On a quiet Wednesday, a single Ethereum transaction moved $65.4 million in flash loans from Morpho, executed a series of vault share manipulations, and extracted $6 million in DAI from Summer.fi. The market barely flinched. But for those who follow the code's whisper, this was a fracture in the narrative of safe DeFi aggregation.
Summer.fi positions itself as a vault aggregator—a smart contract that pools user deposits and allocates them across lending protocols like Morpho to optimize yield. In theory, it simplifies DeFi. In practice, it introduced a new attack surface: the vault share accounting logic.

A flash loan is a zero-collateral loan that must be repaid within the same transaction. It’s a tool for arbitrage, but also for exploitation. In this case, the attacker borrowed $65.4 million from Morpho, used it to briefly alter the internal state of a Summer.fi vault, and then withdrew $6 million worth of DAI—mostly stablecoin—before repaying the flash loan. The entire attack was atomic: either it all succeeds or it all reverts. Blockaid and CertiK flagged the incident hours later.
The core of the exploit lies in how Summer.fi computes vault shares. In most vault designs, a user’s share of the pool equals their deposit divided by the total pool value. But if that total value can be temporarily inflated—say, by a large external balance transferred into the vault—then the share calculation becomes manipulable.
Mining the liquidity where value truly pools requires understanding that this isn’t a traditional reentrancy attack. It’s a logical flaw in the assumption that the vault’s asset balance is a safe input for share pricing. The code’s whisper here is that composability, while elegant, creates hidden dependencies.

Based on my 2017 audit experience—when I line-by-line dissected the token distribution of three major ICOs—I recognized this pattern immediately. It’s the same class of bugs: a function that reads a mutable state variable (like totalAssets) and uses it to compute user entitlements without ensuring that state hasn’t been artificially manipulated. The difference is that flash loans amplify the manipulation from zero to $65 million in a single tx.
Let’s deconstruct the attack flow:
- The attacker deployed a custom contract that would execute a multi-step atomic transaction.
- Through Morpho, they flash-borrowed $65.4 million in DAI.
- They transferred that DAI into a Summer.fi vault, temporarily inflating its total asset balance.
- They then called a function that recalculates vault shares based on that inflated balance. The function likely credited the attacker’s address with a larger proportion of shares than their actual deposit.
- Using those inflated shares, they withdrew DAI from the vault—taking out $6 million of real user deposits.
- The remaining flash loan amount was returned to Morpho.
- The attacker walked away with $6 million.
The vulnerability is not in Morpho—it’s in the belief that a vault can safely expose a share-recalculation function that depends on the vault’s instantaneous balance. This is a classic oracle problem, but instead of price, it’s the vault’s own liquidity.
Where narrative fractures, the data speaks. Let’s look at the numbers: $65.4 million flash loan vs $6 million stolen. That’s a 9% profit margin on the borrowed capital—highly efficient. The attacker needed less than $1 in upfront cost (just gas) to execute. This is the hallmark of a “composability rent” attack: exploiting the gap between how protocols assume their state changes and how they actually can change under flash loan influence.
I spent three months in 2020 modeling impermanent loss curves for Uniswap V2 liquidity mining. The core lesson was that formulaic dependencies—like share price equals total assets divided by total shares—are safe only when total assets cannot be rapidly inflated by an external actor. In Uniswap, that inflation is impossible because the pool’s balance is only affected by swaps. But Summer.fi’s vaults likely allowed external transfers (maybe for token rebalancing), opening the door.
This attack is also a preview of the AI agent economy I studied in 2026. Autonomous bots can scan for such structural gaps faster than any human. They don’t care about TVL or brand; they only care about the arithmetic. The code’s whisper today will be a roar tomorrow.
The contrarian angle? Everyone will call for better audits and faster incident response. That’s the surface narrative. But the deeper truth is that DeFi’s composability narrative itself is broken. We’ve been told that layering protocols is safe because each layer is trustless—but trustlessness does not guarantee correctness. The flaw is not in Summer.fi’s code alone; it’s in the assumption that you can safely use an external protocol’s state (like a flash loan–inflated balance) as input to your internal accounting.
The story isn’t in the contract; it’s in the assumptions we make about the contract’s environment. Summer.fi is the tip of a very large iceberg. Any aggregator that computes internal shares based on external balances is vulnerable, and the market has been pricing these protocols as low-risk because they are “just wrappers.” Wrappers can be exploited just as easily as the protocols they wrap.
So what comes next? The next narrative in DeFi will shift from “total value locked” to “total risk verified.” Summer.fi’s $6 million loss is a small price to pay for this lesson—if the industry learns to listen to the code’s whisper before the next scream. As AI agents start mining these architectural gaps, the ones who survive will be those who map the behavioral architecture of their dependencies, not just their TVL.
Are you still trusting share prices computed from an external balance sheet?
