# Chapter 17: DeFi (Decentralized Finance)

---

Decentralized Finance, or **DeFi**, represents one of the most transformative innovations enabled by blockchain technology. It aims to recreate traditional financial systems—like lending, borrowing, trading, and earning interest—without centralized intermediaries such as banks, brokers, or exchanges. Instead, DeFi relies on smart contracts, open protocols, and transparent, permissionless networks.

In this chapter, we'll explore the core components of DeFi, understand how they work under the hood, and even build simplified versions of key DeFi primitives. By the end, you'll have a solid foundation to navigate and contribute to the DeFi ecosystem.

---

## 17.1 Introduction to DeFi

### 17.1.1 What is DeFi?

DeFi is an umbrella term for financial applications built on blockchain networks, primarily Ethereum, that operate without central authorities. These applications are:

- **Permissionless**: Anyone with an internet connection and a crypto wallet can access them.
- **Transparent**: All transactions and code are publicly visible on the blockchain.
- **Interoperable**: Protocols can be composed like Lego bricks—for example, a lending platform can integrate with a decentralized exchange.
- **Non-custodial**: Users retain control of their funds at all times; smart contracts hold assets programmatically.

**Key pillars of DeFi:**
- **Decentralized Exchanges (DEXs)** – Trade tokens without an order book or central counterparty.
- **Lending & Borrowing** – Earn interest on deposits or take out collateralized loans.
- **Stablecoins** – Cryptocurrencies pegged to stable assets (like USD) to minimize volatility.
- **Derivatives & Synthetic Assets** – Tokenized versions of real-world assets or trading positions.
- **Yield Farming & Liquidity Mining** – Incentivize users to provide liquidity in exchange for rewards.

### 17.1.2 DeFi vs. Traditional Finance

```
┌────────────────────────────────┬────────────────────────────────┐
│    Traditional Finance         │          DeFi                  │
├────────────────────────────────┼────────────────────────────────┤
│ Centralized institutions       │ Decentralized protocols        │
│ (banks, brokers)               │ (smart contracts)              │
├────────────────────────────────┼────────────────────────────────┤
│ Intermediaries charge fees     │ Minimal fees (protocol + gas)  │
├────────────────────────────────┼────────────────────────────────┤
│ Limited operating hours        │ 24/7/365, global               │
├────────────────────────────────┼────────────────────────────────┤
│ Opaque processes, credit checks│ Transparent, open to anyone    │
├────────────────────────────────┼────────────────────────────────┤
│ Slow settlements (days)        │ Near-instant (blocks)          │
├────────────────────────────────┼────────────────────────────────┤
│ Requires identity verification │ Pseudonymous (wallet address)  │
├────────────────────────────────┼────────────────────────────────┤
│ Custodial (bank holds your $)  │ Non-custodial (you hold keys)  │
└────────────────────────────────┴────────────────────────────────┘
```

### 17.1.3 DeFi Ecosystem Overview

The DeFi landscape is vast and rapidly evolving. Major categories and protocols:

| Category | Description | Example Protocols |
|----------|-------------|-------------------|
| **DEX** | Swap tokens peer-to-pool | Uniswap, Curve, Balancer |
| **Lending** | Deposit assets to earn interest or borrow | Aave, Compound, Maker |
| **Stablecoins** | Price-stable cryptocurrencies | USDC (fiat-backed), DAI (crypto-backed), UST (historical algorithmic) |
| **Derivatives** | Synthetic assets, futures, options | Synthetix, dYdX |
| **Yield Aggregators** | Auto-compound yields | Yearn Finance, Convex |
| **Insurance** | Cover against smart contract failures | Nexus Mutual, InsurAce |
| **Oracles** | Provide real-world data to contracts | Chainlink, Tellor |

These protocols are often **composable**—for example, you can deposit DAI into Aave, use your aDAI as collateral to borrow USDC, then swap that USDC for more DAI on Uniswap, and deposit again, creating leverage.

