DeFi Saver
Published in

DeFi Saver

Disclosing a recently discovered vulnerability

A vulnerability was discovered in our CompoundImport contracts. All funds are safe.

Earlier today a vulnerability in our importing contracts used for migrating Compound and Aave positions was disclosed to our team.

  • On January 5th, 01:15 GMT+1, we were contacted by the Dedaub team alerting us that they found an exploitable vulnerability in some of our contracts. Some 15 minutes later we were in a Zoom call with them sharing more details.

As of now, all affected user positions have been migrated to new Smart Wallets for which the ownership has been given to the initial owners of these funds and positions.

The two available options for us after realizing user funds were at risk were to:

  1. Pay off user debts and withdraw remaining collateral funds to their accounts, or

We made the decision of going with the second option and keeping the user positions intact, as we believed this would be preferred by most, if not all.

If you ever imported a Compound position to a Smart Wallet, please login at to remove any approvals and check if any funds were transferred.

Most notable affected users with funds moved are:

  • 0xf69E… with close to $2m in cWBTC collateral

We are sorry for the inconvenience this has caused. For any additional questions or information, please feel free to contact us in our Discord or via Twitter.

Moving forward

This is unfortunately the second vulnerability discovered at DeFi Saver after the Exchange one in June 2020. That is two vulnerabilities more than what we ever wanted our users to be exposed to.

Moving forward we will be establishing formal bug bounties and conduct full audits which have already been planned for Q1 2021.

We’ll be sharing more information on this later.

As mentioned, for any questions or anything else please contact us in the DeFi Saver discord or via Twitter.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store