Guide
DeFi explained: decentralized finance fundamentals
Decentralized finance (DeFi) is financial software that runs on public blockchains instead of inside banks and brokerages. You connect a wallet, approve transactions, and interact with smart contracts that hold pooled assets, set interest rates algorithmically, and swap tokens without a human clerk in the middle. Lending, trading, stablecoins, derivatives, and yield strategies that once required institutions are now composable Lego blocks any developer can wire together. That openness created hundreds of billions in on-chain activity — and a graveyard of exploits, rug pulls, and misunderstood risks. This guide explains what DeFi actually does, how its core primitives fit together, where the dangers hide, and how to evaluate a protocol before you deposit. For deeper dives, see our guides on smart contracts, liquidity pools and AMMs, and Layer 2 scaling.
What DeFi is — and what it is not
Traditional finance routes every action through regulated intermediaries: your bank holds deposits, a broker matches stock orders, a clearinghouse settles trades. DeFi replaces those intermediaries with open-source programs deployed on networks like Ethereum, Solana, and Arbitrum. The programs are usually non-custodial: you keep control of your wallet keys; the contract only moves funds when you sign a transaction that matches its rules.
DeFi is not automatically safer, cheaper, or more private than centralized finance (CeFi). Blockchains are transparent — every swap and liquidation is public — and gas fees can make small trades uneconomical. Many "decentralized" protocols still rely on multisig admin keys, off-chain oracles, and front ends hosted on AWS. The difference is permissionless composability: anyone can build on top of existing contracts without asking for an API key, which accelerates innovation and fraud in equal measure.
Total value locked (TVL) — the dollar value of assets deposited in DeFi contracts — is a common headline metric. It measures footprint, not quality. A protocol can hold billions because it pays unsustainable yield, not because users trust its engineering.
Core DeFi primitives
On-chain lending and borrowing
Protocols like Aave, Compound, and Solend pool deposits from lenders and lend them to borrowers who post collateral. Interest rates float with utilization: when the pool is nearly empty, rates spike to attract deposits and discourage new borrows. Borrowers must maintain a health factor — if collateral value falls below a liquidation threshold, anyone can repay part of their debt and seize collateral at a discount (liquidation bonus). This is how DeFi enforces credit without credit scores: everything is over-collateralized, often 150% or more.
Flash loans extend the model: borrow millions with no collateral, but repay within the same transaction block or the entire operation reverts. Arbitrageurs and exploiters use flash loans to move capital atomically — a feature unique to composable chains.
Decentralized exchanges (DEXs) and AMMs
Order-book DEXs match bids and asks on-chain (expensive on Ethereum L1). Most
volume flows through automated market makers (AMMs) — smart
contracts holding two-token reserves that price trades with a formula (classically
x * y = k). Uniswap, Curve, Raydium, and Orca are AMM families with
different curve shapes for volatile pairs vs stable pairs. Liquidity providers (LPs)
deposit both sides of a pair and earn swap fees; they also face
impermanent loss when prices diverge. See our
AMM mechanics guide
for the math and trade-offs.
Stablecoins and money markets
Stablecoins peg to the U.S. dollar (or other assets) so traders can park value without exiting crypto. Designs differ sharply:
- Fiat-backed — USDC and USDT hold reserves off-chain; trust the issuer and auditors.
- Crypto-collateralized — DAI is minted against ETH and other collateral locked in MakerDAO vaults.
- Algorithmic — supply expands and contracts via incentives; several designs collapsed in 2022–2023.
Stablecoins are the settlement layer inside DeFi: you lend USDC, borrow against it, swap into ETH, loop leverage, or farm governance tokens — all without a bank wire.
Yield, staking, and governance tokens
"Yield" in DeFi usually means swap fees, borrow interest spreads, inflationary governance token emissions, or points programs — often stacked. Liquidity mining pays users to bootstrap TVL; when emissions end, yields often collapse. Liquid staking tokens (stETH, mSOL) represent staked ETH or SOL that remains tradable while earning consensus rewards — useful collateral, but they introduce peg and smart-contract risks beyond native staking.
Governance tokens (UNI, AAVE, MKR) let holders vote on fee switches, collateral listings, and treasury spending. High fully diluted valuations with low float can mean years of sell pressure from insiders and investors.
How smart contracts wire it together
DeFi is only as trustworthy as the code executing it. Contracts are deployed to addresses; users call functions that transfer tokens via the ERC-20 or SPL standards, update internal accounting, and sometimes call other contracts — the "money Legos" pattern. A typical leveraged yield strategy might: deposit USDC in a lending pool, borrow ETH, swap ETH on a DEX, restake, and re-deposit — five protocols, one wallet signature per step, each adding attack surface.
Upgradable proxies let teams patch bugs — but also change rules. Immutable contracts cannot be fixed after deployment. Neither model is inherently better; you need to know which you are using. Formal audits reduce but do not eliminate risk: auditors miss bugs, and upgrades after the audit invalidate the report.
