GMX releases a summary report on the $40 million vulnerability attack incident: GMX DAO will discuss further compensation measures.

According to ChainCatcher news and a report released by GMX, a summary report on the GMX V1 vulnerability attack incident on Arbitrum totaling approximately $40 million has been published. The attacker directly called the increasePosition function of the Vault contract through reentrancy, bypassing the PositionRouter and PositionManager contracts (which are usually responsible for calculating the average shorting price). By manipulating the system, the attacker lowered the average shorting price of BTC from $109,505.77 to $1,913.70. Using Flash Loans, the attacker purchased GLP at a normal price of $1.45, opening a position of $15 million. Due to the manipulated price, the GLP price was pushed above $27, allowing the attacker to redeem GLP at a high price for profit. GMX has confirmed that V2 has no similar vulnerabilities. Next step funding situation: The GLP pool has approximately $3.6 million remaining, reserved for open positions. The GLP fees on V1 on Arbitrum this week are about $500,000 (after deducting 30% allocated to GMX stakers), which will be transferred to the DAO treasury for compensation. The minting and redemption of GLP on Arbitrum will be disabled (redemption disablement requires a 24-hour Timelock). Minting of GLP on Avalanche will be disabled, but redemption functionality will remain. Closing of V1 positions on Arbitrum and Avalanche will be enabled, while opening positions will be disabled to prevent the re-occurrence of vulnerabilities. Orders on V1 on Arbitrum and Avalanche will be canceled. The remaining funds of GLP on Arbitrum will be allocated to the compensation pool for affected GLP holders. After the above steps are completed, the GMX DAO will discuss further compensation measures. It is recommended that all GMX V1 forks take immediate action, and enable trading and the minting of tokens similar to GLP only after repairs and audits.