The root cause of this attack stems from

#GMX v1's design flaw where short position operations immediately update the global short average prices (globalShortAveragePrices), which directly impacts the calculation of Assets Under Management (AUM), thereby allowing manipulation of GLP token pricing.

The attacker exploited this design vulnerability by leveraging the Keeper's ability to enable `timelock.enableLeverage` during order execution (a prerequisite for creating large short positions). Through a reentrancy attack, they successfully established massive short positions to manipulate the global average prices, artificially inflating GLP prices within a single transaction and profiting through redemption operations.