🚨 $2.5M @SolvProtocol Exploit - Double Mint Bug A logic flaw in the BitcoinReserveOffering contract allowed an attacker to mint unbacked BRO tokens. By abusing an NFT callback during the mint flow, the attacker turned 135 BRO into 567M BRO tokens in a single transaction. Here’s what happened 👇

Root Cause During mint(): 1️⃣ NFT transfer triggers onERC721Received 2️⃣ Callback internally calls _mint() 3️⃣ Execution returns to mint() 4️⃣ _mint() is called again Two mints. One deposit. Since the exploit happened in a single tx, the exchange rate stayed constant, allowing the attacker to double tokens every iteration (22 loops).