---

## 17.2 Decentralized Exchanges (DEX)

Decentralized exchanges allow users to trade cryptocurrencies without a central order book or intermediary. There are two primary models: **order book DEXs** (like traditional exchanges) and **Automated Market Makers (AMMs)** (the DeFi standard).

### 17.2.1 Order Book Model

In an order book DEX, buyers and sellers place limit orders that are matched by a central server (off-chain) or on-chain. Examples: dYdX, Serum (on Solana). While order books provide familiar trading, they face scalability challenges on Ethereum due to high gas costs for order placement and cancellation. Most DeFi on Ethereum uses AMMs.

### 17.2.2 Automated Market Makers (AMM)

AMMs replace the order book with a **liquidity pool**—a smart contract that holds reserves of two or more tokens. Users (liquidity providers) deposit tokens into the pool and earn fees from trades. Trades are executed against the pool's reserves at prices determined by a mathematical formula.

**How a trade works:**
1. User wants to swap token A for token B.
2. They send token A to the pool contract.
3. The contract calculates how much token B to give based on the pool's reserves and the invariant formula.
4. The contract sends token B to the user.

```
┌─────────────────────────────────────────────────────────────┐
│                    UNISWAP-STYLE POOL                       │
│                                                             │
│   Reserves:                                                 │
│   ┌────────────┐          ┌────────────┐                   │
│   │   Token A  │          │   Token B  │                   │
│   │   x = 100  │          │   y = 200  │                   │
│   └────────────┘          └────────────┘                   │
│                                                             │
│   Invariant: x * y = k                                      │
│   k = 100 * 200 = 20,000                                    │
│                                                             │
│   User swaps 10 A: new x = 110                              │
│   new y = k / new x = 20,000 / 110 ≈ 181.82                │
│   User receives Δy = 200 - 181.82 = 18.18 B                 │
└─────────────────────────────────────────────────────────────┘
```

### 17.2.3 Constant Product Formula (x * y = k)

The most famous AMM formula, popularized by Uniswap, is the **constant product** formula. For a pool with reserves `x` of token X and `y` of token Y, the product `x * y` must remain constant after each trade (ignoring fees). This ensures that no matter how large the trade, the pool always has liquidity, but larger trades cause more price slippage.

**Derivation:**
- Before trade: `x * y = k`
- After trade: `(x + Δx) * (y - Δy) = k` (for selling X for Y)
- Solve for Δy: `Δy = y - k / (x + Δx)`

**Fees:** In practice, a small fee (e.g., 0.3%) is taken and added to the pool, slightly increasing k over time, rewarding liquidity providers.

### 17.2.4 Liquidity Pools

Liquidity providers (LPs) deposit an equivalent value of both tokens into a pool (e.g., 50% ETH, 50% DAI). They receive **LP tokens** representing their share of the pool. These LP tokens can be staked elsewhere to earn additional rewards.

**LP Risks:**
- **Impermanent Loss**: Loss relative to holding due to price divergence.
- **Smart contract risk**: Pool contract could be hacked.

### 17.2.5 Impermanent Loss

Impermanent loss occurs when the price of deposited assets changes compared to when they were deposited. The more the divergence, the greater the loss relative to simply holding.

**Example:**
- You deposit 1 ETH and 100 DAI into an ETH/DAI pool when 1 ETH = 100 DAI. Pool value = 200 DAI.
- ETH price doubles to 200 DAI. Arbitrageurs will buy ETH from the pool until the pool ratio reflects the new price. The pool's ETH reserves decrease, DAI reserves increase.
- If you withdraw now, you'll have less ETH and more DAI than you deposited. Compared to holding 1 ETH and 100 DAI (now worth 300 DAI), your LP position might be worth, say, 282 DAI. The 18 DAI difference is impermanent loss.
- It's "impermanent" because if prices return to original, the loss disappears. But if you withdraw, it becomes permanent.

**Formula:** Impermanent loss can be calculated as a function of the price ratio. For a price ratio `r` (new price / old price), the loss is:
```
IL = 2√r / (1+r) - 1
```
For r=2 (2x), IL ≈ 5.7%; for r=3, IL ≈ 13.4%; for r=1.25, IL ≈ 0.6%.

