DeFi Glossary.

A blockchain is a database maintained simultaneously by thousands of independent computers (nodes). Records are grouped into blocks, each of which contains a cryptographic reference to the previous block, forming a chain. Once a block is confirmed by the network, its contents cannot be altered without redoing all subsequent blocks — a task that becomes computationally prohibitive at scale.

The key property of a blockchain is that no single entity controls it. Trust is replaced by mathematics: anyone can verify any transaction by running the same validation rules as every other node. Bitcoin introduced the first practical blockchain in 2009; Ethereum extended the concept by adding programmable smart contracts in 2015.

A node is any computer participating in a blockchain network. Full nodes download and independently verify every block and transaction since the genesis block, maintaining a complete copy of the blockchain. Light nodes verify only block headers and rely on full nodes for transaction data. Validator nodes (on Proof-of-Stake chains) additionally participate in consensus by staking tokens and proposing or attesting to new blocks.

The distribution of nodes is what makes a blockchain resistant to censorship and attack. The more geographically and organizationally diverse the node set, the harder it is for any party to coerce or shut down the network.

A consensus mechanism is the set of rules by which nodes in a blockchain network agree on the valid state of the ledger. The two dominant models are Proof of Work (PoW) and Proof of Stake (PoS).

Proof of Work requires nodes to solve computationally expensive puzzles to earn the right to add a block. Bitcoin uses PoW. It is energy-intensive but has the longest security track record. Proof of Stake requires nodes to lock up (stake) cryptocurrency as collateral. Validators are selected to propose blocks proportionally to their stake. Ethereum moved to PoS in 2022. PoS is far more energy-efficient and allows higher transaction throughput.

A smart contract is a program stored on a blockchain that executes automatically when predetermined conditions are met. No human authorization is required. No intermediary can prevent execution. The code is visible to anyone, and once deployed, an immutable smart contract cannot be altered by any party — including its creator.

Smart contracts are the engine of DeFi. Every lending protocol, DEX, and yield strategy runs on smart contract logic. Their trustless execution is what makes DeFi different from traditional finance: the rules are enforced by mathematics, not by institutions.

A crypto wallet is software or hardware that stores private keys and enables interaction with blockchains. Despite the name, a wallet does not hold cryptocurrency — assets exist on the blockchain itself. The wallet holds the key that proves ownership and authorizes transactions.

Hot wallets (MetaMask, Phantom) are internet-connected and convenient for frequent use. Cold wallets (Ledger, Trezor) store keys on a physical device never connected to the internet, offering significantly stronger security for larger holdings.

A private key is a randomly generated 256-bit number that serves as the cryptographic proof of ownership of a blockchain address. Every wallet address has a corresponding private key. Signing a transaction with your private key proves you authorized it, without revealing the key itself.

Whoever holds the private key controls the assets at that address — unconditionally, without appeal. There is no password reset. No customer support can recover a lost private key. This is the fundamental responsibility of self-custody.

A public key is derived mathematically from the private key but cannot be used to reverse-engineer it. The wallet address visible on a blockchain (e.g., 0x1a2b...) is typically a hashed form of the public key. It is safe to share publicly — it is how others send you assets.

A seed phrase (also called a recovery phrase or mnemonic) is a sequence of 12 or 24 ordinary words that encodes a wallet's private key in human-readable form. It is generated when a wallet is created and can regenerate the wallet and all its associated addresses on any compatible application.

The seed phrase is the master key to everything in a wallet. Write it on paper, store it physically secure, and never share it with anyone — ever. No legitimate service, support team, or protocol will ever ask for it.

Self-custody means holding your own private key — and therefore having direct, unmediated control of your assets. A self-custodied wallet cannot be frozen, seized, or restricted by any third party. The contrast is a custodial account (e.g., a centralized exchange) where the platform holds your keys and you hold a claim against them.

"Not your keys, not your coins" is the practical expression of this principle. Self-custody is the prerequisite for genuine participation in DeFi.

Gas is the unit measuring the computational work required to execute a transaction or smart contract on a blockchain. Every operation — sending tokens, interacting with a protocol, minting an NFT — consumes a specific amount of gas. Users pay gas fees in the blockchain's native token (ETH on Ethereum, SOL on Solana, BNB on BNB Chain) to compensate validators for processing their transactions.

Gas prices fluctuate with network demand. During periods of high activity, gas fees can be significant on Ethereum mainnet. Layer 2 networks and alternative chains like Solana and BNB Chain offer dramatically lower fees.

Proof of Work is a consensus mechanism in which nodes (miners) compete to solve computationally expensive mathematical puzzles. The winner adds the next block and receives a block reward. Bitcoin uses PoW. The security of PoW comes from its energy cost: attacking the network requires controlling more than 50% of its total computational power, which is prohibitively expensive at scale.

Proof of Stake is a consensus mechanism in which validators lock up (stake) cryptocurrency as collateral to participate in block production. Validators are selected to propose and attest to blocks in proportion to their stake. Ethereum, Solana, and BNB Chain all use variants of PoS. It requires far less energy than Proof of Work and enables higher transaction throughput.

