The discontinuation of DeFlast following the discovery a bug


A vulnerability was recently found in the DeFlast contracts. DeFlast team performed swift whitehat action and has confirmed that all funds are safe. Please see a summary of events below. 
  • DeFlast launched in March 2020, it allowed users to swap collaterals in Compound powered by Aave’s flashloan and the Uniswap platform. 
  • On Jan 28, 2021, Dedaub team contacted us for an exploitable vulnerability.
  • After identifying the bug in the smart contracts, we immediately disabled the DeFlast frontend functions. And DeFlast will now cease operation officially.
  • We worked with the Dedaub team to identify the presence of the vulnerability through whitehat action. After thorough testing and planning, we moved the most vulnerable funds into a smart wallet on Jan 30, and the smart wallet is now under the full control of its owner.
  • We rescued and transferred the rest of the vulnerable funds in the following 3 days.
  • Total funds at risk was around US$240,000.


Action Required for DeFlast Users

All funds are safe now. But if you have ever used DeFlast (particularly between March and October 2020), please visit https://approved.zone/ to check if you have any remaining approvals to the DeFlast smart contracts below. If the below approvals are enabled, please remove them immediately.
  • 0x936de8973e6e4dfc12ec91b6885dd239dfb87ee1
  • 0x5C31C92FC9Cd5506998Eb1388f1F9d01Db67b791
  • 0x7bea5b4b041ce17e512362a05e5a932ab0718401
If you find your funds are transferred, please contact support@dinngo.co for assistance. We are extremely sorry for any inconvenience caused, and we have decided to discontinue the DeFlast frontend website accordingly.