The Solv Protocol exploit resulted in approximately $2.5M in losses after an attacker exploited a logic flaw in the BitcoinReserveOffering contract. The vulnerability allowed the attacker to mint BRO tokens twice during a single mint flow, leading to massive token inflation.
The issue stemmed from an interaction between the NFT transfer process and the onERC721Received callback. By triggering token minting inside the callback and then receiving another mint when execution returned to the main mint() function, the attacker was able to create unbacked BRO tokens.
How the Exploit Happened?
The attacker began with 135 BRO tokens, which were burned through the reserve contract. In return, the protocol issued a small amount of GOEFS tokens based on the current exchange rate.
Using these tokens, the attacker initiated a mint transaction, sending GOEFS tokens along with a specific NFT. When the NFT was transferred, the contract triggered the onERC721Received callback, which internally executed the _mint function and issued BRO tokens to the attacker.
However, after the callback finished, the contract returned to the original mint() function and minted tokens again for the same action. This unintended behavior resulted in double minting.
Token Inflation in a Single Transaction
The attacker repeatedly triggered this mint flow 22 times within a single transaction. Because the entire exploit occurred in one transaction, the exchange rate remained constant, allowing the attacker to repeatedly double the minted tokens.
Through this process, the attacker inflated their holdings from 135 BRO tokens to approximately 567 million BRO tokens.
Converting the Exploit Into Profit
Once the tokens were minted, the attacker converted part of the inflated supply into real assets. Around 165M BRO tokens were swapped through the BRO–SolvBTC exchange, and then routed through Uniswap V3, eventually converting the assets into 1211 ETH.
The remaining tokens remained in the attacker’s wallet.
Following the swaps, the extracted ETH was transferred to multiple attacker-controlled wallets and eventually deposited into RailGun, a privacy protocol used to obscure transaction trails.
Want to see the full technical breakdown, attack flow diagrams and on-chain analysis?Read our detailed blog: Solv Protocol Exploit (Explained in Depth)
Root Cause
The exploit was caused by a logic flaw in the minting flow.
During NFT transfers, the contract triggered a callback (onERC721Received) that already executed a mint. When execution returned to the mint() function, the contract minted tokens again without validating whether minting had already occurred.
This lack of validation allowed the attacker to repeatedly mint tokens and inflate supply within a single transaction.
Why This Matters?
The Solv Protocol exploit highlights how small logic flaws in smart contract flows can lead to catastrophic token inflation. Improper handling of external calls, callbacks, and state updates can introduce subtle vulnerabilities that attackers can exploit at scale.
Solv Protocol $2.5M Exploit: Double Mint Bug was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.