Slow fog analysis: GMX v1 has design flaws, GLP prices can be manipulated by re-entry attacks

Regarding the GMX attack incident, SlowMist Analysis pointed out that the root cause of this attack lies in a design flaw in GMX v1: in this version, short selling operations will immediately update the global ShortAverage Prices, which will directly affect the calculation of asset management scale (AUM), allowing attackers to manipulate the pricing of GLP tokens. The attacker exploited this design vulnerability by using Keeper to enable the timelock.enable Leverage feature during order execution (which is a prerequisite for creating large short positions). Through a reentrance attack, they successfully established a huge short position, manipulating the global average price, artificially raising the GLP price in a single transaction, and profiting through redemption operations. Previously, it was reported yesterday that GMX had suspended trading on GMXV1 and the casting and redemption of GLP, resulting in approximately $40 million being stolen