GMX Incident Analysis

On 9 July 2025 a reentrancy-related logic/async-update flaw in GMX V1's Vault/ShortsTracker/GlpManager interaction was exploited to inflate GLP AUM and withdraw approximately $42M; the attacker later returned most funds and received a bounty. The report provides a detailed technical root-cause analysis, step-by-step exploit trace, relevant contract and attacker addresses, key transaction links, and a breakdown of fund flows.