### 17.2.6 Building a Simple AMM

Let's implement a basic constant product AMM in Solidity. This contract will handle two tokens (token0 and token1), allow adding liquidity, swapping, and removing liquidity.

```solidity
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.19;

import "@openzeppelin/contracts/token/ERC20/IERC20.sol";

contract SimpleAMM {
    IERC20 public token0;
    IERC20 public token1;

    uint public reserve0;
    uint public reserve1;

    uint public totalSupply;
    mapping(address => uint) public balanceOf;

    event Mint(address indexed sender, uint amount0, uint amount1);
    event Burn(address indexed sender, uint amount0, uint amount1);
    event Swap(address indexed sender, uint amount0In, uint amount1In, uint amount0Out, uint amount1Out);

    constructor(address _token0, address _token1) {
        token0 = IERC20(_token0);
        token1 = IERC20(_token1);
    }

    // Update reserves (call after any transfer)
    function _update(uint _res0, uint _res1) private {
        reserve0 = _res0;
        reserve1 = _res1;
    }

    // Mint LP tokens for adding liquidity
    function mint(uint amount0, uint amount1) external returns (uint liquidity) {
        // Transfer tokens from user to contract
        token0.transferFrom(msg.sender, address(this), amount0);
        token1.transferFrom(msg.sender, address(this), amount1);

        if (totalSupply == 0) {
            // Initial liquidity: LP tokens = sqrt(amount0 * amount1)
            liquidity = sqrt(amount0 * amount1);
        } else {
            // Subsequent deposits: proportional to existing reserves
            liquidity = min(amount0 * totalSupply / reserve0, amount1 * totalSupply / reserve1);
        }
        require(liquidity > 0, "Insufficient liquidity minted");

        balanceOf[msg.sender] += liquidity;
        totalSupply += liquidity;

        _update(token0.balanceOf(address(this)), token1.balanceOf(address(this)));
        emit Mint(msg.sender, amount0, amount1);
    }

    // Burn LP tokens to withdraw liquidity
    function burn(uint liquidity) external returns (uint amount0, uint amount1) {
        require(balanceOf[msg.sender] >= liquidity, "Insufficient LP tokens");

        amount0 = liquidity * reserve0 / totalSupply;
        amount1 = liquidity * reserve1 / totalSupply;

        balanceOf[msg.sender] -= liquidity;
        totalSupply -= liquidity;

        token0.transfer(msg.sender, amount0);
        token1.transfer(msg.sender, amount1);

        _update(token0.balanceOf(address(this)), token1.balanceOf(address(this)));
        emit Burn(msg.sender, amount0, amount1);
    }

    // Swap token0 for token1 (or vice versa)
    function swap(uint amount0Out, uint amount1Out, address to) external {
        require(amount0Out > 0 || amount1Out > 0, "No output");
        require(amount0Out <= reserve0 && amount1Out <= reserve1, "Insufficient liquidity");

        uint _reserve0 = reserve0;
        uint _reserve1 = reserve1;

        uint amount0In = 0;
        uint amount1In = 0;

        if (amount0Out > 0) {
            amount0In = _reserve0 - (token0.balanceOf(address(this)) - amount0Out);
        }
        if (amount1Out > 0) {
            amount1In = _reserve1 - (token1.balanceOf(address(this)) - amount1Out);
        }

        require(amount0In > 0 || amount1In > 0, "No input");

        // Constant product check with 0.3% fee
        uint balance0 = token0.balanceOf(address(this)) - amount0Out;
        uint balance1 = token1.balanceOf(address(this)) - amount1Out;

        uint k = reserve0 * reserve1; // old k
        uint kAfter = balance0 * balance1; // new k after trade (including input fees)
        require(kAfter >= k, "Constant product violated");

        token0.transfer(to, amount0Out);
        token1.transfer(to, amount1Out);

        _update(token0.balanceOf(address(this)), token1.balanceOf(address(this)));
        emit Swap(msg.sender, amount0In, amount1In, amount0Out, amount1Out);
    }

    // Helper functions
    function min(uint x, uint y) internal pure returns (uint) { return x < y ? x : y; }
    function sqrt(uint y) internal pure returns (uint z) {
        if (y > 3) {
            z = y;
            uint x = y / 2 + 1;
            while (x < z) {
                z = x;
                x = (y / x + x) / 2;
            }
        } else if (y != 0) {
            z = 1;
        }
    }
}
```

