Ignored bounty disclosure

GMX v2 (GMX Synthetics)'s assessment for RD-F-008 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No post-mortem evidence of a vulnerability reported through responsible disclosure that the GMX v2 team ignored before exploitation. The July 2025 GMX v1 exploit was a v1/GLP architectural issue unrelated to v2 responsible disclosure. The Abracadabra March 2025 incident was a third-party integrator bug.

Sources #

URL
ThreeSigma Abracadabra/GMX Exploit AnalysisThreeSigma Abracadabra exploit analysis - confirms third-party bugretrieved 2026-05-05
URL
Halborn GMX Hack ExplanationHalborn GMX v1 hack analysis - confirms v1 root cause, not a v2 ignored disclosureretrieved 2026-05-05

Methodology #

Determine whether any prior post-mortem documents a disclosed vulnerability that was reported to the team and not actioned before exploit.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol gmx-v2 factor RD-F-008 score green collected_at 2026-05-05 11:15:06