A Layer 1 is a base blockchain that processes and finalizes transactions directly on its own network. Ethereum, Bitcoin, Solana, and BNB Chain are Layer 1 blockchains. They provide the security and finality that Layer 2 networks rely on. L1 transactions are the ultimate source of truth.

A Layer 2 is a network built on top of a Layer 1 blockchain that processes transactions off the main chain to increase speed and reduce fees, while ultimately settling on the L1 for security. Arbitrum, Optimism, and Base are Ethereum Layer 2 networks. Transactions on L2s cost a fraction of Ethereum mainnet gas while inheriting Ethereum's security guarantees.

The EVM is the runtime environment in which Ethereum smart contracts execute. It defines a standard set of operations that every Ethereum node runs identically, ensuring that a given contract produces the same output on every machine. Many other blockchains (BNB Chain, Polygon, Avalanche, Arbitrum) are "EVM-compatible," meaning they can run the same smart contracts as Ethereum with minimal modification.

A block explorer is a web interface that provides human-readable access to blockchain data. Etherscan (Ethereum), Solscan (Solana), and BscScan (BNB Chain) are the primary block explorers for their respective networks. Every transaction, wallet balance, smart contract, and token transfer is publicly visible and searchable. Block explorers are essential for verifying on-chain claims about protocols, checking wallet activity, and reading smart contract source code.

A transaction hash is a unique identifier assigned to every blockchain transaction. It is a 64-character hexadecimal string generated by hashing the transaction data. Entering a TxHash into a block explorer displays the full details of the transaction: sender, recipient, amount, gas used, timestamp, and confirmation status. It is the receipt of a blockchain transaction.

The mempool is the queue of unconfirmed transactions waiting to be included in a block. When you submit a transaction, it enters the mempool and remains there until a validator includes it in a block. Transactions with higher gas fees are typically prioritized. The public visibility of the mempool is what enables MEV strategies like sandwich attacks — bots monitor pending transactions and insert their own before and after target transactions.

In the context of wallets, a nonce is a sequential transaction counter. Each transaction from a wallet increments the nonce by one. This prevents replay attacks (resubmitting the same transaction) and ensures transactions are processed in order. If you have a pending transaction stuck in the mempool, you can replace it by sending a new transaction with the same nonce but a higher gas price.

A wallet address is the public identifier for a blockchain account — the string of characters you share to receive assets. On Ethereum and EVM chains, addresses begin with "0x" and are 42 characters long. On Solana, addresses are base58-encoded strings of approximately 44 characters. An address is derived from the public key and is safe to share publicly.

A digital signature is a cryptographic proof that a transaction was authorized by the holder of a specific private key. When you "confirm" a transaction in MetaMask or Phantom, you are signing it with your private key. The signature proves authorization without revealing the key itself. Signatures are verified by the network before any transaction is processed.

A fork is a change to a blockchain's protocol rules. A soft fork is backward-compatible: nodes running the old software can still validate new blocks. A hard fork is not backward-compatible: it creates a permanent divergence in the chain. Nodes that do not upgrade continue on the old chain while upgraded nodes follow the new rules. Notable hard forks include the Ethereum / Ethereum Classic split (2016) and Bitcoin / Bitcoin Cash (2017).

Immutability refers to the property that once data is recorded on a blockchain, it cannot be altered or deleted. This applies to transactions (confirmed transactions are permanent) and to smart contracts (an immutable contract cannot be modified after deployment). Immutability is the technical basis for trustless systems: if the contract cannot change, its rules cannot be broken after the fact by any party, including its creator.

Decentralization means distributing control across many independent participants rather than concentrating it in a single entity. In blockchain, decentralization operates at three levels: architectural (nodes distributed globally), political (no single organization controls the protocol), and logical (one shared state, verified identically by all nodes). True decentralization resists censorship, single points of failure, and coercive control. Most DeFi protocols sit somewhere on a spectrum rather than being fully decentralized.

"Trustless" does not mean no trust is required — it means trust in any specific individual or institution is not required. Instead, participants verify the rules directly via open-source code and on-chain data. A trustless protocol behaves identically for all participants, regardless of who they are, because the rules are enforced by mathematics rather than by a company's policies.

A permissionless system allows anyone to participate without requiring approval from a gatekeeper. Public blockchains are permissionless: anyone can create a wallet, deploy a smart contract, or interact with a protocol without asking anyone's permission. This is in contrast to permissioned blockchains (used in enterprise settings) where participants must be approved.

A token is a digital asset created and managed by a smart contract on a blockchain. Tokens are distinct from the blockchain's native coin (ETH, SOL, BNB): they are issued by individual projects or protocols and governed by their own contract logic. The ERC-20 standard (Ethereum) and SPL standard (Solana) define the most common token formats. Tokens can represent ownership, governance rights, collateral, or entirely new financial instruments.

A coin is the native asset of a blockchain — ETH on Ethereum, SOL on Solana, BNB on BNB Chain, BTC on Bitcoin. Coins are used to pay transaction fees (gas) and to participate in consensus through staking. Unlike tokens, coins are built into the protocol itself rather than created by a smart contract.