Oracles feed off-chain prices (ETH/USD) on-chain so lending pools know when to liquidate. Manipulated or stale oracle data has caused multi-million-dollar losses. Time-weighted average price (TWAP) oracles and multiple sources mitigate but add latency and complexity.
DeFi vs CeFi: trade-offs that matter
| Dimension | DeFi (on-chain) | CeFi (exchange / lender) |
|---|---|---|
| Custody | Non-custodial wallet — you hold keys | Platform holds assets — IOU on their ledger |
| Transparency | Contracts and balances verifiable on-chain | Opaque reserves until audits or failures |
| Access | Permissionless — anyone with a wallet | KYC, geography, and credit limits |
| Recourse | No chargebacks — irreversible txs | Support tickets, sometimes insurance |
| UX / speed | Wallet popups, gas, failed simulations | Familiar apps, instant internal transfers |
CeFi failures (exchange insolvency, frozen withdrawals) pushed users toward self-custody DeFi — but self-custody means you are the customer support when you sign a malicious approval or fall for a phishing site. DeFi shifts operational risk from institution to user.
Risk categories every DeFi user should map
Smart contract and economic exploits
Reentrancy, oracle manipulation, flash-loan governance attacks, and rounding errors have drained protocols repeatedly. Economic design flaws — unstable stablecoin reflexivity, death spirals when collateral and debt share the same token — can fail without a single line of buggy code.
Impermanent loss and leverage cascades
LPs on volatile pairs often underperform simply holding the assets. Leveraged farmers face liquidation cascades in sharp drawdowns: collateral sold into thin pools pushes prices lower, triggering more liquidations.
Bridge and cross-chain risk
Moving assets to Layer 2 rollups or sidechains often uses bridges — high-value honeypots that have suffered some of the largest hacks in crypto history. Canonical bridges tied to L1 security differ from third-party liquidity networks; read the trust model before you bridge life savings.
Regulatory and issuer risk
Fiat-backed stablecoins can freeze addresses. Front ends can be delisted or geoblocked even when contracts still run. Tax treatment of swaps, yield, and airdrops varies by jurisdiction and is often unclear for retail users.
MEV and execution quality
Searchers reorder transactions in the mempool to sandwich your DEX swap — you pay worse prices than the UI quoted. Private mempools, batch auctions, and L2 sequencing change but do not remove extraction; see MEV on Solana for one chain's version of the problem.
Ethereum, Solana, and where activity lives
Ethereum pioneered DeFi composability; high L1 gas pushed volume to L2s (Arbitrum, Base, Optimism) while Ethereum itself holds settlement security. Solana optimizes for low fees and high throughput — attractive for retail-sized swaps and gaming economies, with ecosystems around Jupiter (aggregator), Marinade and Jito (staking), and Kamino (lending). The primitives rhyme across chains; the risk profiles differ (network outages, client diversity, validator concentration on Solana vs Ethereum's L2 fragmentation).
Beginners often start on a major chain with deep liquidity, audited blue-chip protocols, and a wallet they already understand — then experiment with smaller caps only with money they can lose entirely.
How to evaluate a DeFi protocol before depositing
- Audit history — Who audited, when, and is the deployed bytecode identical to the audited commit? Any post-audit upgrades?
- Admin keys — Multisig threshold, known signers, timelock delay on upgrades. Can the team pause withdrawals or mint unlimited tokens?
- Oracle design — Single source vs median of many; manipulation resistance on illiquid collateral.
- Liquidity depth — Can you exit your position size without moving price 5–10%? Thin pools amplify IL and liquidation pain.
- Yield source — Trading fees and borrow spread are sustainable; token emissions usually are not. Read the docs for emission schedules.
- Historical incidents — How did the team respond to past bugs? Socialized losses vs making users whole signals culture.
- Wallet hygiene — Use a burner wallet for experimental farms; revoke token approvals periodically; never sign blind transactions.
Start with small test deposits and a full withdrawal cycle before scaling. If you cannot explain where the yield comes from in two sentences, treat the APY as a warning label, not an invitation.
Key takeaways
- DeFi replaces financial intermediaries with composable smart contracts for lending, trading, stablecoins, and yield — permissionless but not risk-free.
- Core primitives — over-collateralized lending, AMM DEXs, stablecoin rails, and governance tokens stack into complex strategies with multiplied attack surface.
- Transparency and custody shift to the user: on-chain verifiability trades off against irreversible mistakes and exploit exposure.
- Risks span code, economics, bridges, oracles, MEV, and regulation — TVL alone is not a quality signal.
- Due diligence — audits, admin keys, oracle design, liquidity depth, and yield sustainability matter more than headline APY.
- Chain choice — Ethereum L2s and Solana offer different fee, speed, and ecosystem trade-offs; match the chain to your position size and risk tolerance.
Related reading
- Liquidity pools and AMM mechanics explained — constant-product math, impermanent loss, and LP economics
- Smart contracts explained — deployment, upgrades, and common exploit classes
- Ethereum fundamentals explained — gas, staking, and the home of most DeFi TVL
- Solana staking explained — validators, liquid staking, and network security