. Crsa: A cryp-
David, and Tore Kasper Frederiksen. SoK: Privacy-
tocurrency recovery scheme based on hidden assis-
enhancing technologies in finance. Cryptology ePrint
tance relationships. IEEE Transactions on Information
Archive, 2023.
Forensics and Security (TIFS), 16:4291–4305, 2021.
[246] Stuart Haber and W Scott Stornetta. How to time-stamp
a digital document. Springer, 1991. [257] Sercan Şahan, Adil Furkan Ekici, and Şerif Bahtiyar.
A multi-factor authentication framework for secure
[247] Gavin Wood et al. Ethereum: A secure decentralised access to blockchain. In International Conference on
generalised transaction ledger. Ethereum project yel- Computer and Technology Applications (CCAT), pages
low paper, 151(2014):1–32, 2014. 160–164, 2019.

[248] Andrei-Dragoş Popescu. Decentralized finance (DeFi)– [258] E Benli, I Engin, C Giousouf, MA Ulak, and Ş Bahtiyar.
the lego of finance. Social Sciences and Education Biowallet: a biometric digital wallet. ICONS 2017,
Research Review, 7(1):321–349, 2020. page 45, 2017.

[249] Tamás Katona. Decentralized finance: The possibilities [259] Mehmet Aydar, Salih Cemil Cetin, Serkan Ayvaz, and
of a blockchain “money lego” system. Financial and Betul Aygun. Private key encryption and recovery in
Economic Review, 20(1):74–102, 2021. blockchain. arXiv preprint arXiv:1907.04156, 2019.

24
[260] A Jagadeesan and K Duraiswamy. Secured crypto- supporting DeFi protocols. Deployed on-chain, it acts as a
graphic key generation from multimodal biometrics: computerized transaction protocol that transforms traditional
feature level fusion of fingerprint and iris. arXiv contract terms into executable programs, maintaining logical
preprint arXiv:1003.1458, 2010. connections between terms as a flow (see Figure 1). Smart
contracts feature automatic execution, instant response, and
[261] Teng Hu, Xiaolei Liu, Weina Niu, Kangyi Ding, Yan- strict enforcement, and the contracts deployed on them are
ping Wang, and Xiaosong Zhang. Securing the private tamper-proof, minimizing the chance of human intervention.
key in your blockchain wallet: a continuous authen-
tication approach based on behavioral biometric. In DApp. Short for decentralized applications, DApps are con-
Journal of Physics: Conference Series, volume 1631, structed on blockchain using smart contracts [248]. Smart
page 012104. IOP Publishing, 2020. contracts can be likened to code-based Lego blocks with auto-
matic execution functions [249]. Multiple smart contracts can
collaborate to achieve the intricate functionalities required
A Foundations of DeFi by applications. DApps usually offer user interfaces, stream-
lining users’ interactions with the blockchain. User actions
A.1 Operational Supports via DApps are recorded on the blockchain as transactions,
executed according to pre-written smart contract rules, and
Transactions. A transaction is the smallest unit in the
verified by blockchain nodes.
blockchain ledger. It includes sender and receiver addresses,
the number of coins involved, a unique hash value, a times-
tamp, transaction/gas fee, block information (block ID of the A.2 DeFi Composition
first recording block), and data payloads for execution (cf.
Wallet. A user can manage multiple accounts from a single
Figure 1). Interactions with the blockchain are categorized as
wallet in DeFi. Each account has three components: public
transfer or contract transactions. Transfer transactions involve
key, private key, and address, as shown in Figure 2. A crypto-
simple coin transfers, while contract transactions interact with
graphic algorithm generates a pair of one-to-one keys when
smart contracts. A transaction sender must be an Externally
an account is created. The private key generates the digital
Owned Account (EOA), while the receiver can be a smart
signature necessary for proving ownership of assets, which
contract address or an EOA, and the transaction data field
can be verified by the corresponding public key. An address,
contains the required parameters for the contract function.
generated from the public key by a one-way hash function, is
Block. The block is a fundamental unit of data, consisting of to DeFi what an account is to traditional finance, symboliz-
header and body. The header contains the previous block’s ing a user’s on-chain identity. Since private keys are difficult
hash, current block’s ID, and Merkel root of its content, en- to remember, the wallet developers have set up mnemonics
suring a tamper-proof chain. The block body contains trans- as double insurance policy to help users memorize complex
actions. Creating a new block involves propagation and val- private keys. A mnemonic can be understood as a simplified
idation across different nodes via consensus algorithms. A version of the private key, which is generated by an algorithm
newly added block is linked in the current chain. that selects words from a fixed vocabulary. When the user
Chain. The chain is a series of blocks linked together using forgets the private key, the mnemonic is used to recover it.
cryptographic hashes (cf. Figure 1). Each block contains a
unique identifier (hash) derived from its data and the previous Chain A Chain B Chain C BASE58 0x00 hash(Public Key) check code

block’s hash. This creates a continuous and tamper-resistant ⑧

First 4 Bytes

chain of data known as the blockchain (conceptual milestones Password

Address Address Address
0x00 hash(Public Key) DOUBLESHA256

in 1991 [246], 2008 [29], and 2014 [247]). SHA256 RIPEMD160

Public Key Public Key Public Key ⑦

SECP256K1
Node
Virtual Machine Private Key Private Key Private Key ⑥
deploy Smart ContractA Random
Agreements Sign trigger
Smart Contract Preset Conditions (multiple rounds) ⑤
Tx execute
Blockchain Network Preset Rules
Sign Salt Mnemonic Phrase
Value Status
Tx word1 word2 word3 Random SHA256
... word11 word12 ① ②
Block 0 Block i-1 Block i Block j Block n-1 Block n ③split
... Header ... ... Word List ④
Entropy Checksum(4 bits)

