The attack occurred after upgraded its price feed to relay data from a Chainlink pricing oracle as opposed to a time-weighted average price (TWAP).’s code, which was audited by PeckShield, contained an error and returned a number with too many zeros behind it. That meant the attacker was able to deposit one GMX token, worth around $70, effectively tricking the system into allowing infinite borrows, according to a postmortem published on’s Medium page. There was no issue with the Chainlink oracle itself.

Leave a Reply

Your email address will not be published. Required fields are marked *