A stablecoin is a token designed to maintain a stable value relative to a reference asset, typically the US dollar. The three main types are: fiat-backed (USDC, USDT — backed 1:1 by USD held in bank accounts), crypto-backed (DAI — overcollateralized with crypto assets, managed by smart contracts), and algorithmic (peg maintained by token supply mechanics without direct collateral — historically fragile, as demonstrated by the UST/LUNA collapse in 2022).

Stablecoins are the primary medium of exchange and yield generation in DeFi. Their stability allows participants to hold value and earn yield without directional crypto exposure.

A governance token grants holders the right to vote on protocol decisions — fee changes, treasury allocations, new features, risk parameters. Governance tokens are the mechanism by which DeFi protocols decentralize decision-making to their communities. The value of a governance token is tied to the perceived value of controlling the protocol it governs. Many governance tokens also receive a share of protocol revenue when staked.

An LP token is issued to liquidity providers when they deposit assets into a liquidity pool on a DEX. It represents the provider's proportional share of the pool and accrues trading fees over time. Returning the LP token to the pool redeems the underlying assets plus accumulated fees. LP tokens can also be staked in yield farms to earn additional rewards, a practice known as "liquidity mining."

A wrapped token is a token on one blockchain that represents an asset from another blockchain, pegged 1:1 to the original. WBTC (Wrapped Bitcoin) is an ERC-20 token on Ethereum backed by actual BTC. WETH (Wrapped ETH) is an ERC-20 version of ETH that conforms to the token standard required by most DeFi protocols. Wrapping enables assets from one chain to be used on another, though it introduces custodial or bridge risk depending on the wrapping mechanism.

An ALM token is a structurally distinct category of DeFi asset in which the token price increases with every transaction — both on buy and on sell — as a mathematically provable property of the smart contract's fee and reserve mechanics. This behavior is not market-driven: it is encoded in the contract logic and cannot be altered by any party.

The mechanism works as follows: every transaction (buy or sell) carries a fee, a portion of which is permanently retained in the liquidity pool. Because the pool grows with each transaction while the circulating supply adjusts proportionally, the backing per token increases deterministically. The price cannot fall due to sentiment, macro conditions, or selling pressure. The primary risks specific to this structure are stagnation in low-activity periods and fee cost on early exits.

The ALM category was developed and named by the UpOnly team. UpOnly UP/USDC is the first and currently only ALM token. White & TT is the first research desk globally to formally cover ALM Assets as a dedicated sub-category.

ERC-20 is the technical standard for fungible tokens on Ethereum and EVM-compatible chains. It defines a common set of functions (transfer, approve, allowance, balanceOf) that all compliant tokens implement. This standardization allows any ERC-20 token to interact with any protocol that supports the standard — wallets, DEXs, lending protocols — without custom integration for each token.

SPL (Solana Program Library) is the token standard on the Solana blockchain, equivalent to ERC-20 on Ethereum. USDC, USDT, and most DeFi tokens on Solana are SPL tokens. SPL tokens benefit from Solana's high throughput and sub-cent transaction fees.

A utility token grants access to a product or service within a specific ecosystem. Unlike governance tokens (which grant voting rights) or security tokens (which represent ownership stakes), utility tokens are designed to be used rather than held. Examples include tokens that pay for computation on a network or unlock features on a platform.

An NFT is a token representing ownership of a unique item — no two NFTs are identical, unlike fungible tokens (where one USDC equals any other USDC). NFTs can represent digital art, in-game items, domain names, or real-world asset ownership. They are primarily built on ERC-721 (Ethereum) or Metaplex (Solana) standards. The NFT market experienced explosive growth in 2021 and significant contraction thereafter.

Tokenomics describes the economic design of a token: its total supply, distribution schedule, emission rate, vesting cliffs for team and investor allocations, and mechanisms for value accrual or burning. Tokenomics analysis is a core component of evaluating a DeFi project. Key red flags include: team allocations that vest quickly, emission schedules that dilute holders aggressively, and yield that is funded entirely by token inflation rather than protocol revenue.

Total supply is all tokens currently in existence. Maximum supply is the hard cap on tokens that will ever exist (Bitcoin: 21 million). Circulating supply is the number of tokens currently tradeable in the market, excluding locked, vested, or reserved allocations. Market capitalization is calculated as circulating supply × price. Fully diluted valuation (FDV) uses maximum supply × price, revealing what the market cap would be if all tokens were circulating — often much higher than the current market cap.

Token vesting is a schedule that restricts when allocated tokens can be sold or transferred. Team tokens and investor tokens typically vest over 2-4 years with a 1-year cliff (no tokens available until one year has passed, then linear release). Vesting is designed to align long-term incentives. When analyzing a project, check when large vesting cliffs occur — a large team allocation unlocking creates significant sell pressure.

