Decentralized alternate (DEX) GMX has reportedly suffered a worth manipulation exploit from an exploiter who managed to make off with round $565,000 from the AVAX/USD market.
The unidentified exploiter is known to have capitalized on GMX’s “minimal unfold” and “zero worth impression” options to drag off the exploit, which impacted GLP token holders who supplied liquidity within the type of AVAX (the Avalanche token) to GMX.
GMX confirmed the value manipulation exploit in a Sept. 18 publish on Twitter, however said that the AVAX/USD market would stay open regardless of imposing a $2 million cap on lengthy positions and $1 million cap on quick positions.
We had been notified of worth manipulation of AVAX/USD on reference exchanges by monitoring methods and group members.
Whereas we evaluation the incidence, open-interest for AVAX has been capped at $2m lengthy / $1m quick.
GLP and GMX buying and selling markets proceed to function usually.
— GMX (@GMX_IO) September 18, 2022
Head of Derivatives at Genesis Buying and selling Joshua Lim was one of many first to research the exploit, stating that the exploiter “efficiently extracted income from GMX’s AVAX/USD market by opening massive positions at 0 slippage” earlier than transferring the AVAX/USD to centralized exchanges at a barely greater worth.
Lim stated this exploit technique was repeated 5 occasions, with the primary cycle taking impact at 01:15 UTC on Sept. 18. Every cycle transferred greater than 200,000 AVAX tokens, (roughly $4-5 million per cycle) with the exploiter extracting about $565,000 in revenue after paying unfold to market makers on different exchanges.
3/ let’s check out the primary cycle which befell from 01:15:31 to 01:28:11 UTC. X was in a position to extract roughly $158k in revenue by buying and selling clips of $4-5mm at a time pic.twitter.com/W6eu7Iz6lz
— Joshua Lim (@joshua_j_lim) September 18, 2022
Lim nevertheless famous that this wasn’t an “exploit” in that it was “GMX working as designed.”
Technical analyst “Duo 9” added that the exploiter was in a position to take benefit of a number of massive trades in opposition to GLP holders as a result of the mounted costs equipped by the Chainlink-run oracles include no worth impression, which is what made the value manipulation exploit doable.
“If merchants make revenue, the liquidity suppliers lose. If merchants exploit this vulnerability, the GLP holders could lose all their cash!”
Whereas GMX instantly capped quick and lengthy open curiosity for AVAX/USD to guard the DEX from additional manipulation, Lim stated that GMX could have to scrap its “zero worth impression” function regardless of it efficiently onboarding many customers to this point.
“The actual problem is GMX does not replicate the true value of liquidity like different venues do, it presents limitless liquidity at a mid-market oracle worth.”
The latest exploit comes solely weeks after the founding father of Layer-2 DEX ZigZag “Taureau” stated in a Sept. 2 video name that he doubted GMX’s alternate mannequin can be sustainable over the long run, including {that a} dealer with the appropriate technique may wipe out GLP token holders:
Has $GMX constructed a viable system for the long-run?
ZigZag Founder @taureau_21 has his doubts… and predicts finally {that a} dealer with the appropriate technique and correct measurement will wipe out $GLP
Full Episode https://t.co/3k3oLdHFWq pic.twitter.com/MF2Qafxs57
— Flywheelpod (@flywheelpod) September 2, 2022
Associated: What are decentralized exchanges, and the way do DEXs work?
Neighborhood Response
The information led to combined reactions from the GMX group. One Twitter consumer highlighted the truth that no good contract was exploited, whereas one other Twitter consumer requested GMX whether or not any compensation can be paid out to affected GLP holders.
On GMX, liquidity suppliers provide BTC, ETH, AVAX and stablecoins in alternate for the GLP token. The protocol was launched in late 2021 on Ethereum layer-2 scaling community Arbitrum.
The GMX token (GMX) is presently priced at $39.07, down 16.7% during the last 24 hours, in accordance with CoinGecko.
