Skip to main content

DeFi Glossary

106 terms every finance professional needs to know, defined in plain English with no jargon assumed.

Most DeFi glossaries are written for developers or by enthusiasts who have forgotten what it felt like to encounter these concepts for the first time. This one is written for finance professionals: people who understand interest rate risk, collateral management, and counterparty exposure, but who need the blockchain vocabulary to operate fluently in conversations where these concepts increasingly show up. Each definition starts from first principles and notes where the standard finance analogy breaks down, because those fracture points are where the real risk concentrates.

106 terms, updated regularly. See the full interactive DeFi course at DeFi Primer.

A

Account Abstraction Infrastructure #
Smart account architecture that replaces standard externally owned accounts (wallets controlled by a single private key) with programmable contract accounts. Enables social recovery, multi-factor authentication, spending limits, and batch transactions that require workarounds in standard wallets. Critical for institutional adoption: smart accounts can enforce compliance rules and authorization policies at the account level, replacing single-key brittleness with configurable security policies.
Admin Key Risk #
A privileged cryptographic key or multisig set that can pause, upgrade, or drain a smart contract's funds. Its existence means a protocol is not fully trustless: whoever controls the key controls the protocol. Many protocols retain admin keys under the justification of emergency response, but they represent a concentrated attack surface. Audit reports and on-chain analytics tools can reveal whether a contract has admin controls and who holds them.
AI Agent Infrastructure #
Autonomous software that can hold a wallet, hold funds, and transact on-chain without a human approving each step. AI agents expose the gap in compliance frameworks built around human account holders: who is liable, and how do you KYC a piece of code?
Airdrop Tokenomics #
A distribution of free tokens to wallet addresses, typically as a reward for early protocol use, community participation, or as a marketing mechanism. Most airdrops are taxable events in most jurisdictions, which catches recipients off-guard when the token subsequently loses value but the tax liability was fixed at receipt.
Algorithmic Stablecoin Risk #
A stablecoin that holds its peg through code and market incentives rather than full cash reserves. Historically fragile: when confidence drops, the mechanism can enter a death spiral, as the multi-billion-dollar collapse of Terra/UST showed. Contrast with fully reserve-backed designs.
AMM Trading #
Automated Market Maker. A smart contract that prices and executes trades against a pooled liquidity reserve, using a formula like x·y=k instead of an order book. The formula ensures there is always a price, but the price worsens as trade size increases relative to pool depth. Explore AMMs interactively at the DeFi Primer.
APY Yield #
Annual Percentage Yield. The return you would earn over a year, including compounding. DeFi APYs change continuously as utilization shifts, which makes headline rates poor predictors of actual returns. Compare DeFi APYs against TradFi benchmarks with the DeFi Yield Calculator.
Audit Risk #
A formal review of a protocol's smart-contract code by a third party. Reduces but does not eliminate risk: every major exploit covered in these definitions happened to audited code. An audit is a point-in-time snapshot, not a continuous guarantee.
AVS Infrastructure #
Actively Validated Service. A service (oracle, bridge, data availability layer) that borrows cryptoeconomic security from restakers in exchange for paying fees and accepting slashing rules. The more AVSs a restaker opts into, the more slashing surfaces they are exposed to simultaneously. See: Restaking risk and the KelpDAO incident.

B

Basis Trade Trading #
A market-neutral strategy that captures the spread between spot and futures prices. In crypto, the most common form holds spot ETH (or an LST) while shorting the equivalent perpetual futures position, capturing the funding rate as yield when it is positive. Risks include funding rate reversals, liquidation risk on the short leg if margin is insufficient, and exchange counterparty risk if the short is held on a CEX.
Blockchain Infrastructure #
A distributed ledger maintained by a network of independent nodes, where transactions are grouped into blocks and linked cryptographically. No single party controls it: that is both its security property and its governance challenge. Immutability means errors, exploits, and theft cannot be reversed by any authority.
Bridge Infrastructure #
Infrastructure that lets assets or messages move between chains. Trust assumptions vary widely: some bridges rely on trusted validators, others on cryptographic proofs. Bridges have historically been the highest-loss category in DeFi, accounting for a disproportionate share of total protocol losses. See: Cross-Chain Bridges: The CDOs of DeFi.

