Home > Quick > Body

SlowMist: $42 million stolen due to design flaw in GMX v1, attackers manipulate global average price by re-entering to create large short positions

clock
2025-07-10 05:56:04
SlowMist Cosine posted on social media: "The root cause of the theft of $42 million from GMX last night is that GMX v1 will immediately update the global short average price (globalShortAveragePrices) when processing short positions, and this global average price will directly affect the calculation of the total asset size (AUM), which in turn leads to the manipulation of the price of GLP tokens.
Attackers take advantage of this design flaw by enabling the timelock.enableLeverage feature in Keeper when executing orders (a necessary condition for creating large short orders), successfully creating large short positions through reentry to manipulate the global average price in order to artificially raise the GLP price in a single transaction and profit from redemption operations.
Doing DeFi is really a high-risk business. GMX is a very old decentralized and sustainable trading platform. This time, it has also stepped on a big pit. It is difficult to say that the 10% white hat bounty strategy will make the attacker's heart... "
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
New Tab Page - Desk3 | Plugin
Stay ahead of the game in the cryptocurrency space.