exploit
Summer.fi loses $6M as attacker manipulates FleetCommander totalAssets()
A flash-loaned donation to Summer.fi's Ark inflated FleetCommander.totalAssets() and let an attacker redeem $70.9M from a $64.8M deposit. Lazy Summer vaults paused; funds are moving to Tornado Cash.
DeFi yield aggregator Summer.fi paused all Lazy Summer Protocol vaults on July 6, 2026 after an attacker took a $65.4M flash loan, deposited $64.8M into a Lazy Summer USDC vault, and redeemed $70.9M by manipulating how the FleetCommander contract accounts for assets held in one of its Ark strategy modules. The net take was roughly $6M, converted to DAI and partly routed through Tornado Cash. Security firm Blockaid flagged the exploit in real time; CertiK later published the accounting root cause. Reported exploiter address: 0x7BF716167B48CF527725722C6d79494b45B3BDCa; example drain transaction: 0x0db528…3da12.
What happened
Summer.fi's core product, the Lazy Summer Protocol, is an automated yield vault that shifts user deposits across whitelisted lending venues (Aave, Morpho, Silo, Spark and similar) via an AI keeper. A FleetCommander contract sits at the vault head; strategy modules called Arks connect each FleetCommander to an outside lending market where deposits earn.
Early Monday July 6 UTC, Blockaid flagged an active exploit against a Lazy Summer USDC vault. The Summer.fi team publicly acknowledged the incident and confirmed the guardians had paused all Lazy Summer vaults while the core devs prepared a patch. Per The Block and the CoinDesk write-up, the attacker executed the drain within a single transaction and moved the profit to a wallet under their control.
Mechanism — donating to the Ark to lie to totalAssets()
The vulnerability sits inside FleetCommander.totalAssets(), the accounting function every ERC-4626-style vault uses to price its shares. Analysis from CertiK and follow-up on-chain research describe the attack as follows:
- Flash-borrow $65.4M USDC from a liquidity source.
- Ahead of the exploit, accumulate shares of an outside lending market — specifically Silo: Varlamore USDC Growth — that the Lazy Summer vault reads through one of its Arks.
- Deposit roughly $64.8M into the Lazy Summer USDC vault, minting fleet shares priced against the pre-donation
totalAssets()value. - Inside the same tx, donate the pre-accumulated Silo-vault position into the Ark so it is now counted by
totalAssets()on the next read. - Redeem the freshly minted fleet shares. FleetCommander now sees an inflated total, prices redemptions higher than deposits, and pays out $70.9M.
- Repay the flash loan, keep ~$6M profit, convert to DAI on Curve.
The bug is not a private-key theft, not a governance capture, not an oracle break. It is an accounting vulnerability in how FleetCommander credits shares transferred directly into an Ark to the Ark's owner (the vault) without gating on state entry. A single-block round-trip is enough to arbitrage the price of the fleet share against its own accounting formula.
Numbers block
Flash loan borrowed : $65.4M USDC
Vault deposit : $64.8M USDC
Redemption : $70.9M
Net attacker profit : ~$6M (converted to DAI)
Affected product : Lazy Summer Protocol — USDC vault(s)
Vulnerable function : FleetCommander.totalAssets()
Exploited Ark route : Silo: Varlamore USDC Growth
Detection : Blockaid (real-time flag)
Root-cause analysis : CertiK
Chain : Ethereum L1
Exploiter address : 0x7BF716167B48CF527725722C6d79494b45B3BDCa
Example drain tx : 0x0db528c44f23fc7fa4544684a2fab81096450a14aae8bc89f42cd0592d43da12
Laundering rail : Curve → intermediary wallet →
Tornado Cash (10 ETH increments)
Sources for the amounts: The Block, CoinDesk, and Blockaid / CertiK statements relayed by Bitcoin.com News and The Defiant.
Impact
- Users: deposits behind the paused Lazy Summer vaults are locked until the patch ships. Summer.fi has not published a per-vault loss allocation. Independent analysts flagged the vault APY momentarily printing at ~2.08M% during the manipulation window — a diagnostic of the totalAssets() inflation, not a real yield.
- SUMR token: fell ~18% in the hours after the exploit was flagged.
- AI-keeper design: the Lazy Summer AI keeper did not detect the manipulation because the arbitrage occurred inside a single transaction — below any keeper's re-allocation cadence. The attack surface introduced by the AI layer is orthogonal to the accounting bug, but the incident sharpens the question of whether smart-contract-level invariants can be enforced when an off-chain rebalancer is authorised to move funds.
- Third-party rails: Curve and Tornado Cash were the laundering path. The Tornado Cash router activity is limited so far (~40 ETH deposited in 10-ETH increments), which leaves most of the DAI still in an attacker-controlled wallet trackable on-chain.
What to watch
- Post-mortem and patched FleetCommander. Summer.fi has committed to a full write-up before unpausing. The remediation likely tightens
totalAssets()to exclude assets received via direct-transfer donations to Arks — a variant of the "share inflation via direct transfer" class of ERC-4626 bugs that has bitten many vaults since 2022. - Whether Silo, Aave and Morpho change Ark-side integration terms. Every venue Lazy Summer reads through an Ark is now a potential accounting-manipulation surface. Expect at least one lending venue to require an integration audit before Summer.fi is re-whitelisted.
- The Tornado Cash trail. ~$71,750 in ETH through the mixer so far; the DAI has not moved. Chainalysis or Arkham labels tied to the exploiter address would give a first attribution signal.
- Guardian pause governance. Summer.fi's guardian multisig executed the pause; the token holder governance did not vote. That is the correct emergency posture — but it is worth watching how the DAO ratifies (or rejects) the guardian intervention when the patch ships.
Context — the ERC-4626 accounting-donation pattern is not new
Direct-transfer share inflation has been a known vault class-bug since the first-depositor attacks against ERC-4626 wrappers in 2022, and Aave's ERC-4626 wrapper race in 2023. What is new here is that the accounting surface is not a share-price inflation against a first depositor — it is a redemption-side arbitrage enabled by an Ark-side donation that the FleetCommander read as its own credited balance. That is a bespoke Summer.fi topology, but the underlying primitive — "assets sitting somewhere the accounting reads without a state guard" — is the same pattern that hit the Yearn v2 misprice in 2023 and Onyx's cToken donation attack in 2022.
For the wider DeFi map: this is the second flash-loan accounting exploit in a week targeting an aggregator that composes on top of live lending markets, after Taiko's July 2 bridge incident. Aggregation is now a bigger attack surface than the underlying primitives — the Ark and the FleetCommander are Summer.fi contracts, but the vulnerability materialises through Summer.fi's read of a third-party market's share balance.
Sources:
- The Block — DeFi protocol Summer Finance exploited for $6 million; analysts point to flash loan attack (primary secondary, cites Blockaid and CertiK).
- CoinDesk — DeFi protocol Summer.fi halts Lazy Summer vaults after $6 million exploit.
- Bitcoin.com News — Summer Finance Pauses Vaults After $65.4M Flash Loan Attack Triggers $6M Loss.
- The Defiant — Summer Finance Drained of $6M in Flash Loan Exploit.
- Etherscan — reported exploiter address
0x7BF7…3BDCaand example drain tx0x0db528…3da12.