Design flaws in the DEX led to the theft of $42 million, and GLP price manipulation has raised security concerns.

robot
Abstract generation in progress

[Golden Finance] Slow Mist Yuxian stated on social media: "The fundamental reason for the theft of 42 million USD from a certain DEX last night is that this DEX v1 immediately updates the global short average price (globalShortAveragePrices) when handling short positions, and this global average price will directly affect the calculation of total assets scale (AUM), thereby leading to the manipulation of GLP Token price.

The attacker exploited this design flaw through the Keeper, which would enable the feature timelock.enableLeverage during order execution (, creating the necessary conditions for large short positions ). By using a reentrancy method, they successfully created large short positions to manipulate the global average price, artificially raising the GLP price in a single transaction and profiting from the redemption operation.

Doing DeFi is indeed a high-risk venture. This DEX is a very established decentralized perpetual trading platform, and this time it has also fallen into a big pit. The 10% white hat bounty strategy is hard to say whether it will tempt attackers...

DEFI-1.05%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 6
  • Share
Comment
0/400
WalletAnxietyPatientvip
· 07-13 04:15
Playing DeFi is really exciting, I feel anxious every day.
View OriginalReply0
TokenEconomistvip
· 07-12 00:13
actually this is a classic case of imperfect incentive alignment in defi... ceteris paribus the protocol design should've anticipated reentrancy risks
Reply0
ChainMelonWatchervip
· 07-11 09:38
Sigh, another trap. Smart contracts are still not smart enough.
View OriginalReply0
SilentObservervip
· 07-10 06:26
Suckers trap departs on time
View OriginalReply0
IfIWereOnChainvip
· 07-10 06:26
A glimpse of smart contracts' vulnerabilities v1 is a pile of garbage.
View OriginalReply0
LongTermDreamervip
· 07-10 06:13
It's been three years, still on v1... I'm so frustrated with the losses.
View OriginalReply0
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate app
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)