Back to Blog

DeFi Risk Mitigation Guide 04: Security Practices for DeFi Project Team

July 7, 2024

This series of articles, excerpted from the "Security Special Edition 05" co-curated by OKX Web3 and BlockSec, addresses the security concerns faced by DeFi users and DeFi project teams.

Q1 : What types of risks do DeFi projects face, and how can they address them?

BlockSec Security Team : DeFi projects face several types of risks, including code security risks, operational security risks, and external dependency risks.

Firstly, code security risks refer to potential vulnerabilities at the code level of DeFi projects. For DeFi projects, smart contracts are the core of their business logic (front-end and back-end processing logic belong to traditional software development and are relatively mature), and they are the focus of our attention and discussion, including :

  • 1)Firstly, from a development perspective, it is necessary to follow recognized smart contract security development practices in the industry, such as the Checks-Effects-Interactions pattern used to prevent reentrancy vulnerabilities; also, common functionalities should be implemented using reliable third-party libraries to avoid the unknown risks of reinventing the wheel.
  • 2)Secondly, thorough internal testing is essential. Testing is an important part of software development that helps discover many issues. However, for DeFi projects, local testing alone is not sufficient to expose problems; further testing is needed in an environment close to actual deployment.
  • 3)Lastly, after testing is completed, engage reputable third-party audit services. Although audits cannot guarantee 100% absence of issues, systematic audits can greatly help project teams identify common security issues, which are often areas that developers are not familiar with or find difficult to reach due to different ways of thinking. Of course, since audit firms vary in expertise and focus, if the budget allows, it is recommended to involve two or more audit firms in practice.

Secondly, operational security risks arise post-launch and encompass both potential, undetected code vulnerabilities—even after rigorous development, testing, and auditing—as well as post-deployment challenges like private key leaks and misconfigured system parameters. These can result in severe outcomes and substantial losses. Recommended strategies to mitigate these risks include :

  • 1)Establish a robust private key management system, such as reliable hardware wallets or MPC-based wallet solutions.
  • 2)Monitor the operational status in real-time to detect privileged operations and the security status of the project.
  • 3)Build an automated response mechanism for risks, such as using BlockSec Phalcon, which can automatically implement blocking when an attack is encountered to prevent further losses.
  • 4)Avoid single-point risks in privileged operations, such as using multisig wallet Safe{Wallet} for executing privileged operations.

Thirdly, external dependency risks refer to the risks brought by the project's external dependencies, such as relying on price oracles provided by other DeFi protocols, but if the oracle has issues, it leads to incorrect price calculations. Recommendations for addressing external dependency risks include :

  • 1)Choose reliable external partners, such as recognized top-tier protocols in the industry.
  • 2)Monitor the operational status, similar to operational security risks, but the monitoring target here is external dependencies.
  • 3)Build an automated response mechanism for risks, similar to operational security risks, but the response methods may differ, such as switching to backup dependencies instead of directly pausing the entire protocol.

In addition, for project parties wishing to build monitoring capabilities, we also offer some monitoring advice :

  • 1)Set monitoring points accurately: Determine which key states (variables) of the protocol need monitoring and where to monitor, which is the first step in building monitoring capabilities. However, it is difficult to cover all monitoring points comprehensively, especially in attack monitoring, it is recommended to use an external professional third-party attack detection engine that has been tested in real

BlockSec Phalcon is the world’s only attack monitoring and blocking platform with a proven track record. It has saved over $20 million worth of assets in more than 20 whitehat hacker rescues. Learn more at 👇

https://blocksec.com/blog/lead-in-phalcon-s-hack-blocking-saga

  • 2)Ensure the precision and timeliness of monitoring: The precision of monitoring means having minimal false positives (FP) and false negatives (FN). A monitoring system lacking accuracy is essentially unusable; timeliness is a prerequisite for response (for example, whether it can detect before a suspicious contract is deployed or before an attack transaction is put on the chain), otherwise, it can only be used for post-event analysis, which requires high performance and stability from the monitoring system.
  • 3)An automated response capability is needed: Based on accurate and real-time monitoring, an automated response can be constructed, including pausing the protocol to block attacks, etc. A customizable and reliable automated response framework is needed here to support flexible customization of response strategies according to the project party's needs and to trigger execution automatically.

In general, the construction of monitoring capabilities requires the participation of professional external security vendors.

