DeFi Explained: What Is Decentralized Finance?

DeFi — decentralized finance — is the umbrella term for financial services built on public blockchains. Instead of banks and brokers, DeFi uses smart contracts: self-executing code that holds and moves funds according to programmable rules, without any company in between. Since 2020, DeFi has grown from a niche experiment into a financial ecosystem with tens of billions of dollars in assets under management.

What DeFi is (the simple version)

Imagine a bank that is entirely run by software. You deposit money, and the software automatically lends it to other users and pays you interest. You want to trade tokens, and the software prices your trade and executes it instantly. No business hours, no identity checks, no account freezes. Anyone with a crypto wallet can participate — in Lagos, Bogotá, or Berlin.

That is DeFi in practice. Every DeFi protocol is a set of smart contracts deployed on a blockchain — most commonly Ethereum or an Ethereum Layer 2. The contracts hold user funds and execute financial logic transparently. All transactions and all contract code are publicly auditable on-chain.

How DeFi works

DeFi protocols are typically governed by a DAO (decentralized autonomous organization) whose members hold governance tokens and vote on protocol changes. When you interact with a DeFi protocol, you connect your self-custody wallet (MetaMask, Coinbase Wallet, etc.), approve a smart contract to interact with your tokens, and sign transactions directly from your wallet. The protocol never takes custody of your funds — the smart contract does, enforced by code.

The transparency cuts both ways. Anyone can audit the code and verify the rules. But it also means that when a vulnerability is discovered, anyone can exploit it before a fix is deployed.

The major DeFi categories

Lending and borrowing

Lending protocols let holders deposit assets and earn yield from borrowers who must over-collateralize their loans. Aave is the largest example: depositors supply USDC, ETH, or other assets and earn a variable interest rate while borrowers post collateral worth more than their loan (typically 130–150% of the borrowed amount). If collateral falls below the required ratio, automated liquidators close the position and claim a liquidation bonus. No credit checks, no paperwork, instant settlement.

Compound pioneered this model and introduced liquidity mining in 2020 — rewarding depositors and borrowers with COMP governance tokens on top of interest. This ignited the first DeFi summer and established the yield-farming flywheel that defines the sector.

Decentralized exchanges

DEXs replace order books with automated market makers (AMMs) — liquidity pools where anyone can deposit token pairs and earn fees from trades that pass through the pool. Uniswap pioneered this model on Ethereum. Curve Finance modified it for stablecoin swaps where minimal slippage matters most. By 2021, Uniswap alone was routing more daily trading volume than Coinbase on certain days.

Yield farming and aggregators

Yield farming involves deploying capital across DeFi protocols to maximize returns — combining lending yield, trading fees, and governance token incentives simultaneously. Yield aggregators like Yearn Finance automate this by moving user funds to the highest-yielding opportunities and compounding rewards automatically.

Liquid staking

Staking ETH on the Ethereum beacon chain requires locking 32 ETH and forfeiting liquidity for the staking period. Liquid staking protocols like Lido accept any amount of ETH, stake it on users' behalf, and issue a liquid receipt token (stETH) that can be used elsewhere in DeFi while the underlying ETH earns staking rewards. Lido controls roughly 30% of all staked ETH — a meaningful centralization concern that its governance is actively debating.

Understanding TVL

TVL (total value locked) is the most commonly cited DeFi metric. It represents the total dollar value of assets deposited into a protocol's smart contracts. At its 2021 peak, the entire DeFi ecosystem held over $180 billion in TVL. By the end of the 2022 bear market, that figure had contracted to roughly $40 billion.

TVL is a useful size indicator but a poor proxy for protocol health. The main distortions:

• Recursive leverage — depositing ETH to borrow stablecoins, using those stablecoins to buy more ETH, depositing again. The same capital appears multiple times.
• Token price inflation — TVL moves with the underlying token prices, inflating during bull markets and collapsing in bear markets even if no funds are actually withdrawn.
• Incentive-driven deposits — protocols offering high governance token rewards attract mercenary liquidity that evaporates when incentives drop.

Pair TVL with protocol revenue (actual fee income), the token distribution schedule, and the quality of the underlying code audits for a more complete picture.

DeFi risks

Smart contract exploits

Smart contract code is immutable once deployed — bugs cannot be patched, only mitigated through upgradeable proxy patterns or contract migrations. Reentrancy attacks, oracle price manipulation, and access-control flaws have drained hundreds of millions of dollars from protocols over the years. The $600M Poly Network hack (2021), the $182M Beanstalk governance exploit (2022), and the $197M Euler Finance hack (2023) are among the largest. Independent security audits are a necessary but not sufficient precondition — the Euler hack occurred despite multiple audits.

Oracle manipulation

DeFi lending protocols rely on price oracles — external data feeds — to know the current value of collateral. If an attacker can manipulate the price feed (using a flash loan to temporarily distort a DEX price used as an oracle), they can trick a lending protocol into releasing more funds than the collateral is worth. Protocols using decentralized oracles like Chainlink have much stronger resistance to this attack than those using single-source or on-chain-only price references.

Governance attacks

Because DeFi protocols are governed by token holders, anyone who accumulates enough tokens can pass malicious governance proposals. In April 2022, an attacker flash-loaned $1 billion in governance tokens, voted to pass a proposal that drained the Beanstalk protocol's $182M treasury, and repaid the flash loan — all in a single transaction. Timelocks (delays between proposal passage and execution) and high quorum thresholds are the main mitigations, but not all protocols have robust governance security.

How to evaluate a DeFi protocol

When reading a DeFi whitepaper or protocol documentation, the questions that matter most:

• Has the code been audited by independent firms, and are the audit reports publicly available? Who audited it?
• What is the upgrade mechanism? Can the team change the protocol unilaterally, or does every change require a governance vote with a timelock?
• What oracle does the protocol use for price data? Is it a decentralized oracle network or a single on-chain source vulnerable to manipulation?
• Is there a bug bounty program, and what is the maximum payout? A $100K cap signals the protocol is not taking security seriously relative to its TVL.
• What are the token emission schedules? Protocols subsidizing TVL with token inflation can look healthy while slowly diluting holders.

DeFi on ChainClarity

Browse all DeFi protocols on ChainClarity to compare whitepaper analyses, tokenomics models, and risk profiles side by side. Key projects:

• Aave — largest decentralized lending protocol; three audits per major version
• Ethereum — the foundational smart contract platform where most DeFi activity originates
• Polygon — low-fee Layer 2 widely used for DeFi activity
• Chainlink — oracle network that feeds price data into DeFi lending and derivative contracts