Slow Fog: GMX v1 design flaw leads to $42 million theft, attackers manipulate global average price by creating large short positions through reentrancy

ChainCatcher message, Slow Mist Yu Xian stated on social media: "The fundamental reason for the theft of 42 million USD from GMX last night is that GMX v1 immediately updates the global short average price (globalShortAveragePrices) when handling short positions, and this global average price directly affects the calculation of total assets under management (AUM), which in turn leads to the manipulation of GLP token prices.

The attacker exploited this design flaw by using Keeper to enable the timelock.enableLeverage feature when executing orders (a necessary condition for creating large short positions), successfully creating large short positions through reentrancy to manipulate the global average price, artificially raising the GLP price in a single transaction and profiting through redemption operations.

Doing DeFi is indeed a high-risk venture. GMX is a very established decentralized perpetual trading platform, and this time it has fallen into a big pit. The 10% white hat bounty strategy is unlikely to entice the attacker…"