Read a vault's share accounting yourself.
Paste any Base or Ethereum ERC-4626 vault address. This reads its live totalAssets, totalSupply, and price-per-share straight from the chain, and hands you the commands to reproduce every number. The exact accounting a donation attack manipulates, in the open. Free, no signup, nothing to install.
Built the week a donation attack drained about $6M from Summer.fi's Lazy Summer vaults on Ethereum by inflating a FleetCommander vault's totalAssets. Read that vault below, and any vault you hold. This is not an audit or a solvency opinion.
Paste any Base or Ethereum ERC-4626 vault address. We read its live totalAssets, totalSupply, and price-per-share from the chain and hand you the commands to reproduce every number yourself.
The number a donation attack manipulates
An ERC-4626 vault prices a share as assets divided by shares. That single ratio is what a share-price inflation attack targets, and it is a number you can read yourself, live, on any standard vault. Here is what the tool reads and what it cannot promise.
totalAssets is what the vault holds. totalSupply is shares outstanding. Price-per-share is what one share redeems for, via convertToAssets. This tool reads all three straight from public RPC and gives you the command to reproduce each one. No trust required, on any standard vault.
A donation attack works by pushing totalAssets up so each share is worth more, then redeeming against the inflated price. Price-per-share is exactly that ratio. Reading it live is how you see a vault's current accounting for yourself, whether it is healthy, drained, or paused.
A snapshot shows the state right now, including the aftermath of an attack. It cannot catch an in-transaction donation attack in advance, because the manipulation lives inside one transaction. Catching the class in progress takes a standing watch on price-per-share over time, which is a different tool and we say so.
Want to read a token's reserves instead of a vault's shares? The companion tool at verify any stablecoin reads any token's live supply and names its real transparency method, and the full field is ranked in the synthetic-dollar scorecard.
What a reading proves, and what it does not
This reads live on-chain vault accounting and computes price-per-share from it. Every number is something you can reproduce yourself in one command. It does not value the underlying assets, does not confirm the vault is solvent, and does not opine on whether it will hold up under stress. It is not an audit, a rating, or financial, legal, or accounting advice.
And the honest limit worth stating twice: a single reading is a snapshot. It cannot catch an in-transaction donation attack, because that attack inflates and unwinds the vault's assets inside one transaction, so a value read a block earlier or later looks normal. What catches the class is watching price-per-share over time and alerting on a deviation. That is a monitor, not a reading, and it is a standing service, not this free tool. We would rather tell you that than sell you a snapshot dressed up as a safety net.
Common questions
Can you verify an ERC-4626 vault's share accounting yourself?
Yes, and this tool shows you exactly how. A standard ERC-4626 vault exposes totalAssets (what it holds), totalSupply (shares outstanding), and convertToAssets (what one share redeems for). All three are public calls you can make yourself from any node. This reads them live and hands you the one-line commands to reproduce every number. What you cannot read this way is whether the assets are sound or whether the vault will hold up under stress; those are your diligence, not a contract call.
What is a donation attack, or share-price inflation attack?
An ERC-4626 vault prices a share as assets divided by shares. If an attacker can push totalAssets up, each share is suddenly worth more, so shares bought cheaply can be redeemed for more than they cost. In the July 2026 Summer.fi incident the attacker donated assets into the vault's underlying strategy to inflate totalAssets, then redeemed against the inflated price, netting about $6M with the help of a roughly $65.4M flash loan. This tool reads the price-per-share that such an attack manipulates.
Would this tool have caught the Summer.fi exploit?
No, and it is important to be honest about that. A donation attack inflates and unwinds totalAssets inside a single transaction, so a reading taken a block before or after looks normal. A one-time snapshot cannot catch it. What catches the class is watching price-per-share over time and alerting on a deviation, which is a monitor, not a reading. This tool takes today's reading and shows you the aftermath of an attack that already happened; the continuous watch that flags the class in progress is a separate, standing service.
Is this tool an audit or a solvency opinion?
No. It reads live on-chain vault accounting and computes price-per-share from it. It is not an audit, a solvency opinion, a rating, or financial advice, and a vault appearing here is not an endorsement. A high price-per-share is normal for a yield-bearing vault, and a low one can mean a realized loss, a paused vault, or a specific accounting choice. The number is a fact; interpreting it is up to you.
Hold a vault? The reading is free. The watch is what catches the attack.
The tool above reads a vault's accounting the moment you paste it. If you hold or allocate to a vault, the useful next step is not another snapshot, it is a standing watch: an alert to your Discord or Telegram the moment its price-per-share, reserve ratio, or a feed's freshness crosses a line you set. From $99 a month. If you need a one-time independent read of a vault or its issuer, a commissioned teardown of any target you name starts at $499, and a standing counterparty review is $2,500.
Kerne is infrastructure and a service provider, not an auditor, a rating agency, a custodian, or an investment adviser. This tool reads public on-chain data and computes price-per-share from it. It is not an audit, a solvency or credit opinion, a recommendation, or any form of investment, legal, tax, or accounting advice, and the appearance of any vault is not an endorsement. Incident context for known vaults is sourced from public reporting (Blockaid, PeckShield, CertiK, CoinDesk) and dated; verify at the canonical sources. Kerne is not affiliated with Summer.fi or any issuer named here, and is reactive-only toward them. Kerne is early and not yet externally audited, disclosed at kerne.fi/dataroom.