Decentralized perpetual futures trading exchange GMX gave Collider’s research team a $1 million bug bounty for finding a bug in an internal mechanism that tracks outstanding debt. The bug bounty was handed out in 2022, but details about the bug are only now being made available. GMX has patched the bug.
The bug caused liquidity providers on GMX V1 to receive inaccurate quotes about the fair value of tokens. This resulted in the price of GLP, the exchange’s liquidity-providing token, diverging from its fair value.
“Our top priority is risk management. For each position, we implement a comprehensive due diligence process, which includes thorough assessments, relying not only on external sources, but also on our own audits,” said Shlomo Kraus, head of Collider Research.
Collider is an Israel-based venture capital fund focused on infrastructure, middleware and security in the crypto space. GMX is an Arbitrum-based decentralized exchange focused on perpetual futures trading. It has committed $473 million in value to its smart contracts, according to DefiLlama.