An airdrop is the distribution of tokens to wallet addresses, typically as a reward for early protocol usage, community participation, or as a launch mechanism. Uniswap's UNI airdrop (2020) distributed tokens to all past users of the protocol. Airdrops can be valuable but also generate significant sell pressure immediately after claim as recipients sell their free tokens.

A token burn is the permanent removal of tokens from circulation by sending them to an address with no known private key (a "burn address"). Burns reduce total supply and, all else equal, increase the value of remaining tokens. Some protocols burn a portion of their fees automatically. Ethereum burns a base fee with every transaction since EIP-1559, making ETH deflationary during periods of high activity.

A yield-bearing token is a wrapper around a yield-generating position that automatically compounds returns. Holding the token is equivalent to holding the underlying position. Examples include aTokens (Aave), cTokens (Compound), and various liquid staking tokens. The token's value appreciates against the underlying asset over time as yield accrues.

A Real World Asset token is an on-chain representation of an asset that exists outside the blockchain — government bonds, private credit, real estate, commodities. Tokenized US Treasuries (Ondo Finance, BlackRock BUIDL) are the largest RWA category by value. RWA protocols bridge traditional finance and DeFi, offering real-world yield without leaving the on-chain ecosystem. They carry different risk profiles than pure DeFi: smart contract risk is lower, but counterparty and regulatory risk from the off-chain issuer becomes relevant.

A pegged asset is any token designed to maintain a 1:1 value relationship with another asset. Stablecoins are pegged to fiat currencies. Wrapped tokens are pegged to their underlying assets. The stability of a peg depends on the mechanism maintaining it. Algorithmic pegs have historically been the most fragile; collateral-backed pegs the most robust.

A Liquid Staking Token is issued by a liquid staking protocol (e.g., Lido's stETH) in exchange for staked ETH. It represents the staked position plus accumulated staking rewards, and unlike directly staked ETH, it can be freely transferred and used in DeFi protocols. This solves the liquidity problem of native staking, where tokens are locked for the staking period. LSTs introduce smart contract risk and a dependency on the liquid staking protocol's continued operation.

A synthetic asset is an on-chain token that tracks the price of another asset (stocks, commodities, indices, other crypto) without the holder ever owning the underlying asset. Synthetix is the primary synthetic asset protocol on Ethereum. Synthetics are created by depositing collateral and minting a token that follows the target asset's price via oracles. They offer exposure to assets unavailable on-chain but introduce oracle dependency and collateral risk.

DeFi refers to financial services built on public blockchains using smart contracts, operating without intermediaries. Lending, borrowing, trading, earning yield, and transferring value — all governed by code rather than institutions. DeFi protocols are permissionless (anyone can use them), transparent (all transactions are on-chain), and non-custodial (users retain control of their assets). DeFi is not the same as crypto speculation; it is infrastructure for a parallel financial system.

A DEX is a trading venue that operates entirely on-chain via smart contracts, without a central operator controlling order matching or custody. Users trade directly from their wallets. No account is required. No KYC. No counterparty holds your assets. Uniswap (Ethereum), Raydium (Solana), and PancakeSwap (BNB Chain) are major DEXs. Most modern DEXs use the AMM model rather than a traditional order book.

An AMM is a smart contract that holds two or more assets in a pool and prices them algorithmically rather than via a traditional order book. The most common formula is the constant product: x × y = k, where x and y are the quantities of two tokens and k is a constant. Every trade changes the ratio of assets in the pool, automatically adjusting price. Traders pay a fee (typically 0.1-0.3%) which is distributed to liquidity providers.

A liquidity pool is a smart contract holding reserves of two or more tokens, enabling decentralized trading via an AMM. Liquidity providers deposit equal values of both tokens into the pool and receive LP tokens in return. Traders swap against the pool's reserves rather than against other traders. The pool earns trading fees, which accrue to liquidity providers proportional to their share.

A lending protocol enables users to deposit assets to earn interest (lenders) or borrow assets by providing collateral (borrowers). All borrowing is overcollateralized — borrowers must deposit more value than they borrow. Interest rates adjust dynamically based on utilization. Aave and Compound are the dominant lending protocols on Ethereum; Solend operates on Solana. The interest paid by borrowers funds the yield earned by lenders.

Overcollateralization means a borrower must deposit more value than they borrow. If you want to borrow $500 of USDC on Aave, you might need to deposit $750 of ETH as collateral. This removes credit risk from the equation: the protocol can always liquidate the collateral to repay the loan, regardless of whether the borrower is creditworthy. It is the mechanism that makes trustless lending possible.

The collateral ratio (or Loan-to-Value ratio) is the proportion of borrowed value to deposited collateral. A 75% LTV means you can borrow up to $75 for every $100 of collateral. If your collateral value falls and the LTV approaches the liquidation threshold, your position is at risk of liquidation. Maintaining a healthy buffer below the liquidation threshold is essential risk management for borrowers.

Yield farming is the practice of deploying crypto assets across DeFi protocols to maximize returns, often combining LP fees, lending interest, and governance token rewards. When yield farming rewards include the protocol's own token (liquidity mining), the yield is partially funded by token inflation. Separating the real yield component (fees, interest) from the inflationary component (token rewards) is essential for evaluating whether a farming opportunity is sustainable.

