SlowMist Cosine posted on social media: "The root cause of the theft of $42 million from GMX last night is that GMX v1 will immediately update the global short average price (globalShortAveragePrices) when processing short positions, and this global average price will directly affect the calculation of the total asset size (AUM), which in turn leads to the manipulation of the price of GLP tokens.
Attackers take advantage of this design flaw by enabling the timelock.enableLeverage feature in Keeper when executing orders (a necessary condition for creating large short orders), successfully creating large short positions through reentry to manipulate the global average price in order to artificially raise the GLP price in a single transaction and profit from redemption operations.
Doing DeFi is really a high-risk business. GMX is a very old decentralized and sustainable trading platform. This time, it has also stepped on a big pit. It is difficult to say that the 10% white hat bounty strategy will make the attacker's heart... "
SlowMist: $42 million stolen due to design flaw in GMX v1, attackers manipulate global average price by re-entering to create large short positions
2025-07-10 05:56:04
Disclaimer:
1. The information provided does not constitute investment advice. Investors should make independent decisions and bear all risks themselves.
2. The copyright of this content belongs to the original author. The views expressed herein are solely those of the author and do not represent the stance or position of this website.
Previous article:
慢雾:GMX v1设计缺陷致 4200 万美元被盗,攻击者通过重入创建大额空头头寸操纵全局平均价格Next article:
交易员AguilaTrades比特币多单浮盈扩大至633万美元