Lookonchain APP

App Store

SlowMist: The core reason for the GMX attack is that the global short average price of GMX v1 can be manipulated, causing the GLP price to be maliciously inflated for arbitrage.

4 hours ago

On July 10th, the Slowmist Chief Information Security Officer (@im23pds) tweeted that "The underlying cause of the GMX attack is that in handling short positions, GMX v1 promptly updates the global short position average price. This global average price directly influences the calculation of the total assets under management (AUM), resulting in the manipulation of the GLP token price." The attacker took advantage of this design flaw by using a Keeper to activate the timelock.enableLeverage feature when placing orders (a prerequisite for creating a large short position). Through reentrancy, they successfully established a large short position to manipulate the global average price, artificially raising the GLP price in a single transaction and making a profit through redemption.