Staking has three distinct meanings in DeFi: (1) Network staking: locking tokens to participate in blockchain consensus and earn block rewards. (2) Protocol staking: locking a protocol's token to earn a share of protocol revenue. (3) Liquid staking: staking via a protocol that issues a liquid token in return, maintaining liquidity while earning staking yield. Each type has a different risk profile and yield source.

TVL is the total value of assets deposited in a DeFi protocol, measured in USD. It is the most commonly used metric for protocol size and adoption. However, TVL alone is a poor indicator of quality — inflated TVL can result from mercenary capital chasing high token emissions. More informative is TVL in combination with protocol revenue (the volume-to-TVL ratio for DEXs, the utilization rate for lending protocols).

APY is the annualized return including compound interest. APR (Annual Percentage Rate) is the annualized return without compounding. A position earning 1% per month has an APR of 12% and an APY of approximately 12.68% (with monthly compounding). DeFi protocols often advertise APY, which overstates returns relative to APR. Always verify whether advertised rates include inflationary token rewards and whether those rewards have a clear sell pressure profile.

An oracle is a system that feeds external data (price feeds, event outcomes, exchange rates) into smart contracts, which by design cannot access information outside their blockchain. DeFi protocols rely heavily on price oracles for liquidations, collateral valuation, and derivatives settlement. Chainlink and Pyth are the dominant oracle networks. Oracle manipulation — exploiting a protocol's reliance on a manipulable price source — is a common attack vector in DeFi.

A DAO is an organization governed by smart contracts and token-holder votes rather than a traditional corporate structure. Governance proposals are submitted on-chain, token holders vote, and approved changes are executed automatically. Most major DeFi protocols (Uniswap, Aave, Compound) are governed by DAOs. In practice, voter participation is often low and large token holders have disproportionate influence, leading to debates about how decentralized DAO governance actually is.

Protocol revenue is the fees generated by a DeFi protocol from actual usage — trading fees on a DEX, interest spread on a lending protocol, liquidation fees. This is distinct from token emissions paid to attract capital. "Real yield" is yield funded entirely by protocol revenue rather than by token inflation. Protocols with high real yield relative to TVL are generating genuine economic value; those relying primarily on emissions are subsidizing users at the expense of token holders.

A centralized exchange is a traditional crypto trading platform operated by a company (Coinbase, Binance, Kraken). CEXs are custodial: they hold your assets and you hold a claim against them. They offer familiar UX, fiat on-ramps, and deep liquidity but introduce counterparty risk — accounts can be frozen, platforms can be hacked, and companies can fail. FTX's collapse in 2022 is the most significant example of CEX counterparty risk materializing.

A DEX aggregator routes trades across multiple DEXs to find the best price for a given swap. Instead of checking Uniswap, Curve, and Balancer manually, an aggregator (1inch, Paraswap, Jupiter on Solana) splits orders optimally across venues. Aggregators typically reduce slippage and improve execution for larger trades. They are non-custodial: trades execute directly from your wallet.

A bridge is a protocol that enables assets to move between different blockchains. The typical mechanism locks assets on the source chain and mints representative tokens on the destination chain. Bridges represent the highest-risk infrastructure in DeFi by historical loss: the Ronin Bridge ($625M), Wormhole ($320M), and Nomad ($190M) exploits are the three largest DeFi losses on record. Bridge risk should be treated with extreme caution.

Concentrated liquidity, introduced by Uniswap v3, allows LPs to provide liquidity within a specific price range rather than across all possible prices. Capital within the active range earns significantly more fees per dollar deployed. Capital outside the active range earns nothing. This increases capital efficiency dramatically but requires active management — if the price moves outside the range, the LP stops earning and is left holding only the depreciated asset.

Perpetual futures are derivative contracts that track an asset's price without an expiry date. Unlike traditional futures, they never settle — positions can be held indefinitely. A funding rate mechanism (periodic payments between long and short holders) keeps the perpetual price close to the spot price. GMX (Arbitrum), dYdX, and Hyperliquid are major on-chain perpetuals protocols. They allow leveraged directional positions without holding the underlying asset.

In perpetual futures markets, the funding rate is a periodic payment exchanged between long and short positions to keep the perpetual price anchored to the spot price. When the perpetual trades above spot (bullish sentiment), longs pay shorts. When it trades below spot, shorts pay longs. A consistently positive funding rate indicates bullish market positioning and generates yield for short positions. Monitoring funding rates provides signals about market sentiment.

A multisig wallet requires multiple private key signatures to authorize a transaction. A 3-of-5 multisig requires any 3 of 5 designated signers to approve before execution. Multisigs are used by protocols and teams to secure treasury funds and admin keys, reducing the risk of a single compromised or malicious key draining funds. When evaluating a protocol, a multisig admin key is meaningfully better than a single-signer key — but the quality depends on the signer set and their independence.

