Scores/GMX V2

GMX V2

DAMASCUS

Perps DEX · Arbitrum + Avalanche · $500M+ TVL · 20 contracts

Confidence 64%Z-Factor 0.75Updated 2026-05-06Public Score

Public risk assessment — scores are produced with the same methodology as monitored protocols

803

BRI Score

3004756508251000

Security Profile

Access Control
75

Economic Soundness
72

Oracle Integrity
78

Compositional Risk
70

Governance
55

Maturity
75

Resilience
60

Supply Chain
82

Op Security
78

Cascade Exposure
87

Access Ctrl
75

Economic
72

Oracle
78

Compos.
70

Govern.
55

Maturity
75

Resilience
60

Supply Ch.
82

OpSec
78

Cascade
87

Min

Avg

Max

Audit History

Sherlock Competition

2023-03

Guardian Audits

2023-07

Cyfrin

2024-01

Bug Bounty Program

$500,000

Max payout on Immunefi

View Program →

Assessment

Mature perps protocol with V2 design improvements from V1 lessons. Oracle hardening from V1 exploit is a strength. Governance centralization (D5=55) and perps economic complexity (D2=72) are main drags.

Dimension Breakdown

How scores work →

Access Control

Weight 18%78% conf

Good

Complex order/position lifecycle with keeper execution
Role-based access: controller, order keeper, liquidation keeper
Config store with wide admin surface for market parameters
Reentrancy protection on core paths

Economic Soundness

Weight 13%74% conf

Good

GM pool model isolates risk per market (improvement over V1 GLP)
Funding rates, borrowing fees, price impact model
PnL settlement from pool reserves: large winning trades can stress pool
Open interest caps provide some protection

Oracle Integrity

Weight 13%80% conf

Good

Chainlink Data Streams (low-latency, signed reports)
Custom oracle module with validation and staleness checks
V1 AVAX oracle manipulation led to significant hardening in V2
Two-step execution (order creation + keeper execution) limits frontrunning

Battle-Tested Maturity

Weight 12%78% conf

Good

V2 live since Aug 2023 (~2 years)
V1 since Sep 2021 (org maturity 4+ years)
V1 AVAX oracle manipulation incident (2022) handled and led to V2 hardening
Audited by ABDK, Guardian, Sherlock contest
Z-factor: 0.78

Governance & Upgradeability

Weight 10%78% conf

Moderate

Team multisig with no formal timelock on config changes
GMX token governance is limited
Market parameter changes can be immediate
Some decentralization via Arbitrum governance

Adversarial Resilience

Weight 10%95% conf

Moderate

Score derived from continuous adversarial security research

Operational Security

Weight 10%76% conf

Good

Active keeper monitoring infrastructure
V1 incident response was fast and effective
Bug bounty program active on Immunefi
Transparent deployment process on Arbitrum

Compositional Risk

Weight 5%74% conf

Good

Arbitrum-native, limited cross-chain exposure
GM pools integrate as yield sources in other protocols
Chainlink dependency is critical path
Keeper infrastructure centralization

Cascade Exposure

Weight 5%60% conf

Strong

Appears in 2 cross-protocol cascade chain(s)
Failure cascades to 2 downstream protocol(s)
Member of 4 dependency cluster(s)
Score: 87/100 (higher = more isolated from systemic risk)
Source: cross_protocol_composition.json dependency analysis

Supply Chain

Weight 4%80% conf

Strong

Standard libraries with custom oracle integration layer
Reasonable dependency chain
Modern Solidity versions
Non-upgradeable core (markets are deployed fresh)

Risk Drivers

Primary risk factors driving this score, ordered by severity.

Governance & Upgradeability55

Adversarial Resilience60

Compositional Risk70

Adversarial Risk Signals

Observable security posture indicators. These signals reflect publicly verifiable information and responsible disclosure outcomes. No specific vulnerability details are exposed.

Disclosure HistoryNot Assessed

Remediation VelocityNot Assessed

Bug Bounty ProgramNot Assessed

Audit CoverageNot Assessed

Incident HistoryNot Assessed

Deployed 2023-08-04Z-Factor 0.75010 active dimensions

Score History & Verification

Score provenance tracking begins with the next reassessment.

On-Chain Data

Protocol Slug: "gmx-v2"
Oracle: BRORegistry (Base)
Evidence: IPFS (pinned)
Staleness Threshold: 24 hours

Read Score

registry.getScore("gmx-v2")

Reduce exploitable risk

BlackHart Monitoring provides continuous adversarial analysis, vulnerability detection, remediation support, and verified reassessment when your risk posture improves.

View Monitoring Plans How Scores Work

Believe this score contains a factual error? Submit evidence for review →