C

CEX Trading #
Centralized Exchange. A custodial trading platform that holds user funds and runs an off-chain order book. Counterparty risk is the primary concern: the exchange can be hacked, mismanaged, or fraudulent. FTX demonstrated that "reputable" is not a substitute for segregated custody.
CLMM Trading #
Concentrated Liquidity Market Maker. An AMM variant where liquidity providers choose a specific price range, improving capital efficiency at the cost of more active management. Once price moves outside the selected range, the LP stops earning fees and the position becomes concentrated in one side of the pair, often the asset that has underperformed relative to the other.
Cold Wallet Custody #
A wallet whose keys are stored offline, typically on a hardware device or air-gapped machine. Slower to use, harder to compromise remotely. The appropriate storage mechanism for assets not needed for frequent transactions. See the full self-custody risk framework at self-custody risk guide.
Collateral Risk #
Assets pledged to secure a loan. In DeFi lending, collateral is locked in a smart contract and automatically liquidated if its value drops below a threshold, with no discretion and no warning period. Overcollateralisation is the norm because DeFi cannot assess creditworthiness or enforce legal recourse.
Composability Infrastructure #
The property that lets DeFi protocols be combined like building blocks: a loan in one protocol used as collateral in another, which feeds yield into a third. Creates capital efficiency and systemic contagion risk simultaneously. When one layer in a composable stack fails, cascading liquidations across dependent protocols can follow within the same block.
Custody Custody #
Control over the private keys that authorize transactions on a blockchain. Self-custody means you hold the keys; exchange custody means a third party does. Neither is without risk: self-custody concentrates operational and key-management risk on the holder, while exchange custody introduces counterparty and regulatory risk. Full institutional framework at self-custody risk guide.

D

DAO Tokenomics #
Decentralized Autonomous Organization. A governance structure where token holders vote on protocol decisions. On-chain DAOs can have execution delays (timelocks); many do not. Token-weighted voting means large holders dominate decisions, which concentrates governance risk in a structure that looks decentralized but often is not.
Data Availability Infrastructure #
The guarantee that the data behind a block has actually been published, so anyone can verify it. It is the bottleneck that modular blockchain designs and dedicated data-availability layers try to solve, and a quiet but real risk surface for rollups.
DeFi Infrastructure #
Decentralized Finance. Financial services: lending, trading, yield generation, built on public blockchains and executed by smart contracts, with no central intermediary controlling access or holding assets. The absence of a central gatekeeper is the feature; the absence of recourse when something goes wrong is the corresponding risk. The DeFi Primer covers the full landscape interactively.
Depeg Risk #
When a token designed to trade at a fixed price moves materially away from that price. Most commonly applied to stablecoins (USDC briefly traded at $0.87 during the SVB crisis in March 2023) and LSTs during liquidity crises. A depeg can be temporary, corrected by arbitrage once the underlying issue resolves, or permanent, as with UST/Luna in 2022. The mechanism behind the peg determines its resilience under stress.
DEX Trading #
Decentralized Exchange. Trades execute on-chain against either pooled liquidity (AMM) or an order book, without a central custodian. Non-custodial: your assets never leave your wallet until the trade executes. Trade-off: no fraud protection, no KYC, and smart-contract risk in every swap.
North Korea / DPRK Cyber Risk Risk #
State-sponsored hacking groups (Lazarus, TraderTraitor) attributed to North Korea have stolen over $6 billion in crypto since 2022, primarily via social engineering of employees and contractors rather than direct protocol exploits. The approximately $1.5 billion Bybit theft (2025) is the largest single incident on record. Sources: Chainalysis 2025 Crypto Crime Report; TRM Labs North Korea threat assessment. A geopolitical risk category that most traditional risk frameworks do not adequately capture.
DSR Yield #
Dai Savings Rate. The rate Maker/Sky pays for locking DAI in the protocol. Functions as the protocol's reference deposit rate: when the DSR rises above money market rates, it attracts inflows that tighten DAI supply and support the peg.
DVN Infrastructure #
Decentralized Verifier Network. LayerZero's configurable signing set: messages require attestation from a chosen DVN configuration. Protocol teams select their own DVN set, which means security is only as strong as the weakest DVN in that configuration.

E

ERC-20 Infrastructure #
The token standard on Ethereum that defines a common interface for fungible tokens: transfer, approve, allowance, and balanceOf functions. Most DeFi tokens, stablecoins, and governance tokens are ERC-20s. The standard enables composability: any ERC-20 can interact with any protocol that accepts the interface, without custom integration per token. Tokens that break the standard silently (such as tokens that automatically deduct a percentage fee on each transfer) cause unexpected behavior in protocols that do not account for it.
EVM Infrastructure #
Ethereum Virtual Machine. The computation engine that executes smart contracts on Ethereum and EVM-compatible chains (Polygon, Arbitrum, Base, and others). EVM compatibility is why code written for Ethereum runs on dozens of other networks with minimal modification, which both accelerates deployment and propagates vulnerabilities across chains simultaneously.