Slippage is the difference between the expected price of a trade and the actual execution price. In AMMs, larger trades relative to pool size cause more slippage because they shift the pool's asset ratio significantly. Slippage tolerance is a setting that defines the maximum acceptable deviation — a 1% tolerance means the trade reverts if slippage exceeds 1%. High slippage tolerances make transactions vulnerable to sandwich attacks.

Price impact is the change in market price caused by a specific trade. In a liquidity pool, a large buy moves the price up; a large sell moves it down. Price impact is a function of trade size relative to pool liquidity. Deep pools have lower price impact for a given trade size. DEX interfaces display estimated price impact before execution — high price impact (above 2-3%) indicates thin liquidity and poor execution conditions.

In lending protocols, the utilization rate is the proportion of deposited assets that are currently borrowed. A 75% utilization rate means 75% of all deposited USDC has been borrowed. Utilization drives interest rates: higher utilization means higher rates for borrowers (and higher yield for lenders) to attract more supply and discourage more borrowing. Protocols design their rate curves to target an optimal utilization range, typically 70-90%.

On Solana, a Program Derived Address is a special account address derived deterministically from a program's address and specific seeds. PDAs have no private key — they can only sign transactions when invoked by the program that owns them. This is a core security mechanism: funds held in a PDA can only move according to the program's logic, not by any external wallet. It is the Solana equivalent of a contract-controlled address in Ethereum.

On Solana, a Cross-Program Invocation is when one program calls another program's instruction from within a transaction. DeFi protocols use CPIs to interact with the SPL Token program (for transfers and mints). CPIs can be executed with PDA signing (the calling program's PDA acts as a signer), enabling secure, permissioned interactions between programs. Understanding CPI patterns is important for evaluating Solana smart contract security.

Impermanent loss is the difference in value between holding tokens in an AMM liquidity pool versus holding them in a wallet. When the price ratio of the two pool tokens changes, the AMM rebalances toward the cheaper token. If you withdraw when prices have diverged significantly from deposit time, you receive less value than if you had simply held both tokens. The loss is "impermanent" because it reverses if prices return to their original ratio — but in practice, prices rarely do.

Impermanent loss increases with price divergence. A 2x price change between the two tokens results in approximately 5.7% IL. A 5x change results in approximately 25% IL. Stablecoin-to-stablecoin pools have negligible IL because prices barely diverge.

Liquidation in DeFi occurs when a borrower's collateral value falls below the protocol's liquidation threshold. The protocol automatically sells the collateral to repay the outstanding loan, typically at a discount to incentivize liquidators. The borrower loses their collateral (minus any remaining value after repayment). Borrowers who do not monitor positions during volatile markets are at risk of unexpected liquidation. Maintaining a significant buffer above the liquidation threshold is essential risk management.

A rug pull is a type of exit scam in which the team behind a DeFi project drains liquidity, abandons the project, and disappears with user funds. The term comes from "pulling the rug out from under" investors. Rug pulls typically involve one or more of: minting new tokens to dilute holders, withdrawing liquidity from pools, exploiting an admin key to transfer funds. Most rug pulls could be prevented by basic due diligence: checking contract immutability, team track record, and audit status.

A flash loan is an uncollateralized loan that must be borrowed and repaid within the same blockchain transaction. If the borrower does not repay within the transaction, the entire transaction reverts as if it never happened. Flash loans are legitimate tools for arbitrage and collateral swaps but are also used as attack vectors: an attacker borrows a large sum, manipulates a price-sensitive protocol, extracts profit, and repays the loan — all in one atomic transaction. The net cost to the attacker is only transaction fees.

MEV is the profit that validators and specialized bots can extract by controlling the ordering of transactions within a block. The most common forms affecting retail users are: sandwich attacks (buying before a pending large trade, selling after it), arbitrage (exploiting price discrepancies across venues), and liquidations (competing to liquidate undercollateralized positions for the liquidation bonus). MEV is a structural feature of public mempools. Protection options include MEV-resistant RPC endpoints and low slippage tolerance settings.

A sandwich attack is a form of MEV in which a bot detects a pending large DEX trade in the mempool, inserts a buy order immediately before it (front-running, pushing the price up) and a sell order immediately after it (back-running, pushing the price back down). The victim executes their trade at a worse price; the bot profits from the price movement it caused. Setting a low slippage tolerance (0.5-1%) on liquid pairs reduces sandwich attack profitability.

A reentrancy attack exploits a contract that calls an external contract before updating its own state. The external contract recursively calls back into the vulnerable contract before the original execution completes, allowing repeated withdrawals from a single deposit. The 2016 DAO hack ($60M at the time) used reentrancy and triggered the Ethereum/Ethereum Classic fork. Modern contracts prevent this with reentrancy guards and the Checks-Effects-Interactions (CEI) pattern. Audit reports should specifically test for reentrancy.

Oracle manipulation is an attack in which a malicious actor artificially moves the price feed a protocol relies on, then exploits the protocol under manipulated conditions. Protocols using on-chain spot prices from low-liquidity pools as their price source are especially vulnerable — a flash loan can temporarily move the spot price dramatically. Protocols using time-weighted average prices (TWAP) or decentralized oracle networks (Chainlink, Pyth) are significantly more resistant to this class of attack.

