According to Odaily, a security issue has been identified in GMX v1, as highlighted by SlowMist CISO @im23pds on the X platform. The vulnerability arises from the immediate update of the global average price when handling short positions. This price directly affects the calculation of the total asset under management (AUM), leading to potential manipulation of the GLP token price.
Attackers exploited this design flaw by utilizing the timelock.enableLeverage feature through the Keeper during order execution, a necessary condition for creating large short positions. By employing a reentrancy method, they successfully manipulated the global average price, artificially inflating the GLP price in a single transaction and profiting through redemption operations.