The decentralized finance ecosystem has matured significantly, but its approach to security remains incomplete. For years, smart contract audits have been treated as the primary signal of safety. A completed audit often serves as a launch milestone, a trust badge, and in many cases, a perceived endpoint for risk mitigation; that framing is no longer sufficient.
Firelight
Audits remain a critical foundation of DeFi security. Firms such as OpenZeppelin, and Coinspect, play an essential role in identifying vulnerabilities and improving code quality before deployment. An audit is a point-in-time assessment that verifies whether code behaves as intended under defined assumptions. What it cannot do is guarantee how that system will perform in a live, adversarial, and constantly evolving environment.
What an Audit Provides
A smart contract audit is best understood as a snapshot. It evaluates a specific version of code against known vulnerability classes and ensures alignment between implementation and specification. This significantly reduces risks before launch.
However, risk continues to evolve after deployment. Governance changes, parameter updates, oracle dependencies, and integrations all reshape a protocol’s attack surface. These changes are continuous, while audits are discrete. No report can fully capture the dynamic state of a live system.
Audits also focus primarily on on-chain logic. Critical components such as key management, cloud infrastructure, and signing environments often sit outside their scope. According to Halborn, off-chain compromises accounted for 80.5 percent of stolen funds in 2024. In addition, the complexity of composable systems means not all execution paths can be exhaustively tested. Audits reduce risk, but they do not eliminate it.
Case Studies in Real-World Failure
Recent incidents show that audits are necessary but not sufficient. The Balancer V2 exploit in November 2025 occurred despite eleven audits conducted by firms including Trail of Bits, OpenZeppelin, Certora, and ChainSecurity. The contracts behaved as specified, but the specification itself allowed precision rounding edge cases that were exploitable under adversarial conditions. The failure was not in implementation, but in how the system behaved in practice.
The Resolv exploit on March 22, 2026, highlights off-chain risk. Despite 18 audits, an attacker compromised an AWS Key Management Service environment and gained access to a privileged key, extracting approximately $25 million. This was followed closely by the rsETH exploit in April 2026, where a vulnerability in Kelp DAO’s cross-chain messaging logic via LayerZero allowed an attacker to mint $292 million in unbacked tokens.
The rsETH incident underscores the danger of “composable contagion.” Because the unbacked rsETH was immediately used as collateral on Aave to borrow $190 million in other assets, a single bridge-validation error created nearly $200 million in bad debt for the world’s largest lending protocol. In both the Resolv and rsETH cases, the protocols’ smart contracts often performed exactly as written; the failures occurred in the trust assumptions regarding off-chain infrastructure and cross-chain messaging — areas that traditional, static audits rarely cover in full. Without runtime monitoring and capital-backed protection, these systems had no way to neutralize the threat before it cascaded across the entire DeFi ecosystem.
The Structural Gap: Accountability Over Time
The limitation of audits is structural. They do not provide continuous accountability. An audit firm’s responsibility ends when the report is delivered, and their incentives are tied to that moment. What is missing is persistent alignment after deployment.
Capital-backed coverage introduces this layer. A coverage provider with active economic exposure must continuously evaluate risk. Every upgrade, integration, and governance change directly affects their liability. This creates ongoing accountability that a static audit cannot replicate. Coverage does not replace audits. It extends security into the operational phase.
Toward a Layered Security Stack
DeFi security is moving toward a layered, defense-in-depth model. A mature stack combines audits, formal verification, runtime monitoring, on-chain safeguards, and capital-backed coverage. Each layer addresses a different class of failure.
While total crypto theft has reached billions in recent years, a large share has come from centralized failures. DeFi-specific exploits are smaller but still consistently significant, often in the hundreds of millions annually. The takeaway is not that audits have failed, but that they are only one component of a broader system.
Firelight Protocol’s Role
Firelight is building the coverage layer that completes this system. It introduces a capital-efficient, on-chain protection primitive that aligns incentives over time. Instead of relying solely on static reports, protocols gain a mechanism where risk is continuously priced, monitored, and backed by capital.
This shifts the trust model. The question is no longer only whether a protocol has been audited, but whether its risk is actively underwritten.
DeFi security is evolving from verification to resilience. Audits are the starting line, not the finish line. Real-world conditions introduce risks that no static review can fully capture.
Resilience comes from layering systems together and ensuring that when failures occur, they are contained rather than catastrophic. Protecting capital requires more than verifying code. It requires capital standing behind it.
