GMX has just announced details about the 40 million USD on-chain Arbitrum attack, caused by a reentrancy vulnerability in the OrderBook contract.
The incident caused price volatility in GLP through manipulation of BTC short positions, leading to measures to suspend on-chain Avalanche trading and implement remedial solutions, while warning V1 fork projects about similar risks.
MAIN CONTENT
The cause of the attack is the reentrancy vulnerability in the OrderBook contract.
The attacker manipulated the average price of the BTC short position, significantly affecting the price of GLP and arbitrage opportunities.
GMX has temporarily suspended trading on Avalanche, not affecting version V2, while also establishing a compensation fund.
How did the GMX attack on Arbitrum happen?
GMX confirms that the attack on July 9 exploited a reentrancy vulnerability in the OrderBook contract of version V1 on Arbitrum.
This vulnerability allows hackers to illegally manipulate the average price of BTC short positions, leading to significant price volatility in GLP. According to GMX's security team, this is a serious weakness that needs to be addressed immediately to protect platform users.
"The reentrancy vulnerability in the OrderBook contract was the main cause, from which the attacker artificially raised the price of GLP and took advantage of arbitrage opportunities."
GMX Security Team, 10/07/2024
The impact of the attack on chains and GMX versions
GMX quickly suspended transactions related to the Avalanche chain to prevent the risk from spreading.
Version V2 of GMX is not affected by this incident due to improvements in security and contract architecture. The system has also disabled the minting and redeeming of GLP on V1 and established a compensation fund to minimize user losses.
"Version V2 of GMX with optimized contract architecture has proven to have higher security effectiveness, ensuring users feel safer when trading."
André Cronje, Founder of GMX, 2024
Solutions and recommendations for GMX V1 fork projects
GMX particularly notes that fork projects from V1 need to quickly audit and fix similar reentrancy vulnerabilities to avoid the risk of being attacked.
This is an important lesson about continuously auditing the security of smart contracts, updating techniques to protect user assets, and maintaining project credibility.
Comparison table of security measures between GMX V1 and V2
Criteria GMX V1 GMX V2 Reentrancy vulnerability Exists and was exploited Completely fixed GLP transaction management Temporarily suspended after the attack Operating normally and safely Remedial measures Established compensation fund, temporarily suspended transactions No urgent measures required
Frequently Asked Questions
When did the GMX attack occur and what damage did it cause? On July 9, 2024, the attack exploiting the reentrancy vulnerability caused GMX to suffer about 40 million USD on-chain Arbitrum. How did GMX handle this risk? GMX suspended trading on Avalanche, disabled GLP-related functions on V1, and established a compensation fund for users. Was GMX V2 affected? Version V2 was not affected thanks to security improvements and reinforced contract architecture. What should GMX V1 fork projects do after the incident? They should quickly audit, patch reentrancy vulnerabilities, and upgrade security to avoid similar exploits. What is a reentrancy vulnerability and what risks does it pose? The vulnerability allows hackers to call back contracts multiple times uncontrollably, leading to the manipulation of data and illegal assets.
Source: https://tintucbitcoin.com/gmx-thiet-hai-40-trieu-usd-reentrancy/
Thank you for reading this article!
Please Like, Comment, and Follow TinTucBitcoin to stay updated with the latest news about the cryptocurrency market and not miss any important information!
