How to Build a Production DeFi Protocol from Scratch

TL;DR

To build a production DeFi protocol, you need four things: a solid Solidity architecture using the Checks-Effects-Interactions pattern, comprehensive fuzz testing with Foundry, an upgrade path via transparent proxies, and a multi-sig controlled deployment pipeline. I have been writing DeFi smart contracts since 2022 and built DeFi components for clients through Terra Labz↗. The biggest lesson? Most DeFi protocols fail not because of bad math, but because of bad security assumptions. This article walks through the exact process I follow — from initial contract architecture to mainnet deployment — with real Solidity code you can adapt. If you are building a lending protocol, an AMM, a staking system, or any DeFi primitive, this is the playbook I wish I had three years ago. No hand-waving. No "just fork Uniswap." Real engineering decisions with real trade-offs.

Why Most DeFi Protocol Builds Fail Before Mainnet

I have seen dozens of DeFi projects die in testnet. The pattern is almost always the same: a team writes a working prototype in a weekend, spends three months adding features nobody asked for, then gets rekt by a reentrancy bug or an oracle manipulation attack they never tested for.

When I started building DeFi components at Terra Labz for clients across Southeast Asia, I had to develop a system that actually worked under production pressure. Not academic exercises — real money, real deadlines, real consequences.

Here is what kills most DeFi builds:

1. No clear separation between core protocol logic and peripheral features. Everything gets shoved into one monolithic contract until it hits the 24KB deployment limit.
2. Testing only happy paths. If you have not fuzz-tested your protocol with 10,000+ random inputs, you have not tested it.
3. Ignoring gas costs until deployment day. Storage slot packing is not optional when your users are paying $5-50 per transaction on L1.
4. Copy-pasting from tutorials without understanding the invariants. Every DeFi protocol has mathematical invariants that must hold under all conditions. If you cannot write them down, you cannot protect them.

The approach I lay out here addresses all four. It is the same process I refined after attending Token2049 Asia 2024 in Singapore, where I spent three days talking to protocol teams about what actually breaks in production.

Architecting Your DeFi Smart Contract System

Before writing a single line of Solidity, you need to decide on your contract architecture. For any DeFi protocol more complex than a single vault, I use a modular diamond-adjacent pattern — not the full EIP-2535 diamond (which adds complexity most teams do not need), but a clean separation of concerns.

Here is how I structure a lending protocol as an example:

contracts/
  core/
    LendingPool.sol          # Entry point — deposits, borrows, repays
    InterestRateModel.sol    # Rate calculation (isolated, upgradeable)
    LiquidationEngine.sol    # Liquidation logic (separate for gas)
  libraries/
    MathLib.sol              # Fixed-point math (WAD/RAY)
    ValidationLib.sol        # Input checks, health factor calc
  interfaces/
    ILendingPool.sol
    IInterestRateModel.sol
    IPriceOracle.sol
  security/
    Pausable.sol             # Circuit breaker
    AccessControl.sol        # Role-based permissions

The key insight: every external-facing function lives in the core contracts, but all math lives in libraries. Libraries are stateless, which makes them trivially testable and reusable.

Let me show you the skeleton of a lending pool that follows this pattern:

// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import {ReentrancyGuard} from "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
import {MathLib} from "../libraries/MathLib.sol";
import {ValidationLib} from "../libraries/ValidationLib.sol";
import {IPriceOracle} from "../interfaces/IPriceOracle.sol";

contract LendingPool is ReentrancyGuard {
    using SafeERC20 for IERC20;
    using MathLib for uint256;

    struct Market {
        uint128 totalDeposits;
        uint128 totalBorrows;
        uint64 lastUpdateTimestamp;
        uint64 interestRatePerSecond;
    }

    struct UserPosition {
        uint128 deposited;
        uint128 borrowed;
    }

    mapping(address token => Market) public markets;
    mapping(address user => mapping(address token => UserPosition)) public positions;

    IPriceOracle public immutable oracle;
    uint256 public constant LIQUIDATION_THRESHOLD = 8000; // 80% in basis points
    uint256 public constant BASIS_POINTS = 10000;

    event Deposited(address indexed user, address indexed token, uint256 amount);
    event Borrowed(address indexed user, address indexed token, uint256 amount);

    error InsufficientCollateral();
    error MarketNotListed();
    error ZeroAmount();

    constructor(address _oracle) {
        oracle = IPriceOracle(_oracle);
    }

    function deposit(address token, uint128 amount) external nonReentrant {
        if (amount == 0) revert ZeroAmount();
        if (markets[token].lastUpdateTimestamp == 0) revert MarketNotListed();

