Bug discovered in GMX debt tracking system nets Collider $1m prize

GMX, a decentralized futures exchange, awarded the Collider team $1 million for finding a bug in its debt tracking system.

Last year, GMX had a bug that caused GMX V1 liquidity providers to receive incorrect fair value quotes for tokens, causing the price of GLP, the exchange’s liquidity provider token, to deviate from its fair value.

“Our top priority is risk management. For every position, we implement an extensive due diligence process, which encompasses thorough reviews, relying not only on external sources but also on our own audits.” 

Shlomo Kraus, head of Collider Research

A GMX representative told crypto.news that “funds were secure” and that the “bug was not effectively exploitable”. However, in accordance with Immunefi, they had to award the bounty to Collider.

Following this news, GMX prices rose, adding 4.5% to $38.13, according to CoinGecko. However, the token is down by over 50% from its $91.07 all-time high recorded in April 2023.

Earlier, an unidentified GMX trader exploited the Avalanche (AVAX) token’s minimum spread and zero price impact features, manipulating prices and subsequently negatively impacting GLP holders who had supplied AVAX liquidity.

Joshua Lim, the head of derivatives at Genesis Trading, believes the trader made a profit ranging from $500,000 to $700,000. He stated that this wasn’t an exploit but rather the trader simply used the protocol as it was designed to operate.