The assault occurred after Tender.fi upgraded its worth feed to relay information from a Chainlink pricing oracle versus a time-weighted common worth (TWAP). The code, which was audited by PeckShield, contained an error and returned a quantity with too many zeros behind it. This meant the attacker was capable of deposit one GMX token, price round $70, successfully tricking the system into permitting infinite borrows, in keeping with a postmortem revealed on Tender.fi’s Medium web page.