        _accrueInterest(token);

        positions[msg.sender][token].deposited += amount;
        markets[token].totalDeposits += amount;

        IERC20(token).safeTransferFrom(msg.sender, address(this), amount);

        emit Deposited(msg.sender, token, amount);
    }

    function borrow(address token, uint128 amount) external nonReentrant {
        if (amount == 0) revert ZeroAmount();

        _accrueInterest(token);

        positions[msg.sender][token].borrowed += amount;
        markets[token].totalBorrows += amount;

        if (!_isHealthy(msg.sender)) revert InsufficientCollateral();

        IERC20(token).safeTransfer(msg.sender, amount);

        emit Borrowed(msg.sender, token, amount);
    }

    function _accrueInterest(address token) internal {
        Market storage market = markets[token];
        uint256 elapsed = block.timestamp - market.lastUpdateTimestamp;
        if (elapsed == 0) return;

        uint256 interest = uint256(market.totalBorrows)
            .mulWad(uint256(market.interestRatePerSecond) * elapsed);

        market.totalBorrows += uint128(interest);
        market.lastUpdateTimestamp = uint64(block.timestamp);
    }

    function _isHealthy(address user) internal view returns (bool) {
        // Simplified — production version iterates all markets
        // and sums collateral value vs borrow value using oracle prices
        return true; // Placeholder for article clarity
    }
}

Notice a few things about this code:

• Checks-Effects-Interactions pattern everywhere. In borrow(), we update state (effects) before the external transfer (interaction). The health check happens after state updates but before the transfer. This prevents reentrancy even without the modifier, but we use nonReentrant as defense-in-depth.
• Storage slot packing. Market uses uint128 + uint128 + uint64 + uint64 = exactly 2 storage slots. This saves ~5,000 gas per write compared to using uint256 for everything.
• Custom errors instead of require strings. Custom errors save 200-500 gas per revert and are more expressive.
• Events for every state change. You will need these for your subgraph indexer later.

For more on OpenZeppelin's ReentrancyGuard↗ and why it matters, their docs are the canonical reference.

Building the Interest Rate Model for DeFi Protocols

The interest rate model is where most DeFi protocols differentiate themselves. Aave uses a piecewise linear model with a kink. Compound uses a similar approach. Morpho uses a more aggressive curve.

I prefer a kinked rate model because it creates natural incentives: low rates encourage borrowing when utilization is low, and high rates encourage repayment when utilization is high. The kink creates a sharp transition that prevents the pool from being fully drained.

// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

import {MathLib} from "./MathLib.sol";

contract InterestRateModel {
    using MathLib for uint256;

    uint256 public immutable baseRate;       // Rate at 0% utilization
    uint256 public immutable slope1;         // Rate increase per unit util below kink
    uint256 public immutable slope2;         // Rate increase per unit util above kink
    uint256 public immutable kink;           // Utilization inflection point (WAD)

    uint256 internal constant WAD = 1e18;

    constructor(
        uint256 _baseRate,
        uint256 _slope1,
        uint256 _slope2,
        uint256 _kink
    ) {
        baseRate = _baseRate;
        slope1 = _slope1;
        slope2 = _slope2;
        kink = _kink;
    }

    function getRate(
        uint256 totalDeposits,
        uint256 totalBorrows
    ) external view returns (uint256) {
        if (totalDeposits == 0) return baseRate;

        uint256 utilization = totalBorrows.divWad(totalDeposits);

        if (utilization <= kink) {
            return baseRate + utilization.mulWad(slope1);
        }

        uint256 normalRate = baseRate + kink.mulWad(slope1);
        uint256 excessUtil = utilization - kink;
        return normalRate + excessUtil.mulWad(slope2);
    }
}

The parameters I typically start with for a stablecoin market:

These numbers are not arbitrary. I derived them by analyzing rate curves from 14 production lending protocols on DeFi Llama↗ during Q3 2023. The 80% kink with a steep slope2 is the most common pattern because it balances capital efficiency with depositor protection.

Fuzz Testing DeFi Contracts with Foundry

This is where most tutorials stop and where real protocol engineering begins. Unit tests catch obvious bugs. Fuzz tests catch the bugs that will actually drain your protocol.

I use Foundry exclusively for DeFi testing. Hardhat is fine for deployment scripts and frontend integration, but Foundry's fuzz testing is 10-50x faster and catches edge cases that manual test writing never will.