F

FDV Tokenomics #
Fully Diluted Valuation. A token's price multiplied by its maximum eventual supply, not just the supply circulating today. A low circulating market cap next to a high FDV warns of heavy future token unlocks that can dilute existing holders.
Finality Infrastructure #
The point at which a transaction is irreversibly confirmed. Different from confirmation time: a transaction can be included in a block and still be theoretically reversible. Ethereum's proof-of-stake achieves economic finality in roughly 15 minutes, after which reversal would require destroying so much staked capital that no rational attacker would attempt it. For institutional settlement, finality type and time horizon matter more than raw block speed.
Flash Loan Risk #
An uncollateralized loan that must be borrowed and repaid in the same transaction. Legitimate uses include arbitrage and collateral swaps. The exploit use case is more significant: flash loans let anyone access tens of millions of dollars for the cost of a single transaction, enabling price oracle manipulation and governance attacks that would otherwise require massive capital. See: DeFi: United We Stand.
Funding Rate Trading #
A periodic payment between long and short holders on perpetual futures, calibrated to keep the perp price anchored to spot. When the market is net long, longs pay shorts; when net short, shorts pay longs. Funding rates are quoted as an hourly or 8-hour rate and serve as a direct sentiment signal. In sustained bull markets, annualized funding rates can exceed 100%, making long perpetual positions expensive to carry.

G

Gas Infrastructure #
The unit of computational work on Ethereum. Users pay gas fees in ETH; the base fee is burned entirely (reducing ETH supply), and validators capture the priority tip plus any MEV they negotiate with block builders. High gas correlates with network congestion. Layer 2 networks reduce gas costs by orders of magnitude by batching transactions and settling proofs to the base layer rather than executing every transaction on it.
GENIUS Act Compliance #
The 2025 US law that created the first federal framework for payment stablecoins. It requires 100% reserves in cash or short-dated Treasuries, monthly public reserve disclosures, no rehypothecation of reserves, and priority for stablecoin holders if the issuer fails. Issuers cannot pay interest to holders.
Governance Token Tokenomics #
A token conferring voting rights on protocol parameters. Value depends on whether governance controls meaningful revenue or risk. Many governance tokens control neither: the team retains veto power via multisig, and the protocol generates no fee revenue to distribute. Assess what governance actually controls before treating it as a value driver.

H

Hardware Wallet Custody #
A physical device that stores private keys offline and signs transactions without exposing keys to an internet-connected machine. The strongest practical defense against remote theft of self-custodied assets. Supply chain risk (buying second-hand or from unofficial resellers) is a real attack vector: always buy from the manufacturer directly.
Hot Wallet Custody #
A wallet whose private keys are stored on an internet-connected device (browser extension, mobile app, exchange interface). Convenient but exposed to remote compromise. Appropriate for frequent transactions with small amounts. Not appropriate for storing significant value. The operational equivalent of carrying cash in your pocket rather than keeping it in a safe.
Howey Test Compliance #
The US legal test for whether an arrangement is an investment contract, and therefore a security. It is central to the unresolved question of which tokens fall under securities law, and a recurring fault line in US enforcement actions.

I

Impermanent Loss Risk #
The relative loss an LP takes versus simply holding the two assets, caused by price divergence between them. Not loss versus cash: loss versus the buy-and-hold alternative. "Impermanent" is a misleading label: the loss becomes permanent if the LP withdraws before prices revert. The higher the correlation between the two assets, the lower the impermanent loss risk.
Intents Infrastructure #
A design where a user specifies the outcome they want, such as swap X for at least Y, and third parties compete to fulfill it, rather than the user signing each transaction step. It improves usability but adds reliance on the solvers who execute on your behalf.

K

KYC/AML Compliance #
Know Your Customer and Anti-Money Laundering. Regulatory requirements that financial institutions must verify customer identity and monitor transactions for suspicious activity. Most CEXs are subject to KYC/AML obligations; most DeFi protocols are not. Under FATF guidance, VASPs must collect and retain originator and beneficiary data when transacting with self-hosted wallets. This requirement applies even where there is no counterpart VASP to transmit to, tightening the compliance perimeter around unhosted wallets without fully closing it. Source: FATF Best Practices on Travel Rule Supervision (June 2025). The boundary between regulated and unregulated is where most compliance risk currently concentrates.

