BTC $63,680.42 +1.76%
ETH $1,842.94 +4.14%
BNB $575.90 +1.48%
XRP $1.08 +1.32%
SOL $76.41 +0.79%
TRX $0.3254 -0.34%
DOGE $0.0730 +1.40%
ADA $0.1608 +1.17%
BCH $239.54 +1.15%
LINK $8.10 +2.68%
HYPE $64.73 +0.59%
AAVE $97.92 +2.87%
SUI $0.7441 +2.48%
XLM $0.1835 +0.61%
ZEC $518.40 +1.35%
BTC $63,680.42 +1.76%
ETH $1,842.94 +4.14%
BNB $575.90 +1.48%
XRP $1.08 +1.32%
SOL $76.41 +0.79%
TRX $0.3254 -0.34%
DOGE $0.0730 +1.40%
ADA $0.1608 +1.17%
BCH $239.54 +1.15%
LINK $8.10 +2.68%
HYPE $64.73 +0.59%
AAVE $97.92 +2.87%
SUI $0.7441 +2.48%
XLM $0.1835 +0.61%
ZEC $518.40 +1.35%

mechanism

All
Article
Flash

Summer.fi Lazy Summer attack is not a contract vulnerability, but rather an exploitation of the NAV mechanism

Summer.fi released an analysis report on the Lazy Summer Protocol USDC treasury attack incident. The attacker manipulated the prices of two USDC treasury shares in a single atomic transaction, extracting approximately $6.04 million of depositor funds. The core of the attack lies in the calculation method of the treasury's net asset value (NAV).The attacker donated tokens that still retained the old valuation to a Silo Ark that had been suspended after the incident in November 2025 but had not yet been completely removed, resulting in an inflated total asset value of approximately 9.5%, raising the share price, which was then redeemed at an inflated price and withdrawn from the treasury's actual liquidity. The report emphasizes that this attack was not due to a contract code vulnerability, but rather a missing link in the treasury's offline process—the deposit limit for that Ark had been set to zero, yet it was still counted in the NAV of active assets.The attacker premeditatedly accumulated the required tokens three months in advance through multiple wallets and transferred part of the profits via Tornado Cash. After the incident, Guardian Multisig has suspended all on-chain treasuries and set the deposit limit to zero. The Lazy Summer DAO will discuss compensation plans for affected users and the treasury restart plan in the coming days.

The chairman of the CFTC clarifies the controversy over perpetual contracts, stating that the lack of a fixed expiration date does not affect the futures attributes, and the funding rate mechanism helps with price anchoring

Mike Selig, the Chairman of the U.S. Commodity Futures Trading Commission (CFTC), posted on the X platform to clarify several misunderstandings in the market regarding perpetual futures contracts and to address the controversy arising from the recent approval of related contracts by the CFTC. Mike Selig stated that the Commodity Exchange Act and relevant CFTC rules do not explicitly require that "futures contracts" must have a fixed expiration date or delivery date. Since Congress has not clearly defined this term, the identification of futures contracts is primarily based on judicial precedents and CFTC interpretations, and a fixed expiration date is not a necessary condition.In response to the claim that "the CFTC-approved BTCPERP contract allows U.S. users to use 250 times leverage," high leverage is not a characteristic of the perpetual contract structure itself, but rather a feature of the previous offshore trading model. Perpetual contracts regulated by the CFTC will adhere to the same leverage limits as other regulated futures products.Regarding the criticism that "the CFTC did not provide opportunities for industry participation and feedback," the CFTC publicly solicited opinions on "perpetual contracts" and "24/7 trading" in April 2025 and received over 100 responses from industry participants, including several CFTC-registered entities. Additionally, concerning the view that the funding rate mechanism is believed to incur high costs and induce undesirable market behavior, after considering the costs of opening positions and rolling over traditional term futures contracts, the annualized holding cost of the perpetual contract funding rate is roughly equivalent to that of traditional futures. The funding rate mechanism actually helps maintain price anchoring.
app_icon
ChainCatcher Building the Web3 world with innovations.