SlowMist: GMX was attacked because the average short price of GMX v1 can be manipulated, and the price of GLP was maliciously raised for arbitrage

Odaily News SlowMist CISO @im23pds posted on the X platform: The root cause of the GMX attack is that GMX v1 will immediately update the global short break price when processing short positions, and this global break price will directly affect the calculation of the total asset size (AUM), which will lead to the manipulation of the GLP token price. The attacker took advantage of this design flaw and enabled the timelock.enableLeverage feature (a necessary condition for creating large short orders) when executing orders through Keeper. By re-entering, the attacker successfully created a large short position to manipulate the global average price, artificially raising the GLP price in a single transaction and profiting from redemption operations.