Decentralized finance security: A survey of attacks, defenses, and open challenges

Decentralized finance (DeFi) has emerged as a transformative paradigm, leveraging programmable blockchains to innovate upon traditional financial services without centralized intermediaries. However, DeFi introduces a unique and highly adversarial security landscape characterized by immutable transactions, complex protocol composability, and transparent execution environments. This survey provides a comprehensive systematization of DeFi security, categorizing vulnerabilities across three distinct layers: technical and code layer, economic and protocol layer, and infrastructure and cross-chain layer. Furthermore, we structure the defense mechanisms according to the protocol lifecycle, including pre-deployment prevention strategies, runtime mitigation techniques, and post-incident response and recovery mechanisms. We also delve into specific phenomena such as maximal extractable value, analyzing its dual role as both a market efficiency tool and a security vector. By synthesizing existing literature and incident reports, this survey establishes a holistic framework for understanding the interplay between code and finance. Finally, we identify critical open challenges and propose future research directions aimed at maturing the discipline of DeFi security and mitigating systemic risks.