GMX defends contracts after losing $ 13 million linked to the exploitation of Cauldron from Abracadabra

PECKSHIELD has notified the PECKKSHIELD company about the exploitation of the GMX (DeX) exchange, which drew attention to the weaknesses within the ABRARADABRA (Spell) ecological system (Spell).

The accident, associated with Abrakadabra’s bolts – has made smart contracts that facilitate Defi operations such as lending, borrowing and providing liquidity – the theft of about 6,260 Ethereum, at a value of approximately $ 13 million.

GMX confirms that the contracts are still safe

While the attack caught a great attention, GMX was quickly It is clear Its contracts were not penetrated. In fact, the issue was confined to the integration between CauoldRons GMX V2 and Abracadabra, which used GMX liquidity complexes for their operations. The team confirmed to the community that it was not affected by the accident and confirmed that the weaknesses of GMX’s smart contracts were not found.

The team also explained that the Abracadabra team, along with external security researchers, was actively investigating its breach to determine its case and prevent future accidents. This incident is especially noticeable because it highlights the continuous security challenges within the broader Defi ecosystem.

This is also followed by a former security breach in January 2024 when Stableco Magic Money (MIM) was exploited by ABRACADABRA due to a defect in his smart contract. The exploitation led to a loss of $ 6.49 million.

Flash loan attack

Crown Researcher Willin (William) to me I mentioned The CAULDRONV4 contract allows users to conduct multiple procedures, with a solvency examination at the end of the operation. In this case, the attacker conducted seven procedures, five of which included the Magic Internet metaphor (MIM) Stablecoin, followed by the call of the attack contract and the start of the liquidation.

Li preliminary analysis indicates that the first procedure, the metaphor of the MIM, has already increased the attacker’s debts, which makes the liquidation (31 procedure) possible. However, this liquidation was carried out suspiciously in the case of a flash loan – as the borrower had no guarantee.

He also pointed out that the attacker benefited from the liquidation incentives and took advantage of the fact that the examination of the sheet had occurred only after all the procedures were completed, allowing the attacker to circumvent the system protection.