SlowMist Cosine: GMX-related fork projects need to avoid similar security risks as GMX v1

Odaily News Yu Xian, the founder of SlowMist, posted on the X platform that GMX-related fork projects need to pay attention to similar security risks. He said that the fundamental reason why GMX was stolen for $42 million last night was that GMX v1 would immediately update the global short average price (globalShortAveragePrices) when processing short positions, and this global average price would directly affect the calculation of the total asset size (AUM), which would lead to the manipulation of the GLP token price. The attacker took advantage of this design flaw and enabled the timelock.enableLeverage feature (a necessary condition for creating large short orders) when executing orders through Keeper. By re-entering, he successfully created a large short position to manipulate the global average price, so as to artificially raise the GLP price in a single transaction and profit through redemption operations.