GMX releases $40 million vulnerability attack summary report: GMX DAO will discuss further compensation measures

According to BlockBeats, on July 11th, GMX officially released a summary report on the GMX V1 vulnerability attack on Arbitrum, which amounted to approximately $40 million. The attacker bypasses the PositionRouter and PositionManager contracts (usually responsible for calculating the average short selling price) by directly calling the increasePosition function of the Vault contract through re-entry. Through manipulation, the attacker lowered the average short price of BTC from $109505.77 to $1913.70. Using Flash Loan, the attacker purchased GLP at a normal price of $1.45, opening a $15 million position. Due to the manipulated price, the GLP price was pushed up to over $27, and the attacker redeemed the GLP at a high price to make a profit. GMX has confirmed that V2 has no similar vulnerabilities. Next plan funding situation: Approximately 3.6 million US dollars remain in the GLP pool, reserved for open positions. The GLP fee for V1 on Arbitrum this week is approximately $500000 (deducting 30% allocated to GMX stakers), which will be transferred to the DAO vault for compensation. GLP casting and redemption on Arbitrum will be disabled (redemption disabled requires a 24-hour Timelock). Disable GLP casting on Avalanche, but retain redemption function. Enable V1 position closing on Arbitrarum and Avalanche, disable opening to prevent vulnerability recurrence. Cancel V1 orders on Arbitrarum and Avalanche. The remaining GLP funds on Arbitrum will be allocated to the compensation pool for use by affected GLP holders. After the above steps are completed, GMX DAO will discuss further compensation measures. It is recommended that all GMX V1 forks take immediate measures and wait for repairs and audits before enabling trading and GLP like token minting.