This study provides descriptive evidence on the determinants and consequences of voluntary smart contract audits in decentralized finance (DeFi). Two types of auditors operate in the DeFi market: centralized auditors, who are hired on a fixed-fee basis, and decentralized auditors, often referred to as bounty hunters, who are compensated based on the vulnerabilities they identify. Our analysis draws on a dataset of thousands of centralized audit reports and hundreds of bounty programs linked to over 4,000 DeFi protocols launched between 2020 and 2025. We find that pre-launch audit adoption is systematically related to protocol-level design choices, risk exposure, and code characteristics. However, having an audit at protocol launch is not significantly associated with post-launch breach probability or hack-related losses. Although decentralized audits generally are complementary to centralized ones, the two types tend to become substitutes following systemic security breaches, such as the PolyNetwork hack. In particular, there is a significantly increased demand for decentralized audits, but the tendency is reduced for protocols that previously hired a top-tier auditor. Following protocol-level security breaches, compromised protocols often replace bottom-tier auditors with top-tier ones and hire decentralized auditors. In addition, auditors of hacked protocols incur short-term market losses that may be mitigated by effective crisis management. Overall, our findings suggest that top-tier centralized and decentralized auditing help sustain trust and resilience

in decentralized finance.