L

Layer 1 Infrastructure #
A base blockchain network that maintains its own consensus and security: Ethereum, Bitcoin, Solana, and others. All Layer 2 networks ultimately derive their security from an underlying Layer 1. The security, decentralization, and throughput trade-offs baked into a Layer 1 cannot be fully escaped by the Layer 2 networks built on top of it.
Layer 2 Infrastructure #
A scaling solution built on top of a base chain (Layer 1) that posts data or proofs back to it for security. Rollups are the dominant L2 architecture: they reduce fees while inheriting Ethereum's security. The sequencer running most L2s is still centralized, which creates a censorship assumption most users overlook. See: Why blockchain infrastructure matters for AI.
Liquidation Risk #
Forced closure of an undercollateralized borrowing position. Liquidators repay debt at a discount; the borrower loses collateral above their loan value. DeFi liquidations happen automatically by smart contract, with no discretion. The protocol does not wait for a human margin call process. In volatile markets, cascading liquidations across correlated positions can accelerate price moves dramatically.
LP Trading #
Liquidity Provider. A user who deposits assets into an AMM pool in exchange for a share of trading fees. LPs bear impermanent loss risk, smart-contract risk, and the risk of the protocol itself being exploited. Fee income must exceed impermanent loss plus the opportunity cost of alternative deployments to be economically rational.
LRT Yield #
Liquid Restaking Token. An LST that has been deposited into a restaking protocol, paying staking and restaking rewards but inheriting restaking risks including slashing from multiple AVSs simultaneously. The KelpDAO incident (April 2026, $292M, per Chainalysis and CoinDesk) illustrated how LRT architecture can amplify a single exploit into system-wide losses. See: Gone in 46 Minutes.
LST Yield #
Liquid Staking Token. A token representing staked ETH (or SOL, etc.) that remains transferable and usable in DeFi while continuing to earn staking yield. Solves the illiquidity problem of native staking, at the cost of adding smart-contract risk and a dependency on the liquid staking protocol maintaining its peg to the underlying asset.

M

Mempool Infrastructure #
The pool of unconfirmed transactions waiting to be included in a block. When a transaction is submitted, it enters the mempool until a validator selects it. Because the mempool is public and accessible via any RPC connection, MEV bots can observe pending transactions and react before they confirm, enabling front-running, back-running, and sandwich attacks. Gas price determines priority: higher fees jump the queue; low-fee transactions can wait hours or be dropped.
MEV Trading #
Maximal Extractable Value. Value that can be extracted by ordering, including, or censoring transactions within a block. Sources include arbitrage, liquidations, and sandwich attacks. MEV is a structural feature of public blockchains, not a bug: any system where transaction ordering is controlled by someone will generate ordering rents. The question is who captures them.
MiCA Compliance #
Markets in Crypto-Assets, the European Union's comprehensive crypto regulation, in force for stablecoins since 2024. It splits stablecoins into e-money tokens, pegged to a single currency, and asset-referenced tokens, backed by a basket or other assets, requires redemption at par, and bars issuers from paying interest.
Minting Tokenomics #
Creating new tokens and adding them to circulating supply. Minting can be permissioned (only the protocol or governance can mint) or permissionless (anyone who meets conditions can mint, as with DAI by depositing collateral). New minting dilutes existing holders unless protocol value grows proportionally. Stablecoin minting is collateral-backed; governance token minting is often inflationary and functions as a cost paid by existing holders to fund protocol growth.
MPC Custody #
Multi-Party Computation. A custody method that splits a private key into shares held by different parties, so a transaction signs only when a threshold of them cooperate and the full key never exists in one place. Widely used in institutional custody as an alternative to multisig.
Multisig Custody #
A wallet requiring N-of-M signatures to authorize transactions. Structurally stronger than a single key, but only as safe as the signing process. The Bybit theft (2025, approximately $1.5 billion per FBI/IC3) targeted the user interface rather than the cryptography: attackers injected malicious JavaScript into Safe{Wallet}'s frontend, causing signers to approve a manipulated transaction payload while the display appeared legitimate. Sources: NCC Group technical analysis; Cyfrin post-mortem. Hardware is not the weak link; humans are.

N

NFT Tokenomics #
Non-Fungible Token. A token representing unique ownership of a digital or physical asset, recorded on a blockchain. Unlike fungible tokens (where one unit equals another), each NFT is distinct. Ownership of the token does not necessarily confer rights to the underlying asset: the legal relationship between NFT ownership and real-world rights remains largely untested in most jurisdictions.

