defirisk.co
rubric v1.7.0

Known-exploit-template selector deployed by any address

GMX v2 (GMX Synthetics)'s assessment for RD-F-162 — scored gray on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

A GMX v1-specific exploit selector pattern exists in public hack DB (gmxPositionCallback reentrancy via executeDecreaseOrder, July 2025). GMX v2 architecture closes the v1 reentrancy path by updating the short average price in the same contract as order execution. No contract deploying a GMX v2-specific exploit template documented in public data. V1 template bytecode is in public post-mortems but not applicable to v2. Signal requires on-chain deploy scanning for GMX v2-applicable patterns. Gray — v1 template documented but not applicable; v2-specific template not in public exploit DB.

Sources #

  • URL
    https://sherlock.xyz/post/gmx-exchange-hack-explainedretrieved 2026-05-05

Methodology #

Determine whether any contract has been deployed containing a function-selector pattern matching a known exploit template targeting protocols of this class.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol gmx-v2 factor RD-F-162 score gray collected_at 2026-05-05 11:15:06