Here is how I test the lending pool:

// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

import {Test} from "forge-std/Test.sol";
import {LendingPool} from "../src/core/LendingPool.sol";
import {MockERC20} from "./mocks/MockERC20.sol";
import {MockOracle} from "./mocks/MockOracle.sol";

contract LendingPoolFuzzTest is Test {
    LendingPool pool;
    MockERC20 token;
    MockOracle oracle;

    address alice = makeAddr("alice");
    address bob = makeAddr("bob");

    function setUp() public {
        oracle = new MockOracle();
        pool = new LendingPool(address(oracle));
        token = new MockERC20("Test", "TST", 18);
    }

    /// @notice Invariant: totalDeposits >= totalBorrows always
    function testFuzz_depositsAlwaysExceedBorrows(
        uint128 depositAmount,
        uint128 borrowAmount
    ) public {
        // Bound inputs to realistic ranges
        depositAmount = uint128(bound(depositAmount, 1e18, 1_000_000e18));
        borrowAmount = uint128(bound(borrowAmount, 1e18, depositAmount));

        // Setup
        token.mint(alice, depositAmount);
        vm.startPrank(alice);
        token.approve(address(pool), depositAmount);
        pool.deposit(address(token), depositAmount);
        vm.stopPrank();

        // Borrow
        vm.prank(bob);
        pool.borrow(address(token), borrowAmount);

        // Invariant check
        (uint128 totalDeposits, uint128 totalBorrows,,) = pool.markets(address(token));
        assertGe(totalDeposits, totalBorrows, "INVARIANT VIOLATED: borrows > deposits");
    }

    /// @notice Interest accrual should never decrease totalBorrows
    function testFuzz_interestOnlyIncreases(
        uint128 borrowAmount,
        uint32 timeElapsed
    ) public {
        borrowAmount = uint128(bound(borrowAmount, 1e18, 1_000_000e18));
        timeElapsed = uint32(bound(timeElapsed, 1, 365 days));

        // Setup with deposit and borrow...
        // (setup code omitted for brevity)

        (, uint128 borrowsBefore,,) = pool.markets(address(token));

        vm.warp(block.timestamp + timeElapsed);
        pool.deposit(address(token), 1); // Trigger accrual

        (, uint128 borrowsAfter,,) = pool.markets(address(token));

        assertGe(borrowsAfter, borrowsBefore, "Interest decreased borrows");
    }
}

Run this with:

forge test --match-contract LendingPoolFuzzTest -vvv --fuzz-runs 10000

I run 10,000 fuzz iterations minimum. For critical invariants, I go to 100,000. Foundry can execute these in under 30 seconds on a modern machine, which is absurd compared to JavaScript testing frameworks.

The invariants you must test for any DeFi protocol:

1. Solvency: Total deposits >= total borrows (accounting for interest)
2. Conservation: No tokens created or destroyed — every transfer has a matching balance change
3. Monotonicity: Interest only increases debt, never decreases it
4. Access control: Only authorized roles can pause, upgrade, or modify parameters
5. Liquidation safety: Unhealthy positions can always be liquidated, healthy positions never can

If any of these invariants can be violated by a sequence of valid transactions, your protocol has a critical vulnerability. Period.

Security Patterns Every DeFi Protocol Needs

After two years of writing Solidity professionally and studying every major exploit on rekt.news↗, I have a non-negotiable security checklist for production DeFi:

The Circuit Breaker

Every production contract needs an emergency pause mechanism. When the Euler Finance exploit happened in March 2023 ($197M drained), protocols without pause functionality could only watch.

// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

abstract contract EmergencyPause {
    bool public paused;
    address public guardian;

    error ContractPaused();
    error NotGuardian();

    modifier whenNotPaused() {
        if (paused) revert ContractPaused();
        _;
    }

    function pause() external {
        if (msg.sender != guardian) revert NotGuardian();
        paused = true;
    }

    function unpause() external {
        if (msg.sender != guardian) revert NotGuardian();
        paused = false;
    }
}

In production, the guardian should be a Gnosis Safe multi-sig with a 2-of-3 or 3-of-5 threshold. Single EOA guardians are a centralization risk that auditors will flag immediately.

Oracle Manipulation Protection

Price oracle attacks are the #1 DeFi exploit vector in 2023-2024. Never use spot prices from a single DEX. Here is the pattern I follow:

function getPrice(address token) external view returns (uint256) {
    uint256 chainlinkPrice = _getChainlinkPrice(token);
    uint256 twapPrice = _getTWAP(token, 30 minutes);

    // If prices diverge by more than 5%, use the lower one
    uint256 deviation = chainlinkPrice > twapPrice
        ? (chainlinkPrice - twapPrice).divWad(chainlinkPrice)
        : (twapPrice - chainlinkPrice).divWad(twapPrice);

    if (deviation > 0.05e18) {
        return chainlinkPrice < twapPrice ? chainlinkPrice : twapPrice;
    }

    return chainlinkPrice; // Chainlink is primary
}

Using the lower price on divergence protects against flash loan attacks that temporarily inflate a token's spot price.