O

Open Interest Trading #
The total number of derivative contracts, such as perpetuals, that are outstanding and not yet closed. Rising open interest signals new money and leverage entering a market; sharp drops often accompany liquidation cascades.
Oracle Infrastructure #
A service that brings off-chain data (prices, events) on-chain. Many DeFi exploits originate in oracle manipulation rather than contract bugs: if an attacker can move a price feed, they can trigger artificial liquidations or drain lending protocols. Price oracles sourced from thin on-chain liquidity are particularly vulnerable to flash loan manipulation.

P

Permissionless Infrastructure #
Open to any participant without requiring approval. The defining property of public DeFi: anyone can deploy a contract, add liquidity, or borrow. This also means anyone can deploy malicious code, create fraudulent tokens, or drain a protocol with no prior relationship required. Permissionlessness is not a neutral property: it shapes the risk profile of everything built on top of it.
Perp Trading #
Perpetual future. A derivative with no expiry; funding payments between longs and shorts keep its price tethered to the spot reference. The dominant trading instrument on DeFi derivatives platforms. Funding rates can become significantly negative during sustained bear markets, creating a carry cost that erodes leveraged long positions.
Points Program Yield #
A pre-token incentive mechanism where a protocol awards off-chain, protocol-specific points for user activity, typically with an implied (but not contractually guaranteed) future conversion to airdrop eligibility or token rewards. Points became prevalent in 2023-2024 as protocols sought to grow user bases before token launches. From an analytical standpoint, points represent illiquid, non-transferable, and revocable yield: conversion rates, eligibility criteria, and timing are at the protocol's discretion with no enforceable claim.
Prediction Market Trading #
A market where you trade contracts that pay out based on a real-world event, such as an election or a rate decision, so the price reflects the crowd's implied probability. Resolution depends on a trusted oracle. Polymarket and Kalshi are the leading venues.
Private Key Custody #
A cryptographic secret that authorizes transactions from a blockchain address. Whoever holds the private key controls the funds, with no password reset, no fraud team to call, and no way to reverse an unauthorized transaction. Private key compromise accounts for the majority of individual theft losses in DeFi. See the full risk framework at self-custody risk guide.
Proof of Reserves Risk #
A cryptographic attestation, often using a Merkle tree, that an exchange or issuer holds the assets it claims to. A post-FTX trust tool, but it proves assets at a point in time and not liabilities, so it is necessary but not sufficient.
Proof of Stake Infrastructure #
A consensus mechanism where validators are selected to produce blocks in proportion to the cryptocurrency they have staked as collateral. Ethereum has used Proof of Stake since The Merge (2022). Energy-efficient relative to Proof of Work, but introduces validator collusion risk, liquid staking concentration risk, and slashing mechanics that are unfamiliar to most traditional finance risk frameworks.
Proof of Work Infrastructure #
The original Bitcoin consensus mechanism, where miners compete to solve computationally intensive puzzles to validate blocks. Energy-intensive by design: the energy expenditure is the security model. Replacing the work with cheaper computation would collapse the cost of attacking the network. Still used by Bitcoin; largely abandoned by other major networks in favour of Proof of Stake.
Protocol Revenue Yield #
Fees generated by genuine economic activity on a protocol: trading fees from swaps, interest margin on lending, liquidation fees, and similar. Distinct from token emissions or treasury grants. Revenue relative to TVL is a more meaningful metric than headline APY, since it reveals whether a protocol generates sustainable returns or subsidizes yield with inflation. Many high-TVL protocols generate minimal fees; some low-TVL protocols generate substantial revenue.

Q

Qualified Custodian Custody #
A regulated entity, such as a bank or trust company, permitted to hold client assets under rules like the SEC's custody requirements. It is a central question for institutions entering digital assets, since much crypto infrastructure was not built to meet this standard.

