1005 Alcyon Dr Bellmawr NJ 08031
+1 484-446-2566
support@bmcpros.com
Peckshield, a well-known blockchain security company, reported on exploits involving GMX decentralized transactions (DEX), a vulnerability that has attracted the attention of vulnerability in the Abracadabra (Spell) ecosystem.
The incident is related to Abracadabra’s big pot – smart contracts facilitate legal operations such as lending, lending and liquidity provision, resulting in the theft of about 6,260 Ethereum worth approximately $13 million.
GMX ensures the contract remains safe
Despite the attacks attracting a lot of attention, GMX quickly clarified that its contract was not damaged. In fact, this problem is limited to the integration between GMX V2 and Abracadabra’s big pots operated using GMX’s liquidity pool. The team assured the community that this was not affected by the incident and confirmed that no vulnerabilities were found in GMX’s own smart contract.
The team further explained that the Abracadabra team, together with external security researchers, actively investigates the violations to determine the cause and prevent future events. This event is particularly noteworthy as it highlights ongoing security challenges within the wider Defi ecosystem.
This is also after the security breach before January 2024, when Abracadabra’s Magic Internet Money (MIM) Stablecoin was exploited due to flaws in its smart contracts. The exploit caused $6.49 million in losses.
Flash Loan Attack
Crypto researcher Weilin (William) Li said the Cauldronv4 contract allows users to perform multiple operations and perform solvency checks at the end of the process. In this case, the attacker performed seven operations, five of which involved borrowing the Magic Internet (MIM) Stablecoin, then calling the attack contract and initiated a liquidation.
Lee’s preliminary analysis shows that the first lawsuit, namely borrowing MIM, has increased the attacker’s debt, thus making liquidation (action 31) possible. However, the liquidation is suspected to be executed in the frequency loan status – the borrower has no mortgage.
He also noted that the attacker profited from liquidation incentives and took advantage of the fact that solvency checks occur only after all measures were completed, which allowed the attacker to circumvent the protection of the system.
Binance Free $600 (Cryptopotato Exclusive): Use this link to register for a new account and get an exclusive welcome offer of $600 on Binance (Full details).
Limited offer for Bybit’s Cryptopotato readers: Use this link to register on any coin and open a $500 free job!