CoinVoice has recently learned that, according to a report published by GMX, GMX V1 on Arbitrum suffered a vulnerability attack amounting to approximately 40 million USD. The attacker directly called the increasePosition function of the Vault contract through reentrancy, bypassing the PositionRouter and PositionManager contracts (which are usually responsible for calculating the average short price). Through manipulation, the attacker reduced the average short price of BTC from 109,505.77 USD to 1,913.70 USD. Utilizing a flash loan, the attacker purchased GLP at a normal price of 1.45 USD, opening a position of 15 million USD. Due to the manipulated price, the GLP price was pushed above 27 USD, allowing the attacker to redeem GLP at a high price for profit. GMX has confirmed that V2 has no similar vulnerabilities. Next steps regarding the funding situation: approximately 3.6 million USD remains in the GLP pool, reserved for open positions. The fees for V1 GLP on Arbitrum this week are approximately 500,000 USD (after deducting 30% allocated to GMX stakers), which will be transferred to the DAO treasury for compensation. The minting and redemption of GLP on Arbitrum will be disabled (redemption disabling requires a 24-hour Timelock). Minting of GLP on Avalanche will be disabled, but redemption functionality will be retained. Closing of V1 positions on Arbitrum and Avalanche will be enabled, while opening new positions will be disabled to prevent the recurrence of the vulnerability. Orders for V1 on Arbitrum and Avalanche will be canceled. Remaining funds of GLP on Arbitrum will be allocated to the compensation pool for affected GLP holders. After these steps are completed, GMX DAO will discuss further compensation measures. It is recommended that all GMX V1 forks take immediate action, and trading and minting of similar tokens should only be re-enabled after fixes and audits are completed. [Original link]

#BTC #AVAX #DAO