How did attackers drain $42M from @GMX_IO? Through cross-contract reentrancy that bypassed every safety check. We reproduced the attack using @WakeFramework. Let's break it down ↓

2/ Each GMX contract had reentrancy guards. The attack succeeded anyway. How? The exploit occurred AFTER one contract's guard had already exited, creating a window to manipulate GLP token prices.

3/ The attack exploited fragmented data responsibility: • Vault handles positions, ShortsTracker tracks prices • Attacker re-enters after reentrancy guard resets • Bypasses ShortsTracker update → inflates GLP price • Drains value at manipulated prices

4/ Read the detailed analysis and reproduce the scenario. Full walkthrough and forked environment available. Understanding these attacks is the first step to preventing them in your project.