OKcontract Labs | Chainwall Protocol
626 posts

OKcontract Labs | Chainwall Protocol
@okcontract
Making onchain flows and vaults more secure 📖 https://t.co/ZnDJGnKeiH

THE BLOCK: Summerfi says the $6M exploit came from manipulating the NAV/share price of two USDC vaults — not from hacked keys. The attacker prepped for at least 3 months. The Lazy Summer DAO will now discuss next steps, including user compensation.

🚨 @edeldotfinance - Loss ~$403K (2026-07-01) Network: Ethereum Type: Oracle Manipulation (ERC-4626 exchange-rate) Edel Finance is an Aave-fork lending market that accepts wrapped xStock tokens (e.g. wGOOGLx) as collateral. Its price oracle for wGOOGLx derives the collateral value from the wrapper's ERC-4626 share-to-asset rate (convertToAssets = underlying balance / totalSupply), which is manipulable. The attacker flash-loaned 180K USDC and ran a 41x supply/borrow loop that skewed the vault's share ratio, inflating the reported wGOOGLx price (now ~$28k vs ~$180 real). With hugely over-valued collateral, they borrowed out the pool's assets — 204K USDC plus tokenized stocks wSPYx/wQQQx/wMSTRx/wNVDAx/wTSLAx — netting ~$403K and draining most of the ~$602K pool TVL. TX: etherscan.io/tx/0xe2320086b… Attacker: etherscan.io/address/0x5842… Victim: etherscan.io/address/0x3eee… t.me/defimon_subscr…

NFT Morning 944 | Cybersécurité & protection des cryptoassets avec Henri d'OKcontract x.com/i/broadcasts/1…









2024: Sold out. 2025: Sold out. 2,500 leaders representing $18T in AUM don't gather by accident. They come because the room matters as much as the stage. June 2 & 3, 2026. Louvre Palace, Paris. Passes are now live. This is your window. tickets.proofoftalk.io






@bl4ckb1rd71 @simonmasson2 @wavey0x @Toki_Ell @0x310f1sh @adria0 @adrianhetman @hbbiok Dominic Brütsch @eternauta1337 @p0wn4j @code2042 @simon_perriard @DrasticWM @josepbove @vali_dyor @0xEV_om @bernd_eth @martinetlee @nxt3d @ma1fan @drdr_zz @KrlsMata @kelsiemvn @rappie_eth


🦄 Uniswap wins another case that sets a new legal prescendent TLDR: If you write open source smart contract code, and the code is used by scammers, the scammers are liable, not the open source devs Good, sensible outcome

After 10 years of 100% Ethereum uptime, we're excited for 11.