This simplified AMM demonstrates core concepts: adding/removing liquidity, swapping with the constant product invariant, and tracking reserves. In production, you'd add slippage protection, deadline checks, and more sophisticated math.

---

## 17.3 Lending and Borrowing Protocols

Lending protocols allow users to deposit assets to earn interest or borrow assets by providing collateral. Interest rates are determined algorithmically based on supply and demand.

### 17.3.1 Collateralized Lending

Borrowers must **over-collateralize** their loans to protect lenders from default. For example, to borrow $100 worth of DAI, you might need to deposit $150 worth of ETH as collateral. The ratio is called the **collateralization ratio** (150%).

If the value of your collateral drops (e.g., ETH price falls), your position may become undercollateralized and subject to **liquidation**—where the protocol sells your collateral to repay the loan.

**Key terms:**
- **Loan-to-Value (LTV)**: Maximum amount you can borrow relative to collateral (e.g., 75% LTV means for $100 collateral, max borrow $75).
- **Liquidation Threshold**: The LTV at which liquidation is triggered (e.g., 80%).
- **Liquidation Penalty**: A fee paid by the borrower when liquidated (e.g., 5–10%).

### 17.3.2 Interest Rate Models

Interest rates are dynamic. A common model is the **utilization rate** `U = totalBorrows / totalLiquidity`. As `U` increases, rates rise to incentivize more deposits and discourage borrowing.

```
Interest Rate Curve:
Rate
  ▲
  │                    /
  │                   /
  │                  /
  │                 /
  │                /
  │               /
  │              /
  │             /
  │            /
  │           /
  │          /
  │         /
  │        /
  │       /
  │      /
  │     /
  │    /
  │   /
  │  /
  │ /
  │/____________________ Utilization
 0                      100%
```

Example (Compound-style):
- `borrowRate = baseRate + multiplier * U`
- `supplyRate = borrowRate * U * (1 - reserveFactor)`

### 17.3.3 Liquidation Mechanisms

When a borrower's health factor drops below 1 (collateral < loan * liquidation threshold), anyone can call `liquidationCall()` to repay part of the debt and seize the collateral, earning a bonus.

**Simplified liquidation logic:**
```solidity
function liquidate(address borrower, uint repayAmount, address collateralToken) external {
    // Calculate current health
    (uint collateral, uint debt) = getAccountHealth(borrower);
    require(debt * liquidationThreshold > collateral, "Healthy");

    // Repay debt on behalf of borrower
    repayAmount = min(repayAmount, debt);
    token.borrowedToken.transferFrom(msg.sender, address(this), repayAmount);

    // Seize collateral (with bonus)
    uint seizeAmount = repayAmount * liquidationBonus / 1e18;
    collateralToken.transfer(msg.sender, seizeAmount);
}
```

### 17.3.4 Flash Loans

Flash loans are uncollateralized loans that must be repaid within the same transaction. They enable arbitrage, collateral swapping, and self-liquidation without upfront capital.

**How they work:**
1. A contract calls the lending pool requesting a flash loan of a certain amount.
2. The pool transfers the assets to the borrower's contract.
3. The borrower's contract executes arbitrary logic (e.g., arbitrage).
4. The borrower repays the loan + fee before the transaction ends.
5. If the loan isn't repaid, the whole transaction reverts.

