Skip to main content
Security

GMX V1 Vault Suffers Reentrancy Exploit, $42 Million Impact

A reentrancy vulnerability in GMX V1's vault logic permitted asset under management manipulation, risking substantial liquidity drain.
September 20, 20253 min

A sleek, white, modular, futuristic device, partially submerged in calm, dark blue water. Its illuminated interior, revealing intricate blue glowing gears and digital components, actively expels a vigorous stream of water, creating significant surface ripples and foam
The visual presents an intricate, futuristic mechanical structure with sharp geometric lines and a central, glowing cubic crystal. Interconnected metallic components and circuit-like patterns in shades of silver and deep blue dominate the scene, evoking a sense of advanced technological design

Briefing

The GMX V1 decentralized perpetual exchange on Arbitrum experienced a critical reentrancy exploit on July 9, 2025, resulting in an approximate $42 million impact to its GLP liquidity pool. This incident stemmed from a flaw allowing an attacker to manipulate the protocol’s Assets Under Management (AUM) calculation by bypassing essential price update mechanisms. While the funds were subsequently returned by the white-hat attacker, who received a $5 million bounty, the event underscored the inherent risks associated with complex smart contract interactions and the critical need for robust security audits.

A prominent white, smooth, toroidal structure centrally frames a vibrant dark blue, translucent, amorphous mass. From the right side, this blue substance dynamically fragments into numerous smaller, crystalline particles, scattering outwards against a soft grey-blue background

Context

Prior to this incident, the DeFi landscape has frequently contended with vulnerabilities arising from intricate smart contract logic and non-atomic state updates. The GMX V1 architecture, specifically its interaction between position management and vault accounting, presented an attack surface where asynchronous updates could be exploited. The vulnerability in question was reportedly introduced as part of a fix for a previous issue, highlighting the continuous challenge of maintaining security posture during protocol evolution and the necessity for comprehensive auditing of all code changes.

A transparent crystalline cube encapsulates a white spherical device at the center of a sophisticated, multi-layered technological construct. This construct features interlocking white geometric elements and intricate blue illuminated circuitry, reminiscent of a secure digital vault or a high-performance node within a decentralized network

Analysis

The incident leveraged a reentrancy vulnerability within the GMX V1 vault, specifically targeting the executeDecreaseOrder function and its interaction with the Vault.increasePosition call. An attacker employed a malicious smart contract to re-enter the vault mid-transaction, bypassing the ShortsTracker and PositionManager routing layers. This allowed the manipulation of the globalShortAveragePrices without proper updates, creating a discrepancy between the market price and the tracked average price. The protocol consequently overestimated unrealized losses, inflating the Assets Under Management (AUM) and, by extension, the perceived value of GLP tokens, which the attacker then redeemed at an artificially elevated rate.

A striking abstract form, rendered in luminous blue and translucent material, features an outer surface adorned with numerous small, spherical bubbles, set against a soft, gradient background. Its internal structure reveals complex, layered pathways, suggesting intricate design and functional depth within its fluid contours

Parameters

  • Protocol Targeted ∞ GMX V1
  • Attack VectorReentrancy Exploit
  • Financial Impact ∞ $42 Million (recovered, $5M bounty paid)
  • Vulnerable Component ∞ GMX V1 Vault / executeDecreaseOrder function logic
  • Affected Token ∞ GLP (GMX Liquidity Provider Token)
  • BlockchainArbitrum
  • Attacker Type ∞ White-hat
  • Date of Exploit ∞ July 9, 2025

A sophisticated white cylindrical mechanism, resembling a futuristic satellite, is depicted expelling a substantial cloud of white vapor from its central aperture. Intricate panels and solar arrays adorn its exterior, set against a stark blue backdrop

Outlook

Immediate mitigation for users involved the temporary disabling of GLP minting and redemption on Arbitrum, alongside processing remaining V1 position closures. This incident serves as a critical case study for similar protocols, emphasizing the imperative of rigorous security audits for all code, particularly after updates or fixes that introduce new logic. It highlights the contagion risk inherent in modular DeFi designs if user-controlled receiver logic is not adequately constrained. Future security best practices will likely reinforce the need for comprehensive architectural threat modeling and end-to-end invariant enforcement to prevent such price manipulation vectors.

A white and blue football, appearing textured with snow or ice, is partially submerged in deep blue, rippling water. Visible are its distinct geometric panels, some frosted white and others glossy blue, linked by metallic silver lines

Verdict

The GMX V1 reentrancy exploit underscores the systemic fragility of complex DeFi protocols to subtle logic flaws, demanding a paradigm shift towards continuous, deep-seated architectural security validation beyond traditional audits.

Signal Acquired from ∞ CertiK

Glossary

assets under management

SLAP introduces a lattice-based polynomial commitment scheme, enabling post-quantum secure verifiable computation with polylogarithmic efficiency.

smart contract

Definition ∞ A Smart Contract is a self-executing contract with the terms of the agreement directly written into code.

executedecreaseorder function

A compromised private key enabled an attacker to maliciously upgrade a critical smart contract, bypassing security and draining $70 million.

protocol

Definition ∞ A protocol is a set of rules governing data exchange or communication between systems.

reentrancy exploit

A reentrancy vulnerability in the Shibarium Bridge led to a $2.

liquidity

Definition ∞ Liquidity refers to the degree to which an asset can be quickly converted into cash or another asset without significantly affecting its market price.

arbitrum

Definition ∞ Arbitrum is a technology designed to improve the scalability of the Ethereum blockchain.

exploit

Definition ∞ An exploit refers to the malicious utilization of a security flaw or vulnerability within a protocol, smart contract, or application to gain unauthorized access, steal assets, or disrupt operations.

price manipulation

Definition ∞ Price manipulation refers to the intentional distortion of the market price of an asset through deceptive or fraudulent activities.

reentrancy

Definition ∞ Reentrancy is a security vulnerability in smart contracts that allows an attacker to repeatedly execute a function before the initial execution has completed.

Tags:

Tags: