Decentralized finance (DeFi), which is a promising domain since the era of blockchain 2.0, locked $200 billion in April 2022. However, it quickly dropped to $100 billion in May 2022, which makes us realize that security issues in this area are still a challenging job. DeFi is more complex than traditional finance because it is decentralized through blockchain and without a trustworthy third-party institution to act as a guarantee. So it owns not only financial properties but also technical aspects. Existing synthesis work for DeFi tends to ignore the relevance of various layers of security for the whole system. In addition, distinct layers have different means of protection against specific vulnerabilities, which is not considered by existing analytical work. In this paper, we perform a vulnerability analysis for the entire technology layer of the DeFi application, and then we collect the most impactive attacks in recent years. Finally, we summarize the existing optimization approaches for different layers and provide some challenges and future directions.