SlowMist: GMX v1 has a design flaw; GLP price can be manipulated by reentrancy attacks

SlowMist pointed out that the root cause of the $GMX hack was a design flaw in $GMX v1: shorting operations immediately update the globalShortAveragePrices, which in turn affects the AUM (Assets Under Management) calculation, causing the GLP price to be manipulated. The attacker used the Keeper to enable the timelock.enableLeverage permission when executing orders, creating large short positions through re-entry attacks, manipulating the global average price, artificially increasing the GLP price in a single transaction, and profiting through redemption arbitrage. [Wu Shuo]