This repository contains attack scenarios and example attack contracts related to the GMX protocol hack using the Wake testing framework. The scenarios are designed for educational and defensive security purposes only.
- Wake framework installed (
pip install eth-wake) - Node.js and npm for dependency management
First, clone the repository and initialize the GMX contracts submodule:
$ git submodule update --init --recursiveNavigate to the gmx-contracts directory and install the required npm packages:
$ cd gmx-contracts && npm i && cd ../Create a .env file and add your URL for Arbitrum mainnet.
We will use Alchemy this time which is free. To get your Alchemy API key:
- Sign up at Alchemy Dashboard
- Create a new app with Arbitrum Mainnet network
- Copy the HTTPS URL from your app dashboard
FORK_URL=https://arb-mainnet.g.alchemy.com/v2/your-api-key-hereWake needs to generate Python type definitions from the Solidity contracts:
$ wake up pytypesThis command compiles the Solidity contracts and creates corresponding Python types for use in test scenarios.
Run the exploit scenarios on the forked environment:
$ wake testTo see detailed transaction call traces during the exploit scenarios, uncomment the print(tx.call_trace) line in the tests/test_attack_simple.py files, then run the tests again:
$ wake testThe call trace will show the complete execution flow of the exploit scenario, helping you understand how the vulnerability is triggered and its impact on the protocol.
Note: These scenarios are for defensive security analysis only. Do not use this code for malicious purposes.