**Flash loan example using Aave:**
```solidity
import "@aave/core-v3/contracts/flashloan/base/FlashLoanSimpleReceiverBase.sol";

contract MyFlashLoan is FlashLoanSimpleReceiverBase {
    constructor(IPoolAddressesProvider provider) FlashLoanSimpleReceiverBase(provider) {}

    function executeOperation(
        address asset,
        uint amount,
        uint premium,
        address initiator,
        bytes calldata params
    ) external override returns (bool) {
        // Arbitrage logic here
        // Use the borrowed funds
        IERC20(asset).approve(address(POOL), amount + premium);
        return true;
    }

    function requestFlashLoan(address asset, uint amount) public {
        bytes memory params = "";
        POOL.flashLoanSimple(address(this), asset, amount, params, 0);
    }
}
```

Flash loans are powerful but also a source of attacks if not handled carefully (see section 17.6).

---

## 17.4 Yield Farming and Staking

Yield farming (or liquidity mining) is the practice of staking or lending crypto assets to generate high returns, often in the form of additional tokens.

### 17.4.1 Yield Farming Strategies

Farmers move their capital between protocols to chase the highest yields. Common strategies:

- **LP Staking**: Provide liquidity to a DEX pool, then stake the LP tokens in a reward contract to earn governance tokens.
- **Lending**: Deposit assets into a lending protocol to earn interest and possibly governance tokens.
- **Leveraged Farming**: Borrow assets to multiply exposure (e.g., deposit ETH, borrow DAI, buy more ETH, repeat). High risk of liquidation.

### 17.4.2 Liquidity Mining

Protocols distribute their native tokens to users who provide liquidity or use their platform. This bootstraps liquidity and decentralizes governance.

**Example: Uniswap's UNI distribution**
- Early liquidity providers received UNI tokens proportional to their LP positions.
- Rewards are often distributed over time (vesting) to encourage long-term commitment.

**Implementation pattern:**
```solidity
contract LiquidityMining {
    IERC20 public rewardToken;
    uint public rewardRate;
    mapping(address => uint) public lastUpdateTime;
    mapping(address => uint) public rewards;

    function stake(uint amount) external {
        // Transfer LP tokens to contract
        // Update reward accounting
    }

    function claimReward() external {
        uint reward = calculateReward(msg.sender);
        rewardToken.transfer(msg.sender, reward);
    }
}
```

### 17.4.3 Staking Mechanisms

Staking often refers to locking tokens in a protocol to support network security (PoS) or governance. In DeFi, staking usually means depositing tokens to earn yield or voting rights.

**Types:**
- **Single-sided staking**: Stake only one token (e.g., stake SUSHI to earn more SUSHI).
- **Dual staking**: Stake LP tokens to earn rewards in the protocol's token.

---

## 17.5 Stablecoins

Stablecoins are cryptocurrencies designed to maintain a stable value relative to a reference asset (usually USD). They are essential for DeFi as a medium of exchange and store of value.

### 17.5.1 Fiat-Backed Stablecoins

These are backed 1:1 by fiat currency held in bank accounts by a centralized entity. Examples: USDC (Circle), USDT (Tether). They are the simplest but rely on trust in the issuer.

### 17.5.2 Crypto-Backed Stablecoins

These are over-collateralized by other cryptocurrencies. The most famous is **DAI** from MakerDAO.

**How DAI works:**
- Users lock ETH (or other approved collateral) in a Maker Vault.
- They generate DAI up to a certain collateralization ratio (e.g., 150%).
- To retrieve collateral, they must repay the DAI plus a stability fee.
- If collateral value drops, the position is liquidated.

**Advantages:**
- Decentralized, transparent on-chain.
- No reliance on banks.

**Disadvantages:**
- Capital inefficient (over-collateralization).
- Subject to liquidation risk.

### 17.5.3 Algorithmic Stablecoins

These use algorithms and market incentives to maintain the peg, without collateral. Examples: Ampleforth, TerraUSD (before collapse), Frax (partially collateralized). They are complex and have proven fragile—Terra's collapse in 2022 showed the risks.

**Basic idea:**
- Expand and contract supply to maintain price.
- If price > $1, protocol mints new tokens and sells them.
- If price < $1, protocol buys back and burns tokens.