R

Real Yield Yield #
Yield paid from genuine protocol revenue: trading fees, interest, liquidation proceeds, rather than token emissions. A protocol paying 15% APY in real yield is fundamentally different from one paying 15% APY by minting and distributing its own governance token. Real yield paid in ETH, stablecoins, or buyback-funded tokens does not dilute holders; emission-funded yield consumes governance token value and requires new entrants to sustain it. The distinction is the first question in any DeFi yield due diligence. Compare yields with the DeFi Yield Calculator.
Reentrancy Risk #
A classic smart-contract exploit where a malicious contract calls back into a vulnerable function before its balances update, draining funds in a loop. It was the bug behind the original 2016 DAO hack, and variants still recur today.
Relayer Infrastructure #
An off-chain service that collects signed transactions or messages from users and submits them to a blockchain on their behalf. In DEX protocols, relayers host order books and match trades off-chain before settling on-chain. In cross-chain bridges, relayers listen for events on one network and deliver the corresponding proof to another. A compromised relayer can stall or manipulate cross-chain transfers. See: Cross-Chain Bridges: The CDOs of DeFi.
Restaking Yield #
Reusing staked ETH as security for additional services (AVSs). Compounds yield and compounds slashing surface area in equal measure. A validator opting into multiple AVSs can be slashed by any of them simultaneously. The yield premium over vanilla staking reflects this additional risk, though the market was slow to price it correctly before the first restaking incidents. See: Gone in 46 Minutes.
Rollup Infrastructure #
A Layer 2 that executes transactions off-chain and posts compressed data (and optionally validity proofs) to Ethereum. Optimistic rollups use fraud proofs and have a 7-day withdrawal delay; ZK rollups use validity proofs and can finalize faster. Both reduce fees by 10-100x while relying on Ethereum for ultimate security. See: No Blockchain, No AI.
RPC / RPC Endpoint Infrastructure #
Remote Procedure Call endpoint: the server address a wallet or application uses to query blockchain state and submit transactions. Public RPC endpoints are free but rate-limited and unreliable under load. Private providers like Infura, Alchemy, and QuickNode offer higher reliability at cost. RPC providers can log IP addresses and transaction history, censor specific transactions, or experience downtime, creating infrastructure dependency risk that most end users do not consider.
Rug Pull Risk #
A scam where insiders drain a project's liquidity or funds and disappear, often after hyping the token. It ranges from outright theft to soft rugs where the team quietly abandons the project. Usually enabled by admin keys or unlocked liquidity.
RWA Trading #
Real World Asset. Traditional financial assets (Treasury bonds, private credit, real estate) tokenized and brought on-chain. The fastest-growing DeFi category in 2024-2025, bridging institutional finance and blockchain settlement. The on-chain token is only as good as the legal structure backing it: tokenization does not eliminate counterparty risk, it relocates it to the issuer and the legal jurisdiction governing redemption. See: The OCC bank charter signal.

S

Sandwich Attack Risk #
An MEV strategy where a bot places one transaction just before and one just after a victim's trade, profiting from the price move the victim's order creates. Most visible on illiquid pairs with high slippage tolerance. Setting a tight slippage limit is the primary user defense, at the cost of more frequent transaction failures during volatile periods.
Seed Phrase Custody #
A 12 or 24-word sequence that encodes a wallet's private key in human-readable form. Anyone who knows your seed phrase controls your wallet permanently. Seed phrases should never be stored digitally, photographed, entered into any website or app, or shared with any person under any circumstances. The most common self-custody loss vector after direct key theft.
Sequencer Infrastructure #
The centralized entity that orders transactions on most optimistic rollups and ZK rollups. A sequencer can delay or censor transactions, creating a trust assumption the base chain does not have. Most L2s are working toward decentralized sequencers, but as of 2025 most production sequencers are still operated by a single entity.
Slashing Risk #
Programmatic confiscation of a validator's stake for provably malicious behavior such as double signing (attesting to two conflicting blocks). Prolonged downtime triggers inactivity penalties, a gradual balance reduction that is distinct from slashing but similarly erodes capital. Restakers can be slashed by any AVS they opt into, compounding the risk surface. Unlike a fine or penalty in TradFi, slashing is automated, immediate, and irreversible.
Slippage Trading #
The difference between the expected and executed price of a trade. Higher on illiquid pairs or large orders. AMM slippage is deterministic from pool depth; order-book slippage depends on market conditions at execution time. Setting slippage tolerance too high invites sandwich attacks; setting it too low causes frequent failed transactions.
Smart Contract Infrastructure #
Self-executing code deployed on a blockchain. Once deployed, runs deterministically on every node. Unless designed with upgrade or pause controls, deployed smart contracts run automatically and cannot be altered unilaterally. Bugs cannot be patched without migrating to a new contract and persuading users to migrate their funds. Every DeFi protocol is a stack of smart contracts, which means protocol risk is fundamentally code risk. See: Cross-Chain Bridges: The CDOs of DeFi.
Social Recovery Custody #
A wallet design where a set of trusted guardians can help restore access if you lose your key, removing the single point of failure of a seed phrase. Enabled by account abstraction, it is one answer to the incapacity problem in self-custody.
Stablecoin Trading #
A token designed to track a reference price, usually $1. Backed by fiat reserves (USDC, USDT), crypto collateral (DAI), or algorithmic mechanisms (varying success: see UST/Luna, 2022). Reserve quality, redemption rights, and issuer jurisdiction determine the real risk profile: not all $1 stablecoins are equal. Explore stablecoin mechanics at the DeFi Primer.
Staking Yield #
Locking cryptocurrency in a network's consensus mechanism (Proof of Stake) to earn rewards for validating transactions. Also used loosely in DeFi to mean depositing tokens in a protocol for yield, which is structurally different: protocol staking does not secure a blockchain and carries full smart-contract risk alongside the yield. The two uses of the word describe fundamentally different risk profiles.
Sybil Attack Risk #
An attack where one entity creates many fake identities to disproportionately influence a system designed to reward individual participants. In DeFi, Sybil attacks target airdrop programs, governance votes, and activity-based rewards: a single actor operating thousands of wallets to appear as thousands of distinct users. Protocols use on-chain activity analysis, proof-of-personhood systems, and social verification to mitigate the risk, with varying effectiveness.

