GMX’s Million-Dollar Mystery: Unmasking the Bug Bounty That Rocked DeFi
GMX, the decentralized exchange (DEX), made headlines in 2022 when it awarded Collider Research a substantial $1 million bug bounty. This generous payout was a testament to the critical bug Collider Research uncovered in GMX’s smart contracts. The bug directly and adversely impacted how the protocol tracked outstanding debt within the system. However, GMX has been tight-lipped about how this bug was rectified and when the patch was implemented. The bug had significant repercussions, particularly for GMX v1 liquidity providers (LPs). It disrupted the accurate calculation of quotes related to the “fair value of tokens.” More specifically, it wreaked havoc on the Global Liquidity Pool (GLP), causing it to deviate from its intended fair value. Understanding the gravity of this situation requires a glimpse into GMX ’s inner workings. The exchange supports leveraged trading with up to 50X leverage. The system meticulously tracks the debt incurred by traders and the repayment process, all d