Solv Protocol (BRO vault): ERC-3525 Callback Reentrancy — Double Mint (onERC721Received fires before state update)

Summary #

Solv Protocol (BRO vault) suffered a Bitcoin Yield / Structured Products on 2026-03-05, resulting in a loss of approximately $3M.

What happened #

Solv Protocol's unaudited BRO vault contained a textbook ERC-3525 callback reentrancy bug that let an attacker loop a single deposit 22 times — turning 135 BRO into 567 million and extracting $2.73M, while Solv's five published audits covered every contract except this one.

Linked factors #

• RD-F-001 — causal : ★ Audit scope mismatch — exploited code outside scope [via dashboard_risk_factors/Was exploited code in audit scope?: No — BRO vault explicitly excluded from all published audits] || ★ Audit scope mismatch — full field name [via dashboard_risk_factors/Was exploited code in audit scope?: No — BRO vault explicitly excluded from all published audits]
• RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited code (BRO vault never in any audit scope)]
• RD-F-006 — causal : Audit-deploy gap (RD-F-006 time between audit and deploy) [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — BRO vault was a newer product added after main audits] || Audit-deploy gap — alternate field name [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — BRO vault was a newer product added after main audits]
• RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: No — HackenProof programs excluded EVM contracts; only Web2 infrastructure and Solana covered]
• RD-F-146 — related : New deploys in last 30 days — fresh attack surface [via dashboard_risk_factors/Exploited code newly deployed/upgraded?: Y — BRO vault was a newer product added after main audits]