DeFi, or Decentralized Finance, is based on a distributed ledger called
blockchain technology. Using blockchain, DeFi may customize the execution of
predetermined operations between parties. The DeFi system use blockchain
technology to execute user transactions, such as lending and exchanging. The
total value locked in DeFi decreased from \$200 billion in April 2022 to \$80
billion in July 2022, indicating that security in this area remained
problematic. In this paper, we address the deficiency in DeFi security studies.
To our best knowledge, our paper is the first to make a systematic analysis of
DeFi security. First, we summarize the DeFi-related vulnerabilities in each
blockchain layer. Additionally, application-level vulnerabilities are also
analyzed. Then we classify and analyze real-world DeFi attacks based on the
principles that correlate to the vulnerabilities. In addition, we collect
optimization strategies from the data, network, consensus, smart contract, and
application layers. And then, we describe the weaknesses and technical
approaches they address. On the basis of this comprehensive analysis, we
summarize several challenges and possible future directions in DeFi to offer
ideas for further research