A decentralized perpetual exchange, GMX, announced its partnership with Bitget Wallet. With the following partnership, the user now can trade cryptocurrencies such as BTC, ETH, and more. Their team-up will also provide “up to 50x leverage directly from user wallet.”
🩵x 🫐 #BitgetWallet is thrilled to announce our collaboration with @GMX_IO
🔥 GMX is a decentralized perpetual exchange, where you can trade BTC, ETH and more with up to 50x leverage directly from your wallet!
👀 Check them out now! pic.twitter.com/uUrK7hxu5m
— Bitget Wallet (Formerly BitKeep) (@BitgetWallet) September 29, 2023
On the other hand, according to a recent media report, GMX has paid “a hefty prize due to a flaw.” The decentralized exchange (DEX) awarded Collider Research a $1 Million bug bounty, last year. The payout was in the identification of their discovery of a critical bug in its smart contracts. As per the report, it has “directly affected how the protocol tracks outstanding debt.”
The Bug Causing GMX
As per the media report, the DEX did not provide further information on how and when the bug was patched. However, the GMX operator stated that the bug affected GMX v1 liquidity providers (LPs) as the code led to inaccuracies in quotes related to “the fair value of tokens.” Specifically, the bug affected the Global Liquidity Pool (GLP) which caused it to deviate from its fair value.
Last year in September, a flaw affecting GLP and impacting the GMX’s “minimal fee” and “zero price impact” features saw an unidentified exploiter make way with over $570K from the AVAX/USD marketplace.
The report also presented the analysis that by deploying on Arbitrum, a layer-2 (L2), and Avalanche, a high throughput and low-fee blockchain, the protocol supports low-fee swapping powered by GLP, a liquidity pool holding all assets traded on the DEX. “From the GLP, liquidity providers who could have been significantly impacted can earn fees from swap fees, spreads from leverage trading, and whenever there is asset rebalancing.”
The Bounty Program
As noted in the report, the bug bounty program can reward up to $5 Million. The program focuses on ensuring their smart contracts and applications function as designed without weakness, considering the trustless nature of swaps. As mentioned, the goal is to prevent theft of user funds through various means, including unauthorized transfers, price manipulation of GLP, freezing, and other threat vectors.
If there is a flaw, and the white hacker identifies it, the DEX bug bounty program will distribute rewards depending on the flaw’s severity. However, any submission must accompany a report demonstrating how the code error impacts the protocol before being reviewed and the reward distributed.
Nevertheless, in the DEX, all critical smart contract vulnerabilities are subject to a 10% cap on the potential damage it would have caused. “The maximum bounty paid to developers who pick out critical code flaws is $5 Million,” the report also mentioned.
Source: https://www.thecoinrepublic.com/2023/09/30/gmx-joined-hands-with-bitget-wallet-allows-crypto-trading/