DeFi PLATFORMLARINDAKİ GÜVENLİK AÇIKLARININ NEDENLERİ VE ÇÖZÜM ÖNERİLERİ

Yıl 2026, Cilt: 9 Sayı: 1 , 42 - 54 , 01.04.2026

Batuhan Karabay

https://doi.org/10.32951/mufider.1792581

https://izlik.org/JA74XU98DE

Öz

Bu çalışma, merkeziyetsiz finans (DeFi) platformlarında son yıllarda artış gösteren güvenlik açıklarını teknik ve operasyonel boyutlarıyla incelemektedir. Literatür taraması, vaka analizleri ve karşılaştırmalı platform değerlendirmesi yoluyla, bu açıkların nedenleri, kullanıcılar üzerindeki etkileri ve çözüm stratejileri kapsamlı şekilde ele alınmıştır. Ronin Network, Poly Network, Mango Markets ve Curve Finance gibi önemli vakalar üzerinden güvenlik sorunlarının yapısal boyutları ortaya konulmuş; Aave, Compound, Uniswap ve Synthetix gibi platformların uyguladığı güvenlik yaklaşımları karşılaştırılmıştır. Ayrıca, Ethereum Layer-2 çözümleri, Zero-Knowledge rollup teknolojileri ve hesap soyutlaması gibi yeni gelişmelerin DeFi güvenliğine olan katkısı tartışılmıştır. Sonuç olarak, sürdürülebilir bir DeFi ekosistemi için teknik güvenliğin ötesinde yönetişim, kullanıcı eğitimi ve denetim süreçlerinin de bütüncül şekilde ele alınması gerektiği vurgulanmaktadır.

Anahtar Kelimeler

DeFi , güvenlik açıkları , merkeziyetsiz finans , Ethereum Layer-2 , Zero-Knowledge , vaka analizi

CAUSES OF SECURITY VULNERABILITIES IN DeFi PLATFORMS AND PROPOSED SOLUTIONS

https://izlik.org/JA74XU98DE

Öz

This study investigates the rising security vulnerabilities in decentralized finance (DeFi) platforms from both technical and operational perspectives. Through literature review, case studies, and a comparative platform analysis, the research identifies the root causes, user impacts, and mitigation strategies for common security issues. Prominent incidents such as Ronin Network, Poly Network, Mango Markets, and Curve Finance are examined in depth, while security strategies of major DeFi platforms such as Aave, Compound, Uniswap, and Synthetix are compared. The study also discusses the implications of new technological developments like Ethereum Layer-2 solutions, Zero-Knowledge rollups, and account abstraction mechanisms on DeFi security. Findings emphasize that achieving a sustainable DeFi ecosystem requires a holistic approach involving not only technical safeguards but also transparent governance, user education and robust audit processes.

Anahtar Kelimeler

DeFi , security vulnerabilities , decentralized finance , Ethereum Layer-2 , Zero-Knowledge , case study

Kaynakça

• Adarbah, A., Tolba, A., Belattar, B., and Moulad, M. (2024). Blockchain-Assisted Security and Privacy Preservation Scheme for Vehicular Ad Hoc Networks. Security and Privacy, 7(4), e307. https://doi.org/10.1002/spy2.307
• Alipanahloo, Z., Hafid, A. S., and Zhang, K. (2024). Maximal Extractable Value Mitigation Approaches in Ethereum and Layer-2 Chains: A Comprehensive Survey. ArXiv Preprint, arXiv:2407.19572. Retrieved May 03, 2025, from https://arxiv.org/abs/2407.19572
• BlockSec. (2024, February 14). Curve incident: Compiler Error Produces Faulty Bytecode from Innocent Source Code. BlockSec Blog. Retrieved April 16, 2025, from https://blocksec.com/blog/curve-incident-compiler-error-produces-faulty-bytecode-from-innocent-source-code
• Chainalysis. (2022, September 8). $30 million seized: How the cryptocurrency community is making it difficult for North Korean hackers to profit. Chainalysis Blog. Retrieved May 08, 2025, from https://blog.chainalysis.com
• Chaliasos, S., Reif, I., Torralba-Agell, A., Ernstberger, J., Kattis, A., and Livshits, B. (2024). Analyzing and Benchmarking zk-Rollups. In 6th Conference on Advances in Financial Technologies (AFT 2024) (pp. 6–1). Schloss Dagstuhl—Leibniz-Zentrum für Informatik.
• Li, W., Bu, J., Li, X., Peng, H., Niu, Y., and Zhang, Y. (2022). A survey of DeFi security: Challenges and Opportunities. Journal of King Saud University—Computer and Information Sciences, 34(10), 10378–10404. https://doi.org/10.1016/j.jksuci.2021.10.020
• Qin, K., Zhou, L., Livshits, B., and Gervais, A. (2021). Attacking the DeFi ecosystem with flash loans for fun and profit. In International Conference on Financial Cryptography and Data Security (pp. 3–32). Springer.
• Roșca, I., Butnaru, A.-I., and Simion, E. (2023). Security of Ethereum Layer 2s. IACR Cryptology ePrint Archive, 2023(124). Retrieved April 26, 2025, from https://eprint.iacr.org/2023/124
• Sahu, N., Gajera, M., and Chaudhary, A. (2023). ZkFi: Privacy-Preserving and Regulation Compliant Transactions Using Zero Knowledge Proofs. ArXiv Preprint, arXiv:2307.00521. Retrieved April 28, 2025, from https://arxiv.org/abs/2307.00521
• Sec3. (2022, October 13). How to analyze an attack? A Case Study on The Mango Markets exploit. Sec3 Blog. Retrieved April 13, 2025, from https://www.sec3.dev/blog/mangoexploit
• Sguanci, C., Spatafora, R., and Vergani, A. M. (2021). Layer 2 Blockchain Scaling: A Survey. ArXiv Preprint, arXiv:2107.10881. Retrieved July 28, 2025, from https://arxiv.org/abs/2107.10881
• SlowMist. (2021, August 10). The root cause of Poly Network being hacked. Medium. Retrieved May 03, 2025, from https://slowmist.medium.com/the-root-cause-of-poly-network-being-hacked-ec2ee1b0c68f
• Torralba-Agell, A., Keshavarzkalhori, G., Pérez Solà, C., Megías, D., and Herrera Joancomartí, J. (2024). Unmasking the illusion: The shortcomings of “zero-knowledge” rollups in achieving privacy. In XVIII Reunión Española sobre Criptología y Seguridad de la Información: XVIII RECSI (pp. 361–366).
• Wang, B., Liu, H., Liu, C., Chen, X., Liu, Z., Sun, L., and Zhang, T. (2021). BLOCKEYE: Hunting for DeFi attacks on blockchain. ArXiv Preprint, arXiv:2103.02873. Retrieved May 11, 2025, from https://arxiv.org/abs/2103.02873
• Wang, Q., and Chen, S. (2023, December). Account abstraction, analysed. In 2023 IEEE International Conference on Blockchain (Blockchain) (pp. 323–331). IEEE. https://doi.org/10.1109/Blockchain57800.2023.00054