OKX Web3 Wallet Security Team : DeFi project teams face a variety of risks, mainly including the following categories:

  • 1)Technical risks: Mainly include smart contract vulnerabilities and cyber attacks. Protection measures include adopting secure development practices, hiring professional third-party audit companies for comprehensive smart contract audits, setting up bug bounty programs to encourage white-hat hackers to discover vulnerabilities, and isolating assets to improve the security of funds.
  • 2)Market risks: Mainly include price fluctuations, liquidity risks, market manipulation, and composability risks. Protection measures include using stablecoins and risk hedging to guard against price fluctuations; utilizing liquidity mining and dynamic fee mechanisms to address liquidity risks; strictly reviewing the types of assets supported by DeFi protocols and using decentralized oracles to prevent market manipulation; and continuously innovating and optimizing protocol functions to address competitive risks.
  • 3)Operational risks: Mainly include human error and governance mechanism risks. Protection measures include establishing strict internal controls and operational processes to reduce human errors; using automated tools to improve operational efficiency; and designing robust governance mechanisms to balance decentralization and security, such as introducing voting delays and multi-signature mechanisms. Also, monitor the projects that have gone live and have emergency plans in place to take immediate action and minimize losses in case of anomalies.
  • 4)Regulatory risks: Mainly include legal compliance requirements and Anti-Money Laundering (AML) / Know Your Customer (KYC) obligations. Protection measures include hiring legal advisors to ensure the project complies with legal and regulatory requirements, establishing transparent compliance policies, and actively implementing AML and KYC measures to enhance trust with users and regulatory authorities.

Q2 : How should DeFi projects evaluate and select a reputable audit firm?

BlockSec Security Team : Here are some simple standards for reference:

  • 1)Have they audited well-known projects: This indicates that the audit company is recognized by these well-known projects.
  • 2)Have the audited projects been attacked: Although theoretically, an audit cannot guarantee 100% security, practical experience shows that most projects audited by reputable audit companies have not been attacked.
  • 3)Assess audit quality via historical reports: The audit report is an important sign of the professionalism of the audit company, especially when the same audit project and the same audit scope can be compared. The focus should be on the quality (severity) and quantity of vulnerabilities found, and whether the findings are usually accepted by the project party.
  • 4)Professional personnel: The composition of the audit company's personnel, including their education and professional background, systematic education, and experience in the industry are very helpful in ensuring the quality of the audit.
Sign up for the latest updates
Drift Protocol Incident: Multisig Governance Compromise via Durable Nonce Exploitation
Security Insights

Drift Protocol Incident: Multisig Governance Compromise via Durable Nonce Exploitation

On April 1, 2026 (UTC), Drift Protocol on Solana suffered a $285.3M loss after an attacker exploited Solana's durable nonce mechanism to delay the execution of phished multisig approvals, ultimately transferring administrative control of the protocol's 2-of-5 Squads governance with zero timelock. With full admin privileges, the attacker created a malicious collateral market (CVT), inflated its oracle price, relaxed withdrawal protections, and drained USDC, JLP, SOL, cbBTC, and other assets through 31 rapid withdrawals in approximately 12 minutes. This incident highlights how durable nonce-based delayed execution can decouple signer intent from on-chain execution, bypassing the temporal assumptions that multisig security implicitly relies on.

Weekly Web3 Security Incident Roundup | Mar 23 – Mar 29, 2026
Security Insights

Weekly Web3 Security Incident Roundup | Mar 23 – Mar 29, 2026

This BlockSec weekly security report covers eight DeFi attack incidents detected between March 23 and March 29, 2026, across Ethereum and BNB Chain, with total estimated losses of approximately $1.53M. Incidents include a $679K flawed burn mechanism exploit on the BCE token, a $512K spot-price manipulation attack on Cyrus Finance's PancakeSwap V3 liquidity withdrawal, a $133.5K flash-loan-driven referral reward manipulation on a TUR staking contract, and multiple integer overflow, reentrancy, and accounting error vulnerabilities in DeFi protocols. The report provides detailed vulnerability analysis and attack transaction breakdowns for each incident.

Newsletter - March 2026
Security Insights

Newsletter - March 2026

In March 2026, the DeFi ecosystem experienced three major security incidents. Resolv Protocol lost ~$80M due to compromised privileged infrastructure keys, BitcoinReserveOffering suffered ~$2.7M from a double-minting logic flaw, and Venus Protocol incurred ~$2.15M following a donation attack combined with market manipulation.