**Risks:** Death spirals if confidence is lost.

---

## 17.6 DeFi Security

DeFi protocols manage billions of dollars, making them prime targets for hackers. Understanding common vulnerabilities is crucial.

### 17.6.1 Smart Contract Risks

| Vulnerability | Description | Example |
|---------------|-------------|---------|
| **Reentrancy** | Attacker repeatedly calls a function before previous invocation completes | DAO hack (2016) |
| **Logic Errors** | Flaws in business logic (e.g., incorrect interest calculation) | Many smaller hacks |
| **Access Control** | Missing or flawed permissions | Parity wallet freeze |
| **Oracle Manipulation** | Manipulating price feeds to exploit protocols | bZx, Harvest Finance |
| **Flash Loan Attacks** | Using flash loans to manipulate markets | Numerous DeFi exploits |

### 17.6.2 Oracle Manipulation

Oracles provide external data (like prices) to smart contracts. If an oracle can be manipulated, an attacker can trick a protocol into unfair liquidations or trades.

**Example attack:**
1. Attacker takes a flash loan to manipulate a DEX price (e.g., on a low-liquidity pool).
2. Attacker uses that manipulated price as an oracle input to another protocol (e.g., a lending platform) to borrow more than they should.
3. Protocol's price feed is now incorrect, leading to profit for the attacker.

**Mitigation:**
- Use decentralized oracles (Chainlink) with multiple data sources.
- Use time-weighted average prices (TWAP) from DEXes like Uniswap V2/V3.
- Implement circuit breakers or sanity checks.

### 17.6.3 Flash Loan Attacks

Flash loans enable attackers to deploy large amounts of capital without upfront cost, making many DeFi exploits possible.

**Common attack patterns:**
- **Price manipulation**: Use flash loans to alter a DEX price, then exploit a protocol that relies on that price.
- **Liquidation exploitation**: Manipulate prices to cause unnecessary liquidations and claim bonuses.
- **Reentrancy combined**: Use flash loans to fund reentrancy attacks.

**Notable flash loan attacks:**
- **bZx (Feb 2020)**: First major flash loan attack, netted ~$1M.
- **Harvest Finance (Oct 2020)**: $24M lost via price manipulation.
- **Cream Finance (Oct 2021)**: $130M lost via flash loan + reentrancy.

**Prevention:**
- Use TWAP oracles.
- Limit maximum borrow per transaction.
- Implement slippage controls.
- Formal verification and extensive auditing.

---

## Chapter Summary

```
┌─────────────────────────────────────────────────────────────────┐
│                    CHAPTER 17 SUMMARY                           │
├─────────────────────────────────────────────────────────────────┤
│                                                                 │
│  DeFi recreates financial services on blockchain:              │
│    • Permissionless, transparent, composable                   │
│    • Key sectors: DEX, lending, stablecoins, yield farming     │
│                                                                 │
│  DEX:                                                          │
│    • AMMs use liquidity pools and constant product formula     │
│    • LPs earn fees but face impermanent loss                   │
│    • Simple AMM contract implements core logic                 │
│                                                                 │
│  Lending:                                                      │
│    • Over-collateralized loans with dynamic interest rates     │
│    • Liquidations protect lenders                              │
│    • Flash loans enable uncollateralized borrowing in one tx   │
│                                                                 │
│  Yield Farming:                                                │
│    • Incentivizes liquidity provision via token rewards        │
│    • Strategies can be complex and risky                       │
│                                                                 │
│  Stablecoins:                                                  │
│    • Fiat-backed (USDC), crypto-backed (DAI), algorithmic      │
│    • Each has trade-offs in decentralization and stability     │
│                                                                 │
│  Security:                                                     │
│    • Smart contract risks, oracle manipulation, flash loan     │
│      attacks are common                                        │
│    • Use audited code, decentralized oracles, and TWAP         │
│                                                                 │
└─────────────────────────────────────────────────────────────────┘
```

**Next Chapter Preview:** Chapter 18 – Oracles and External Data. We'll explore how blockchains connect to the real world through oracles, focusing on Chainlink, and build contracts that consume price feeds and randomness.