Parent Private
Merkle Time-
Block Key Hash Transaction
Root stamp
Hash
Hash Figure 2: Components of Wallets
Merkle Root Blockchain Digital Signature Timestamp
Body
Network From
package To
hash(Tx1,Tx2) ... hash(Txn-1,Txn) Transaction Counter
Amount
hash(Tx1) hash(Tx2) ... hash(Txn) Tx1 Tx2 ... Txn validate Sign Gas The security of wallets focus on three essential links: the
Tx Data
creation, storage, and use of private keys. The storage security
Figure 1: DeFi Foundations of private keys can be strengthened through local storage. The
security recovery of private keys can be enhanced through se-
Smart contracts. Smart contract constitutes a crucial element cret sharing and TTP. The secure usage of private keys can be

25
 Flash Loan
Borrower Lending Pool
achieved through multi-factor authentication. Non-custodial Management Contract

① request for flash loan

wallets, such as MetaMask [99], locally store private keys, (token type, loan amount)
Request ② check reserve of lending pool
protecting them from server owners and attackers. Through (loan amount≤total reserve)
③calculate fees
academic research, the conditions for implementing secret Borrow ④ optimistic transfer (token type, loan amount)

sharing to protect private keys have evolved from relying on Use ⑤ execute ⑥ allowance
(Arbitrage, self-defined
TTP authentication [250] or permissioned blockchains [251] Liquidation, etc.) business
(repay amount, fee)
������
⑦ check
to utilizing single-password systems [252] and trustless en- (token type,
repay amount+fee)
Repay
vironments [253]. The industry has also developed security- ⑧ transfer
(token type, repay amount+fee)
enhanced wallets based on secret sharing, such as Zengo [100].
Academic research has covered different types of TTP-based
wallets, e.g., [254]’s identity-based key encryption for soft- Figure 3: Flash Loan Workflow
ware wallets and [255]’s recovery for hardware wallets, and
considered factors like privacy, e.g., [256]’s recovery scheme
with privacy protection using ZKPs. Argent [101] is one liquidate debts and earn rewards. Some protocols distribute
of the industry examples that utilizes TTP. Multi-factor au- governance tokens to users to incentivize participation.
thentication, including biometric features [257] like finger- Flash Loan. The workflow of flash loans or flash swaps is
print [258, 259], iris, pulse [260], and behavioral features like illustrated in Figure 3.
mouse behavior [261], can help to verify the identity of user.
Off-chain Order Book On-chain Order Book Non Order Book(AMM)

Oracle. Oracle provides external data sources for smart con- submit order submit order submit order
settle settle settle
tracts on the blockchain, supplying them with data infor- off-chain
Smart Contract Smart Contract Smart Contract

mation. The oracle retrieves the data from off chain data on-chain
record

providers, typically nodes within the blockchain network, match Blockchain Network Pool Token� Pool Token� Exchange Rate
Management
who fetch data from various public sources. The data is then Order Book

Token�
Price
sent to smart contracts of the oracle, which tasks such as pack- match
Order Book
aging, verification, and cleansing of the received data. Finally, Token�

the oracle submits the updated data, allowing the user or smart
contract that initiated the request to obtain. Figure 4: DEX Implementation Models
Stablecoin. Stablecoins can be formed through various meth-
ods, including off-chain reserves or on-chain collateralization. Exchange. DEX can be divided into different models based
Stablecoins circulate similarly to traditional finance systems, on the implementation of trading pair discovery and order
involving reserve, issuance, and other essential links. Off- matching (cf. Figure 4). Some DEXs use order book, where
chain reserved stablecoins are backed by fiat or assets like orders are recorded in an order book, and transactions are
gold. Maintaining transparency and integrity of reserve as- aggregated using principles of high and low bids and time
sets ensures a 1:1 collateralization ratio between stablecoins order. DEXs using on-chain order books maintain order books
and backing assets. However, these stablecoins carry risks at each node, with orders submitted to smart contracts and
due to centralized reserves and third-party audits. In contrast, broadcasted to the network. When receiving the order, the
on-chain reserve stablecoins and algorithmic stablecoins use node records and matches the prices and automatically exe-
digital assets as collateral or eliminate collateralization al- cutes the trade. The discovery of transactions in this model
together. They are created through a transparent on-chain is limited by network performance. The off-chain order book
process with different price stabilization mechanisms. De- model is similar to traditional exchanges, where the exchange
spite their advantages, some on-chain stablecoins are prone maintains an order book and matches them off-chain. Several
to downfall caused by a death spiral during crises. DEXs innovate the non-order book model. Two methods are
(i) the establishment of a reserve pool, and (ii) the use of the
Lending. Decentralized lending protocols typically involve AMM mode, which calculates the exchange rate between two
collateralization, lending, and liquidation. Users provide digi- or more assets according to specific algorithms, providing the
tal assets as collateral, which are aggregated into a pool that quotation between assets at any time. Both sides of AMM
forms a reserve used for redemption. The smart contracts trades interact with on-chain liquidity pools that allow users
issue credential tokens to users, which can be used for re- to seamlessly switch between tokens. Liquidity providers earn
demption. Users’ credit for borrowing is based on the liquid- income based on the percentage of their contribution to the
ity they provide, and the floating or fixed borrowing rate is pool. The core of AMM lies in various exchange rate algo-
determined by an interest rate contract that adjusts based on rithms, including constant mean, constant product, dynamic
supply-borrowing dynamics according to specific interest rate weighting, and constant sum.
models. Liquidation is triggered when a user’s debts exceed
the borrowing capacity, and any participant can compete to

26