Solv Protocol Hack: $2.5M Double Mint Exploit

Source: Dev.to

Overview

The Solv Protocol exploit resulted in approximately $2.5 M in losses after an attacker leveraged a logic flaw in the BitcoinReserveOffering contract. The vulnerability allowed the attacker to mint BRO tokens twice during a single mint flow, causing massive token inflation.

Exploit Mechanics

• The flaw originated from the interaction between the NFT transfer process and the onERC721Received callback.
• By triggering token minting inside the callback and then receiving another mint when execution returned to the main mint() function, the attacker created unbacked BRO tokens.
• The attacker started with 135 BRO tokens, which were burned through the reserve contract. In return, the protocol issued a small amount of GOEFS tokens based on the current exchange rate.
• Using these GOEFS tokens, the attacker initiated a mint transaction, sending GOEFS tokens along with a specific NFT.
• When the NFT was transferred, the contract called onERC721Received, which internally executed the _mint function and issued BRO tokens to the attacker.
• After the callback finished, control returned to the original mint() function, which minted tokens again for the same action, resulting in double minting.

Attack Execution

• The attacker repeatedly triggered this mint flow 22 times within a single transaction.
• Because the entire exploit occurred in one transaction, the exchange rate remained constant, allowing the attacker to double the minted tokens each iteration.
• This process inflated the attacker’s holdings from 135 BRO to approximately 567 million BRO tokens.

Financial Impact

• The attacker swapped around 165 million BRO tokens through the BRO–SolvBTC exchange, routing the proceeds through Uniswap V3.
• The swaps ultimately converted the assets into 1,211 ETH.
• The remaining tokens stayed in the attacker’s wallet.
• Extracted ETH was transferred to multiple attacker‑controlled wallets and eventually deposited into RailGun, a privacy protocol used to obscure transaction trails.

Conclusions

• The exploit was caused by a logic flaw in the minting flow that lacked proper validation.
• Improper handling of external calls, callbacks, and state updates can introduce subtle vulnerabilities that attackers can exploit at scale.
• Small logic errors in smart‑contract flows can lead to catastrophic token inflation, underscoring the need for rigorous security reviews and comprehensive testing.

Want to see the full technical breakdown, attack flow diagrams, and on‑chain analysis?
Solv Protocol Exploit (Explained in Depth)