DeFi is often described as "money legos" — protocols that snap together to create complex financial products. Borrow on Aave, swap on Uniswap, yield-farm on Curve, all in a single transaction. This composability is DeFi's superpower.
It's also its most dangerous vulnerability.
The Composability Paradox
Why Composability Creates Risk
Individual security ≠ systemic security
Each protocol may be individually secure and audited. But the interactions between them create emergent behaviors that no individual audit considered.
Unbounded integration surface
Any contract can call any other contract. Protocols are composed by third parties in ways the original developers never anticipated or tested.
Cascading failures
When one protocol fails, the shock propagates through every protocol that depends on it — like a financial contagion.
$2B+
Lost to Composability Exploits
87%
of DeFi Protocols Integrate Others
3-5
Avg Protocol Dependencies
0
Protocols Audit All Integrations
How Composability Creates Vulnerabilities
1. Flash Loan + Composability = Price Manipulation
We covered the mechanics of flash loan attacks in Anatomy of a Flash Loan Attack. But it's composability that makes them devastating:
Flash borrow $100M from Aave
Composability: Aave doesn't care what you do with the funds, as long as they're returned
Manipulate price on Uniswap
Composability: large swaps move the price because Uniswap's AMM is deterministic
Exploit lending protocol reading Uniswap price
Composability: the lending protocol trusts the Uniswap price without knowing it's been manipulated in this transaction
Repay Aave flash loan and profit
Each protocol individually functioned correctly. The vulnerability existed only in the composition.
2. Cross-Protocol Reentrancy
As we explored in our reentrancy deep-dive, cross-contract and read-only reentrancy are the most dangerous variants — and they're fundamentally composability problems:
Cross-Protocol Reentrancy
The pattern
Protocol A makes an external call during a state transition. The callback enters Protocol B. Protocol B reads Protocol A's state (which is mid-update). Protocol B makes decisions based on incorrect data.
Real example: Curve + Lending
During a Curve pool operation, a callback triggers a lending protocol to check the pool's virtual price. The virtual price is stale (mid-update), causing the lending protocol to miscalculate collateral values — enabling undercollateralized borrowing.
3. Oracle Dependency Chains
Oracle Dependency Chains
Direct dependency
Protocol A uses Chainlink ETH/USD price. Well understood and tested.
Transitive dependency
Protocol A prices LP tokens from Protocol B. Protocol B prices its LP tokens using reserves. Those reserves can be manipulated by a flash loan through Protocol C. Three protocols deep, the dependency chain is invisible.
Circular dependencies
Protocol A uses Protocol B's token price. Protocol B's token price depends on TVL in Protocol A. Price changes in either protocol affect the other — creating amplifying feedback loops that can be exploited.
This is why oracle manipulation is the #1 vulnerability we find — composability means your oracle isn't just your Chainlink feed. It's every protocol in the dependency chain that affects that feed.
4. Token Standard Surprises
Not all tokens behave the same, and composability amplifies the differences:
Standard ERC-20 Assumptions
- •transfer() moves the exact amount specified
- •balanceOf() returns a stable number between calls
- •transfer() and transferFrom() behave identically
- •Tokens have 18 decimals
Real-World Token Behaviors
- •Fee-on-transfer tokens deduct a fee (actual received differs from sent)
- •Rebasing tokens change balances automatically (stETH, AMPL)
- •ERC-777 tokens have hooks that execute callbacks on transfer
- •USDC has 6 decimals, WBTC has 8 — precision mismatches cause bugs
⚠️The Composability Assumption
When you integrate a protocol that accepts "any ERC-20 token," you're implicitly trusting that every token it encounters will behave as expected. Fee-on-transfer tokens, rebasing tokens, and tokens with transfer hooks all break common assumptions — and these edge cases become vulnerabilities when protocols compose.
5. Governance Contagion
When protocols govern each other:
- Protocol A's governance controls a parameter that affects Protocol B's security
- A governance attack on Protocol A (via flash loan voting) can compromise Protocol B
- Multi-protocol governance creates coordination failures — no single protocol "owns" the security of the interaction
The Systemic Risk: DeFi Contagion
When one protocol fails, the effects cascade:
Protocol A is exploited
Attacker drains Protocol A's liquidity — its token price crashes to near zero
Protocol B holds Protocol A's tokens as collateral
Protocol B now holds worthless collateral. Positions become undercollateralized. Mass liquidations begin.
Protocol C provides liquidity for Protocol B liquidations
The sudden flood of liquidations depletes Protocol C's available liquidity. Protocol C's own stability mechanisms are stressed.
Cascading liquidations across the ecosystem
The contagion spreads to every protocol that directly or transitively depends on Protocols A, B, or C. Total losses exceed the original exploit by 10-50x.
This isn't hypothetical — the Terra/Luna collapse demonstrated exactly this pattern, with cascading failures across dozens of protocols.
How to Audit for Composability Risk
Standard audits focus on individual contracts. Composability security requires a different approach:
Dependency Map
Identify every external protocol your code interacts with — direct and transitive
Trust Analysis
For each dependency: what assumptions do you make about it? What happens if those assumptions break?
Attack Modeling
Simulate composability attacks: flash loans, oracle manipulation, reentrancy across protocol boundaries
Stress Testing
Model cascading failures: what happens to your protocol if a major dependency loses 90% of its value?
Our Smart Contract Auditor includes composability analysis as a standard part of every DeFi audit:
- Integration mapping — AI catalogs every external call, price dependency, and token interaction
- Flash loan simulation — Automated testing of flash loan attack scenarios against your protocol's integrations
- Token behavior testing — Test with fee-on-transfer, rebasing, and callback-enabled token mocks
- Human economic analysis — Our expert review includes economic modeling of cascading failure scenarios that require deep DeFi understanding
ℹ️Composability Is DeFi's Moat — and Its Risk
You can't eliminate composability risk without eliminating composability itself. The goal is to understand your dependencies, design for failure, and test the boundaries between protocols as carefully as you test your own code.
Building a composable DeFi protocol? Our Smart Contract Auditor tests your integrations as rigorously as your core code. For protocols with complex dependency chains, our expert review includes full economic modeling of composability risks. Get started.