SlowMist: The core reason for the GMX attack is that the global short average price of GMX v1 can be manipulated, causing the GLP price to be maliciously inflated for arbitrage.

BlockBeats News, July 10th, Slowmist CISO @im23pds tweeted that "The root cause of the GMX attack is that GMX v1 immediately updates the global short position average price when handling short positions. This global average price directly affects the calculation of the total asset under management (AUM), leading to the manipulation of the GLP token price.

The attacker exploited this design flaw by using a Keeper to enable the timelock.enableLeverage feature when executing orders (a necessary condition to create a large short position). Through reentrancy, they successfully created a large short position to manipulate the global average price, artificially raising the GLP price in a single transaction and profiting through redemption.