T

Timelock Risk #
A governance delay between a proposal passing and its on-chain execution. The single cheapest security measure a protocol can add: it gives users time to exit before a harmful governance change takes effect. A protocol with no timelock can have its parameters changed in a single block, with no warning and no recourse.
Token Tokenomics #
A digital asset issued on a blockchain. Tokens can represent ownership, governance rights, utility, claims on underlying assets, or nothing at all. All tokens carry issuer risk; few have the legal protections of regulated securities. The word describes a technical structure, not a legal classification: the same token can be a security in one jurisdiction and a commodity in another.
Tokenization Infrastructure #
Issuing a blockchain token that represents ownership of an asset, such as a Treasury bill, fund share, bond, or property, so it can settle and transfer on-chain. The pitch is faster settlement, fractional ownership, and around-the-clock markets; the catch is that the token is only as good as the legal claim and custody behind it.
Tokenized Deposit Infrastructure #
A commercial bank deposit represented as a token on a blockchain, redeemable for the bank's own balance-sheet money. Unlike a stablecoin, it is a direct claim on a regulated bank rather than on a separate reserve pool. JP Morgan's JPMD is the headline example.
Tokenized Treasuries Yield #
On-chain tokens representing shares in short-term US Treasury funds, the fastest-growing real-world-asset category, led by BlackRock's BUIDL. They let on-chain capital earn government-bond yield, which payment-stablecoin issuers legally cannot pass through.
Tokenomics Tokenomics #
The economic design of a token: supply schedule, emission rate, vesting terms, utility, distribution, and value-capture mechanisms. Sound tokenomics aligns long-term holder incentives with protocol growth; poor tokenomics creates perverse incentives that extract value from early participants. The most important questions for any DeFi allocation: how much new supply is created each year, who receives it, and what mechanisms (if any) reduce circulating supply.
TradFi Infrastructure #
Traditional Finance. The incumbent financial system: banks, asset managers, exchanges, and regulators operating under established legal and regulatory frameworks. DeFi's structural foil and, increasingly, its counterparty. The TradFi-to-DeFi transition is the analytical lens most of the content on this site is built around. See: Are We in 1996 Again?
Travel Rule Compliance #
A FATF recommendation, adopted into regulation by most major financial jurisdictions, requiring virtual asset service providers (VASPs) to collect and transmit originator and beneficiary information for transfers above a threshold (typically $1,000 or equivalent). Designed to extend the same anti-money laundering controls that apply to wire transfers. The rule applies between VASPs but creates a compliance gap at the boundary with self-hosted wallets, where there is no counterpart VASP to receive the data. Implementation varies significantly across jurisdictions. See also: KYC/AML.
TVL Yield #
Total Value Locked. The aggregate dollar value of assets deposited into a protocol. A scale metric, not a quality metric: high TVL does not imply security, sustainability, or legitimate use. TVL figures can be inflated by circular deposits where the same assets are counted multiple times across composable protocols.

U

Upgradeability / Proxy Contract Risk #
A design pattern where a smart contract's logic can be modified after deployment via a proxy contract that delegates calls to an implementation contract that can be swapped. Enables bug fixes and new features, but reintroduces the centralization risk that self-executing contracts are meant to eliminate: whoever controls the upgrade key can change how the contract handles user funds, with or without governance approval. Audit reports should specify whether a contract is upgradeable and who holds the upgrade authority.

