Flash loan + atomic swap + inflated shares, classic DeFi combo, $6.04 million tuition well worth it.

View Original
WuSaidBlockchainW
Summer fi: The Lazy Summer attack is not a contract vulnerability, but rather an exploitation of the NAV mechanism.
Wu said he learned that Summer fi released a post-mortem report on the Lazy Summer Protocol USDC vault attack, stating that on July 6, the attacker exploited a flaw in the net asset value (NAV) calculation mechanism of two Ethereum USDC vaults. In a single atomic transaction, they manipulated the share price using a flash loan and stole assets worth approximately $6.04 million. Of this amount, the LowerRisk USDC vault suffered losses of approximately $5.64 million, while the HigherRisk USDC vault suffered losses of approximately $0.4 million. The report said the issue was not a contract code vulnerability or a private key leak, but rather the injection of overvalued assets into the Ark strategy, which was no longer in use but was still counted in the NAV, causing the vault share price to be artificially inflated and completing the arbitrage. After the incident, the protocol paused all Vaults and set the deposit limit to zero, and the team is working with
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned