DeFi Security Checklist for Developers

Avoid spot prices from DEXes. Use Chainlink, time-weighted averages, or other manipulation-resistant sources.

Reject prices older than acceptable threshold. Include updatedAt timestamp validation.

If primary oracle fails, have a secondary source or safe fallback behavior.

Reject prices that deviate too far from expected ranges to catch oracle manipulation.

Chainlink feeds have different decimals. Normalize all price feeds to consistent precision.

Consider commit-reveal or other mechanisms if oracle updates create arbitrage opportunities.

Flash loans cannot manipulate time-weighted averages. Never rely on single-block spot prices.

For governance or rewards, consider requiring deposits to be present for multiple blocks.

Prevent users from depositing and taking action (voting, claiming) in the same block.

Vault share prices should not be manipulable by large deposits/withdrawals in single transactions.

Understand that attackers pay fees. Some attacks are unprofitable after fees.

After every operation, the pool invariant must hold. Test edge cases thoroughly.

Implement slippage protection and consider private transaction submission options.

First LP should lock minimum liquidity to prevent share price manipulation.

Fees must be calculated correctly in all scenarios including edge cases.

Verify behavior when pools become highly imbalanced or near-empty.

LP tokens must accurately represent share of pool. No inflation or deflation bugs.

Health factor must be calculated correctly including all positions and proper oracle prices.

Liquidation must be profitable enough to incentivize liquidators but not excessive.

Have mechanisms to handle underwater positions where debt exceeds collateral.

Interest accrual must be calculated correctly. Test with various utilization levels.

Borrow limits must be enforced to prevent protocol insolvency.

Partial liquidations must leave positions in valid state or fully liquidate.

Send small amount to vault on deployment or implement virtual shares to prevent share inflation attack.

Share price must accurately reflect underlying assets. Check for rounding attacks.

Donating tokens to vault should not unfairly benefit or harm depositors.

If using withdrawal queues, ensure fair processing and no front-running.

Understand and document risks of underlying yield sources. Implement loss limits.

Users should be able to withdraw in emergencies even if it means forfeiting some yield.

Some tokens don't return bool. SafeERC20 handles these edge cases.

Calculate actual received amount after transfer, not the transfer amount.

Account for balance changes between transactions for tokens like stETH.

Normalize calculations for tokens with different decimals (USDC has 6, DAI has 18).

Use increaseAllowance/decreaseAllowance or reset to zero first for tokens with approval race conditions.

USDC and USDT can blocklist addresses. Consider implications for your protocol.

Think through how an attacker with unlimited capital could exploit your protocol.

All fee distributions must sum correctly. No funds should be lost or created.

Identify where sandwich attacks, front-running, or back-running could harm users.

Ensure all protocol participants are incentivized to behave honestly.

Simulate behavior during high volatility, black swan events, and market crashes.