What Happened

Solv Protocol

$2.7M|Smart Contract Exploit|March 6, 2026

ERC-3525 reentrancy in BRO (Bitcoin Reserve Offering) vault contract: doSafeTransferIn triggered the ERC-721-inherited onERC721Received callback before updating internal balance state, enabling an attacker to re-enter mint() and double-mint tokens. Attacker repeated 22 times, inflating 135 BRO tokens into ~567 million BRO, then swapped for 38 SolvBTC (~$2.7M). Note: user-reported figure of $4.7M is incorrect; confirmed loss is $2.7M.

What Hindenrank Would Have Said

As of February 1, 2026

D+
Risk Score
59/100

Solv Protocol earns D+ for risk — the largest on-chain Bitcoin reserve is genuinely innovative and institutionally backed, but stacks novel risk on novel risk. ERC-3525 (a team-invented token standard) combined with novel BRO vault mechanics creates exploitable callback surfaces. An unresolved Major CertiK centralization finding, a January 2025 social engineering incident, and TVL transparency controversy compound the risk picture. The $1.7B BTC TVL means any exploitation would be catastrophic at scale.

Mechanism Novelty12/15
Interaction Severity16/20
Oracle Surface5/10
Documentation Quality6/10
Track Record5/15
Scale Exposure7/10
Regulatory Risk4/10
Protocol Vitality4/10

Grade Predicted This Failure

Flagged by dimensions: Mechanism Novelty, Interaction Severity, Documentation Quality, Scale Exposure

One or more collapse scenarios directly matched the actual failure mode.

Top Risks Identified

  1. 1.ERC-3525 semi-fungible token standard (co-authored by Solv's own team) introduces novel callback mechanics via ERC-721 inheritance, creating reentrancy surfaces in BRO vault contracts where minting occurs during NFT transfer callbacks
  2. 2.CertiK audit (June 2024) flagged centralized admin key control as an unresolved Major finding — team acknowledged but did not fix, meaning protocol parameters can be changed unilaterally by a small group
  3. 3.Multi-chain deployment across 8 chains via Chainlink CCIP creates a broad attack surface where a bridge compromise or oracle failure could simultaneously drain cross-chain positions and break the SolvBTC peg

Collapse Scenarios

BRO Vault ERC-3525 Reentrancy Attack

Elevated
Trigger

Attacker deploys an exploit contract that implements the ERC-721 onERC721Received callback to re-enter the BRO vault's mint() function. When depositing an ERC-3525 NFT into the BRO vault, the protocol calls doSafeTransferIn which invokes onERC721Received before updating the internal minting state.

Cascade
1.
Attacker acquires BRO tokens and deploys exploit contract implementing onERC721Received callbackCallback function prepared to re-enter BRO mint() during ERC-3525 NFT transfer
2.
Attacker calls BRO vault deposit function with ERC-3525 NFT, triggering doSafeTransferIndoSafeTransferIn invokes onERC721Received callback on attacker's contract before internal balance update
3.
Callback re-enters BRO mint() — tokens minted a second time for the same single depositAttacker holds 2x BRO tokens; internal accounting unsettled; loop repeated per transaction
4.
Attack repeated 22 times, compounding the double-mint amplification135 BRO tokens inflated into approximately 567 million BRO through compounding
5.
567 million inflated BRO tokens swapped for real SolvBTC at market rate38 SolvBTC (~$2.7M) drained from vault; fewer than 10 real users affected
Historical Precedent

ERC-721 reentrancy via onERC721Received has been exploited multiple times since 2021. The same pattern applied to ERC-3525 (which inherits ERC-721's callback) was predictable. Cf. various NFT marketplace reentrancy exploits (2021-2023).

Multi-Chain Bridge Cascade Failure

Moderate
Trigger

Chainlink CCIP bridge contract is exploited, compromised, or suffers oracle failure, enabling minting of unbacked SolvBTC on destination chains. Given SolvBTC is used as collateral across all 8 chain deployments simultaneously, a depegging event cascades.

Cascade
1.
Chainlink CCIP bridge compromised or oracle manipulated; cross-chain message validation failsUnauthorized SolvBTC minting possible on destination chains without corresponding BTC backing
2.
Unbacked SolvBTC minted and sold; peg breaks as supply exceeds backed reservesSolvBTC trades below 1:1 BTC parity; holders attempt to redeem faster than liquidity supports
3.
Yield product positions (SolvBTC.BBN, SolvBTC.CORE, SolvBTC.ENA) use depegged SolvBTC as collateralLST positions become undercollateralized; Babylon/Core/Ethena protocols face counterparty shortfalls
4.
Protocol-wide insolvency; BTC+ vault cannot honor redemptions at parRun on all Solv products; SOLV token collapses; institutional counterparties (Babylon, Ethena, BlackRock) face exposure
Historical Precedent

Ronin Bridge ($625M, 2022), Wormhole ($320M, 2022), Nomad Bridge ($190M, 2022), Multichain ($126M, 2023): multi-chain bridge exploits have been among the largest DeFi losses. SolvBTC's 8-chain CCIP architecture concentrates this risk.

See how today's protocols score

The same 8-dimension rubric applied to 672+ live protocols.

View LeaderboardAll Backtests