Decentralized finance began to flourish after June 2020, and security incidents also broke out one after another, mostly related to code security. At present, the technology of various decentralized finance (DeFi) protocols is not yet mature, and potential risks at different application levels may not be discovered during security audits. In the future, more unknown attacks that combine different protocol vulnerabilities will inevitably occur. This paper intends to use various common DeFi applications such as flash loans, oracles, and governance projects to analyze the following vulnerabilities in a total of eight attack processes: Unstoppable, Naive Receiver, Truster, Side Entrance, The Rewarder, Selfie, Compromised, and Puppet. It also provides smart contract security writing or resolution methods for the analysis and solution of various attack vulnerabilities, so that distributed financial applications can be safely controlled by the source code after they are deployed on Ethereum, and fundamentally slow down external attacks.