V

Validator Infrastructure #
A node that proposes and attests to new blocks in a proof-of-stake network. Requires staking capital; misbehaviour triggers slashing. In Ethereum, 32 ETH minimum to run a validator; the Pectra upgrade (May 2025) raised the maximum effective balance to 2,048 ETH, enabling validator consolidation. Validator concentration among large staking pools is an ongoing decentralization concern.
Validator Client Diversity Risk #
The distribution of software implementations run by validators on a proof-of-stake network. Ethereum validators can run different client software (Lighthouse, Prysm, Teku, Nimbus, Lodestar), each written independently. If a single client contains a consensus bug, all validators running it face simultaneous correlated slashing. If that client exceeds 33% of the validator set, a bug could also prevent the network from achieving finality, a more severe failure mode. Client diversity is an underappreciated systemic risk in institutional staking: concentration in one client creates correlated failure exposure even when validators are otherwise geographically distributed.
VASP Compliance #
Virtual Asset Service Provider. The FATF term for exchanges, custodians, and similar businesses, used in global anti-money-laundering rules. It is the category that Travel Rule obligations attach to.
Vault Yield #
A managed strategy contract that pools user deposits and runs a specific yield-seeking program (leveraged staking, automated LP management, etc.). Adds operational convenience but also adds one more smart-contract layer between the user and their capital. Strategy risk, manager risk, and contract risk all stack on top of each other in vault architectures.
veTokenomics Tokenomics #
Vote-escrow token model. Users lock tokens for a period of time to receive voting power and often boosted yield. Locks in illiquidity in exchange for governance influence. Popularized by Curve (veCRV). Creates long-term alignment incentives but also creates secondary markets for governance influence (bribes) that the model's designers did not fully anticipate.

W

Wallet Custody #
Software or hardware that manages the private keys controlling a blockchain address. A wallet does not store tokens: tokens live on-chain. It stores the keys that prove ownership. The word "wallet" implies a container, which is technically misleading: losing your wallet does not mean you lost your assets, but losing your keys does.
Withdrawal Queue Risk #
The mechanism governing when staked assets are returned to depositors. On Ethereum, exiting the validator set requires joining a queue that processes a limited number of exits per epoch; under normal conditions, exits take hours to days, but mass exit events can extend the queue to weeks or months by design. LSTs provide liquidity by allowing secondary-market sale at a potential discount instead of waiting. For institutional staking mandates, withdrawal queue depth and timing are key liquidity risk inputs alongside yield.
Wrapped Token Infrastructure #
A tokenized representation of an asset from another chain or context. WBTC is Bitcoin wrapped on Ethereum; wETH is ETH wrapped as an ERC-20. Adds a redemption trust assumption: the wrapped token is only as good as the custodian or bridge holding the underlying asset. WBTC's custodian change controversy (2024) illustrated how wrapper governance can become a risk in itself.

Y

Yield Yield #
The return paid to capital. In DeFi, sources include trading fees, interest, staking rewards, points, and token incentives. Separating real yield (fees and interest from genuine economic activity) from subsidized yield (token emissions that dilute existing holders to pay new ones) is the central analytical task in any DeFi allocation decision. Use the DeFi Yield Calculator to compare against TradFi benchmarks.
Yield Aggregator Yield #
A protocol that automatically routes and compounds yield across multiple strategies on behalf of depositors. Adds operational convenience but also adds one more smart-contract layer between the user and their capital. The convenience premium must be weighed against the additional contract surface area and the strategy risk of whoever is managing the routing logic.

Z

Zero-Knowledge Proof Infrastructure #
A cryptographic technique that allows one party to prove a statement is true without revealing the underlying information. The verifier learns only that the proof is valid, not the inputs that generated it. In blockchains, ZK proofs verify that a batch of transactions was executed correctly without re-executing them on-chain, enabling the fast finality and lower cost of ZK rollups. ZK proofs are also used for privacy-preserving transactions and credential verification, proving eligibility without revealing personal data.
zkEVM Infrastructure #
A zero-knowledge Ethereum Virtual Machine. Executes EVM-compatible smart contracts and produces cryptographic proofs of correctness. Powers ZK rollups like zkSync and Scroll. The cryptographic proofs allow near-instant finality on Layer 1 without the 7-day fraud-proof window of optimistic rollups, at the cost of higher computational complexity in proof generation.