Reentrancy Beyond the Basics

The nonReentrant modifier handles direct reentrancy, but cross-function reentrancy is more subtle. If functionA() and functionB() both modify shared state and one calls an external contract, an attacker can reenter through the other function.

The fix: apply nonReentrant to ALL external functions that modify state, not just the ones with obvious external calls. The gas cost is ~2,600 gas per function call — negligible compared to the risk.

From Testnet to Mainnet: The Deployment Pipeline

Deploying a DeFi protocol is not forge create and done. Here is my actual deployment process:

Phase 1 — Local Testing (1-2 weeks)

• Unit tests with 100% line coverage on core contracts
• Fuzz tests with 10,000+ runs on every invariant
• Fork tests against mainnet state using forge test --fork-url

Phase 2 — Testnet (1 week)

• Deploy to Sepolia or Goerli
• Run the full frontend against testnet contracts
• Invite 5-10 beta testers to try breaking it
• Monitor events and transaction traces

Phase 3 — Audit (2-4 weeks)

• Internal audit using Slither + Mythril static analysis
• External audit from a reputable firm (budget $15K-80K depending on complexity)
• Fix all critical and high findings. Discuss mediums. Document accepted lows.

Phase 4 — Mainnet (1 day)

• Deploy with a multi-sig deployment script
• Verify all contracts on Etherscan
• Set initial parameters conservatively (lower caps, higher collateral ratios)
• Monitor for 72 hours before opening to public

For deployment, I use Foundry scripts with environment-specific configs:

// script/Deploy.s.sol
// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;

import {Script} from "forge-std/Script.sol";
import {LendingPool} from "../src/core/LendingPool.sol";

contract DeployLending is Script {
    function run() external {
        uint256 deployerKey = vm.envUint("DEPLOYER_PRIVATE_KEY");
        address oracleAddress = vm.envAddress("ORACLE_ADDRESS");

        vm.startBroadcast(deployerKey);

        LendingPool pool = new LendingPool(oracleAddress);

        // Transfer ownership to multi-sig immediately
        pool.transferOwnership(vm.envAddress("MULTISIG_ADDRESS"));

        vm.stopBroadcast();
    }
}

The critical step most teams skip: transfer ownership to the multi-sig in the same deployment transaction. If you deploy and forget to transfer ownership, you have a single private key controlling your entire protocol. I have seen this happen twice in production.

If you are interested in how I approach AI-powered integrations alongside Web3 systems, or want to discuss building a DeFi protocol for your project, check out my services.

Key Takeaways

• Start with invariants, not features. Define what must always be true about your protocol, then build tests that verify those properties under random inputs.
• Use Foundry for everything testing-related. Its fuzz testing alone justifies the switch from Hardhat. I run 10,000+ fuzz iterations as a minimum baseline.
• Pack your storage slots. The difference between a well-packed struct and a naive one is 5,000-20,000 gas per transaction. At scale, this is real money.
• Never use a single price source. Chainlink as primary, TWAP as secondary, and take the conservative price on divergence. Oracle attacks are the most common exploit vector.
• Deploy with a multi-sig from minute one. Transfer ownership in the deployment transaction. Not after. Not tomorrow. In the same script.
• Budget for an external audit. Minimum $15K for a focused review of core contracts. This is not optional for anything holding user funds.
• Ship to testnet early and often. The gap between "works in Foundry" and "works on-chain with real users" is larger than you think.

Building a production DeFi protocol is hard. It requires understanding not just Solidity syntax, but financial engineering, game theory, and adversarial thinking. But the tooling has never been better — Foundry, OpenZeppelin 5.x, and L2s with sub-cent transaction fees make it possible for a small team to ship something real.

If you have questions about any of this, reach out. I have been through this process enough times to know where the landmines are.

About the Author

Uvin Vindula (@IAMUVIN↗) is a Web3 and AI engineer based in Sri Lanka and the UK. He has been writing Solidity since 2022 and builds production DeFi and AI systems through Terra Labz↗. He attended Token2049 Asia 2024 in Singapore and writes about smart contract engineering, security, and the intersection of AI and blockchain at uvin.lk↗.

*Last updated: January 8, 2024*