Whou should audit DeFi?

If you want your company intranet checked for security, if you can afford to and if you can find them, you get a hacker to try to break in. Not a sysadmin.

If you want to determine that a psychic is a fake, you get a magician to test them, not a scientist.

But in DeFi we still hand auditing over to developers. And although a large number of problems with DeFi protocols are down to bugs, in some of the most expensive cases, there's actually a design flaw in the financial architecture.

So who should you call in to determine whether your protocol is vulnerable to arbitrage attacks, insider trading, front running, or short squeezes?

How about traders?