熱門話題
#
Bonk 生態迷因幣展現強韌勢頭
#
有消息稱 Pump.fun 計劃 40 億估值發幣,引發市場猜測
#
Solana 新代幣發射平臺 Boop.Fun 風頭正勁
這次攻擊的根本原因源於 @GMX_IO v1 的設計缺陷,短倉操作會立即更新全球短倉平均價格 (globalShortAveragePrices),這直接影響資產管理 (AUM) 的計算,從而使 GLP 代幣的定價受到操控。
攻擊者利用這一設計漏洞,利用 Keeper 在訂單執行期間啟用 `timelock.enableLeverage` 的能力(這是創建大額短倉的前提)。通過重入攻擊,他們成功建立了大量短倉,以操控全球平均價格,在單一交易中人為地抬高 GLP 價格,並通過贖回操作獲利。


7月9日 22:35
The GLP pool of GMX V1 on Arbitrum has experienced an exploit. Approximately $40M in tokens has been transferred from the GLP pool to an unknown wallet.
Security has always been a core priority for GMX, with the GMX smart contracts undergoing numerous audits from top security specialists. So, in this hands-on-deck moment, all core contributors are investigating how the manipulation occurred, and what vulnerability may have enabled it.
Our security partners are also deeply involved, to ensure we gain a thorough understanding of the events that occurred and minimise any associated risks as quickly as possible. Our primary focus is on recovery and pinpointing the root cause of the issue.
Actions taken:
Trading on GMX V1, and the minting and redeeming of GLP, have been disabled on both Arbitrum and Avalanche to prevent any further attack vectors and protect users from additional negative impacts.
Scope of the vulnerability:
Please note that the exploit does not affect GMX V2, its markets, or liquidity pools, nor the GMX token itself.
Based on the available information, the vulnerability is limited to GMX V1 and its GLP pool.
As soon as we have more complete and validated information, a detailed incident report will follow.
120.06K
熱門
排行
收藏