On July 9, 2025, GMX v1 lost around ~$42 million to an attack that exploited how the protocol calculated its total value (Assets Under Management or AUM). This was GMX’s second hack of 2025, following a $13 million loss in March. The attacker used a reentrancy vulnerability to manipulate pricing data, artificially inflating the protocol’s apparent value, then immediately withdrew tokens at the inflated price.
The attack exploited a design flaw where short position operations immediately updated globalShortAveragePrices
, which directly impacted AUM calculations used for GLP token minting and redemption. The attacker used reentrancy to establish massive short positions within a single transaction, artificially inflating GLP prices.
The critical vulnerability chain:
executeDecreaseOrder
accepted a contract address instead of EOAGMX calculates its total value using this formula:
The “unrealized trading profits” component was the vulnerability. When traders open short positions (betting prices will fall), the protocol tracks:
The critical part is how short positions affect AUM:
Multiple invariants could have detected this attack, but AUM manipulation bounds is probably the most obvious and versatile detection method, because it defines a behavior that should never happen.
Here are some invariants that could have prevented the attack:
Implement a simple check that AUM changes must be reasonable. This invariant ensures that any change in the protocol’s total value is bounded by actual token flows and reasonable market movements.
Ensure all state changes affecting token pricing complete atomically before any external calls. This prevents reentrancy-based manipulation of global price averages.
Ensure global average prices update based on actual position changes, not synthetic operations. This maintains mathematical consistency in price calculations.
Critical financial operations must originate from externally owned accounts (EOAs) or pre-approved contracts. This prevents malicious contracts from exploiting reentrancy vulnerabilities.
Individual positions must not exceed a maximum percentage of total pool value. This limits the impact any single position can have on global averages.
A Credible Layer assertion similar to the one below could have prevented an attack like this. We have simplified the assertion for brevity, but a real world assertion would check for each call in the call stack that the invariant holds. In the example we just show the logic that would be checked for one call. Being able to inspect the call stack is a powerful feature of the Credible Layer and it allows for detection of attacks that are carried out in a single transaction.
This assertion implements a simple but powerful economic sanity check that would have prevented the GMX attack:
What it does:
Why it catches the exploit: The GMX attacker artificially inflated AUM by a massive amount with only a small real deposit. This created an enormous percentage deviation that would immediately trigger the assertion:
Key insight: This assertion doesn’t need to understand the technical details of the reentrancy attack. It simply enforces the economic principle that “protocol value should match actual assets at any point in the call stack” - a rule that the attack fundamentally violated.
The GMX attack succeeded because the protocol trusted its internal accounting without validating that value changes matched actual asset movements. A simple economic sanity check - “did our total value increase by more than our deposits?” - would have prevented this $42M loss.
Multiple invariants could have detected this attack, but AUM manipulation bounds was the most obvious and effective detection method. The key insight is that financial protocols must maintain strict mathematical properties throughout all state transitions, with no intermediate states that violate these properties. By defining invariants and protecting against transactions that violate them with something like the Credible Layer assertions, protocols can prevent a wide range of attacks while maintaining intended functionality.
This principle applies to any DeFi protocol: if your system’s reported value doesn’t match your actual holdings, something is wrong.