Smart contract risk is the possibility that a bug or design flaw in a protocol's code allows funds to be drained or the protocol to behave unintentionally. Unlike counterparty risk (where a human actor is malicious), smart contract risk can result from entirely honest mistakes. Audits reduce but do not eliminate this risk. Key mitigants: reputable audit by a known firm with all critical findings resolved, long operational history without incident, bug bounty programs, and simple contract architecture (complexity increases attack surface).

Counterparty risk is the risk that a party you depend on (a team, a platform, a service provider) acts maliciously or fails. In DeFi, this manifests as rug pulls, admin key abuse, exchange insolvency (FTX), and protocol abandonment. The key counterparty risk mitigation in DeFi is contract immutability and the absence of admin keys with privileged access to funds. If no party can override the contract, there is no counterparty to fail.

A security audit is a review of a smart contract's code by an independent security firm, testing for known vulnerability patterns. Reputable audit firms include CertiK, Trail of Bits, Halborn, OtterSec, and Zellic. An audit finding "no critical issues" is meaningful — but an audit is a snapshot in time, does not cover code changes after the review, and does not guarantee economic security. Always check the actual audit report, not just the badge. Unresolved critical findings are a clear red flag.

An admin key is a privileged private key that can modify a smart contract's parameters or withdraw funds. Its existence is one of the most important security considerations when evaluating a protocol. A single admin key with unilateral withdrawal access is a direct rug pull vector. Better alternatives include: multisig admin keys (requiring multiple signers), timelocks (delaying changes to give users time to exit), and fully immutable contracts with no admin key at all.

On Solana, an upgrade authority is a wallet that retains the ability to replace a program's entire bytecode with a new version. A program with an active upgrade authority is not immutable: the authority holder can change any logic in the contract at any time. Revoking the upgrade authority permanently removes this ability, making the program truly immutable. White & TT's security analysis of UpOnly's Mainnet deployment identified an active upgrade authority as its most significant finding, recommending revocation to align on-chain reality with documentation claims.

A timelock is a mechanism that delays the execution of privileged contract actions by a defined period (commonly 24-72 hours or longer). If a protocol's admin key submits a change, the timelock broadcasts it publicly before it takes effect, giving users time to review the change and withdraw if they object. Timelocks significantly improve security relative to immediate admin key execution, but they do not eliminate admin key risk — they only delay it.

Phishing in crypto refers to attempts to trick users into revealing their seed phrase or signing a malicious transaction. Common vectors include: fake wallet websites with URLs nearly identical to legitimate ones, Discord/Telegram messages claiming your wallet is "compromised" and asking you to verify, and malicious dApp interfaces that request token approvals or signatures that drain wallets. Rule: no legitimate service ever asks for your seed phrase. Always verify URLs independently before connecting your wallet.

A token approval is a permission you grant a smart contract to spend a specific amount (or unlimited amount) of tokens from your wallet. Approvals are required before many DeFi interactions. Unlimited approvals are a risk vector: if the approved protocol is later exploited or turned malicious, it can drain your entire balance of the approved token. Best practice is to revoke unused approvals regularly using tools like Revoke.cash or Etherscan's token approval manager.

Slashing is a penalty mechanism in Proof-of-Stake networks that destroys a portion of a validator's staked tokens as punishment for provably malicious behavior (signing conflicting blocks) or severe negligence (extended downtime). Slashing risk is relevant for participants who run their own validators. Liquid staking protocols (Lido, Rocket Pool) distribute slashing risk across all stakers but also absorb the impact collectively.

A honeypot token is a scam in which a contract is designed to allow buying but not selling. The token price appears to rise, attracting buyers who discover they cannot exit. The scam is implemented by adding restrictions to the sell function in the contract. Honeypots are identifiable by checking contract source code — unverified contracts on block explorers should be treated with extreme suspicion, especially new tokens with rapidly rising prices.

A death spiral describes a feedback loop in which declining confidence in a system triggers selling, which causes further price decline, which triggers more selling — a self-reinforcing collapse. The Terra/LUNA/UST collapse (May 2022) is the most significant example: UST depeg triggered LUNA minting, LUNA's supply expansion drove its price down, reducing UST's backing, accelerating further depeg. Algorithmic stablecoin designs that rely on reflexive mechanisms are particularly susceptible to death spirals.

AML (Anti-Money Laundering) refers to regulatory requirements to detect and prevent illegal financial flows. KYC (Know Your Customer) refers to identity verification requirements for financial service providers. Centralized exchanges are legally required to implement both. DeFi protocols operating without a central entity exist in a regulatory gray area, though the regulatory landscape is evolving rapidly. MiCA (EU) and various US frameworks are extending compliance requirements further into the DeFi space.

MiCA is the European Union's comprehensive crypto regulatory framework, fully applicable from 2024. It requires crypto asset service providers (CASPs) operating in the EU to be licensed, sets standards for stablecoin issuers, and mandates consumer disclosures. MiCA is the most comprehensive crypto regulatory framework in the world and is being used as a reference model by regulators in other jurisdictions. Its impact on DeFi protocols operating without a legal entity in the EU is still evolving.

