Slow Fog Analysis: Design flaws in GMX V1 allow GLP price to be manipulated through reentrancy attacks

PANews, July 10 report, regarding the GMX attack incident, Slow Fog Analytics pointed out that the root cause of this attack lies in the design flaw of GMX v1: in this version, short selling operations immediately update the global short average price (globalShortAveragePrices), and this price directly affects the calculation of assets under management (AUM), thereby allowing attackers to manipulate the pricing of GLP tokens.

Attackers exploited this design flaw by utilizing the Keeper to enable the timelock.enableLeverage function during order execution (which is a prerequisite for creating large short positions). Through a reentrancy attack, they successfully established massive short positions, thereby manipulating the global average price, artificially raising the GLP price in a single transaction, and profiting through redemption operations.

Previously, news reported yesterday that GMX stated it has suspended trading on GMX v1 and the minting and redemption of GLP, with approximately 40 million USD stolen.