defirisk.co
rubric v1.7.0

New contract with similar bytecode to exploit template

GMX v2 (GMX Synthetics)'s assessment for RD-F-094 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The July 2025 v1 exploit created a known reentrancy exploit template (gmxPositionCallback callback reentrancy pattern in executeDecreaseOrder). However, GMX v2 architecture closes this path: short average price calculation occurs in the same contract as order execution, eliminating the cross-contract reentrancy surface. No contract with bytecode similarity to a GMX v2-specific exploit template documented in public data. V1 template exists in public hack DB but is not applicable to v2 architecture.

Sources #

  • URL
    https://sherlock.xyz/post/gmx-exchange-hack-explainedretrieved 2026-05-05
  • URL
    https://www.quillaudits.com/blog/hack-analysis/how-gmx-lost-42mretrieved 2026-05-05

Methodology #

Detect whether a freshly deployed contract has high bytecode similarity to a known exploit template targeting this protocol class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol gmx-v2 factor RD-F-094 score gray collected_at 2026-05-05 11:15:06