On-chain data analysis involves reading blockchain data directly to derive insights unavailable from price charts or market data alone. Key signals include: wallet activity of known institutional or "smart money" addresses, protocol TVL trends, token holder distribution, liquidity migration patterns, and governance participation rates. Tools like Dune Analytics, Nansen, and Arkham Intelligence surface this data. On-chain analysis is one of the most powerful information edges available in DeFi, as it reflects actual economic behavior rather than narratives.

TWAP is a price calculation method that averages a token's price over a defined time window, rather than using the current spot price. Because TWAP reflects prices over time, it is significantly harder to manipulate via flash loans than spot pricing — a flash loan can move spot price within one block but cannot retroactively change the historical average. Most well-designed DeFi protocols use TWAP or external oracle networks (Chainlink) for price-sensitive operations.

EIP-1559 is the Ethereum Improvement Proposal (implemented August 2021) that redesigned Ethereum's fee market. Instead of a pure auction mechanism, EIP-1559 introduced a base fee (burned, destroying ETH permanently) plus a priority tip (paid to validators). During periods of high network activity, the base fee rises and more ETH is burned than issued, making ETH deflationary. This fundamentally changed ETH's monetary policy and is considered a positive catalyst for its long-term value proposition.

Proof of Reserves is a cryptographic attestation that a custodian holds the assets they claim. It typically uses a Merkle tree to prove individual account balances sum to the claimed total, while a third-party auditor verifies the on-chain holdings. The FTX collapse (2022) highlighted the inadequacy of unverified claims — FTX falsified its holdings. A robust proof of reserves prevents custodians from using customer funds covertly, but it must be performed regularly by independent auditors to be meaningful.

Some protocols (Bancor, others) have offered impermanent loss protection — a guarantee to compensate LPs for IL after a qualifying holding period. In practice, these programs have historically been funded by token emissions rather than protocol revenue, making them unsustainable during bear markets. Bancor paused its ILP program in 2022 under stress conditions. ILP claims should be evaluated carefully for their funding mechanism before being treated as genuine insurance.

An atomic transaction either executes completely or reverts entirely — there is no partial execution. This is fundamental to DeFi security: a flash loan that cannot be repaid causes the entire transaction to revert as if it never happened. Multi-step operations (swap + deposit + borrow) executed in a single transaction are atomic — if any step fails, all steps revert. This eliminates counterparty risk within a transaction but requires careful sequencing of operations.

A zero-knowledge proof is a cryptographic method by which one party can prove a statement is true without revealing any information beyond the truth of the statement itself. In blockchain, ZK proofs enable scalability (ZK-rollups process many transactions off-chain and submit a single validity proof on-chain) and privacy (proving you own sufficient funds without revealing your balance). ZK technology is one of the most significant active research areas in blockchain infrastructure.

A rollup is a Layer 2 scaling solution that processes transactions off the Ethereum mainchain and batches them into a single proof submitted on-chain. Optimistic rollups (Arbitrum, Optimism, Base) assume transactions are valid and use a fraud proof window for disputes. ZK-rollups (zkSync, Starknet) submit a cryptographic validity proof with each batch, offering faster finality. Both reduce fees by orders of magnitude while inheriting Ethereum's security.

The MEV supply chain describes the infrastructure that has developed around MEV extraction. Searchers are bots that identify profitable MEV opportunities (arbitrage, liquidations, sandwich attacks). Builders aggregate searcher bundles and construct optimal blocks for maximum MEV revenue. Validators select the most profitable block from builders. This has led to a professionalization of MEV extraction and significant centralization pressure on block production, as large builder operations capture disproportionate MEV.

Restaking (pioneered by EigenLayer on Ethereum) allows already-staked ETH to be used simultaneously as collateral for additional protocols, extending Ethereum's security to new services. Restakers earn additional yield from the protocols they secure but also take on additional slashing conditions — if any restaked service they validate behaves maliciously, they can be slashed. Restaking multiplies yield but also multiplies slashing risk surface, a tradeoff that requires careful evaluation.

Intent-based trading (used by CoW Protocol, UniswapX) allows users to specify the outcome they want (e.g., "I want at least $995 USDC for my 0.5 ETH") rather than the specific transaction path. Specialized solvers compete to fulfill the intent optimally, often achieving better prices than AMM routing and providing MEV protection by keeping the transaction out of the public mempool until execution. This is a significant architectural shift from the traditional AMM model and represents the direction of DeFi trading infrastructure evolution.

Account abstraction (ERC-4337 on Ethereum) allows wallets to be smart contracts rather than externally owned accounts (EOAs) controlled by private keys. This enables: social recovery (recover a wallet using trusted contacts instead of seed phrase), gasless transactions (a third party sponsors gas costs), batch transactions (multiple operations in one), and programmable spending limits. Account abstraction is expected to significantly improve DeFi's user experience and security, making seed phrase management less critical.