GMX releases $40 million attack summary report: GMX DAO will discuss compensation measures

Odaily News GMX published a report on the X platform to summarize the reasons and follow-up measures for the attack of about $40 million on the Arbitrum chain on July 9 on GMX V1. It pointed out that after analysis by the security team, the attack originated from the reentrancy vulnerability of the OrderBook contract. Hackers used this vulnerability to manipulate the average short price of BTC, thereby significantly raising the price of GLP and arbitrage. The official has suspended transactions related to the Avalanche chain, confirmed that the V2 version is not affected, and will take measures such as disabling GLP casting and redemption and setting up a compensation pool. GMX reminds V1 fork projects to promptly repair similar risks.
Next step: Funding situation: There is about $3.6 million left in the GLP pool, which is reserved for open positions. The GLP fee for V1 on Arbitrum this week is about $500,000 (minus the 30% allocated to GMX stakers), which will be transferred to the DAO treasury for compensation. GLP minting and redemption on Arbitrum will be disabled (redemption disablement requires a 24-hour timelock). GLP minting on Avalanche is disabled, but the redemption function is retained. Enable V1 position closing on Arbitrum and Avalanche, and disable opening to prevent the vulnerability from recurring. Cancel V1 orders on Arbitrum and Avalanche. The remaining GLP funds on Arbitrum will be allocated to the compensation pool for use by affected GLP holders.
GMX DAO will discuss further compensation measures. It is recommended that all GMX V1 forks take immediate action and enable trading and minting of GLP-like tokens only after repairs and audits.