The discontinuation of DeFlast following the discovery a bug

A vulnerability was recently found in the DeFlast contracts. DeFlast team performed swift whitehat action and has confirmed that all funds are safe. Please see a summary of events below. 
  • DeFlast launched in March 2020, it allowed users to swap collaterals in Compound powered by Aave’s flashloan and the Uniswap platform. 
  • On Jan 28, 2021, Dedaub team contacted us for an exploitable vulnerability.
  • After identifying the bug in the smart contracts, we immediately disabled the DeFlast frontend functions. And DeFlast will now cease operation officially.
  • We worked with the Dedaub team to identify the presence of the vulnerability through whitehat action. After thorough testing and planning, we moved the most vulnerable funds into a smart wallet on Jan 30, and the smart wallet is now under the full control of its owner.
  • We rescued and transferred the rest of the vulnerable funds in the following 3 days.
  • Total funds at risk was around US$240,000.

Action Required for DeFlast Users

All funds are safe now. But if you have ever used DeFlast (particularly between March and October 2020), please visit to check if you have any remaining approvals to the DeFlast smart contracts below. If the below approvals are enabled, please remove them immediately.
  • 0x936de8973e6e4dfc12ec91b6885dd239dfb87ee1
  • 0x5C31C92FC9Cd5506998Eb1388f1F9d01Db67b791
  • 0x7bea5b4b041ce17e512362a05e5a932ab0718401
If you find your funds are transferred, please contact for assistance. We are extremely sorry for any inconvenience caused, and we have decided to discontinue the DeFlast frontend website accordingly.