Sovryn: External call reentrancy via callTokensToSend — token price inflation via mid-transaction mint → overclaim via burn
Sovryn's Bitcoin L2 lending protocol lost $1.1M when an attacker exploited an external callback during token transfers to re-enter mid-transaction, inflating a Load Token supply calculation and looping out 45 RBTC and 211K USDT.
Summary #
Sovryn suffered a Lending / Money Market (Bitcoin L2 DeFi) on 2022-10-04, resulting in a loss of approximately $1M.
What happened #
Sovryn's Bitcoin L2 lending protocol lost $1.1M when an attacker exploited an external callback during token transfers to re-enter mid-transaction, inflating a Load Token supply calculation and looping out 45 RBTC and 211K USDT.
Linked factors #
- RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited]
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
- RD-F-099 — illustrative : Oracle price deviation > X% from secondary source — RT signal would have fired [via realtime_signals/Oracle anomaly: Y (internal) — the tokenPrice calculation relied on in-flight state that hadn't been committed; the price diverged from true value mid-trans...]
- RD-F-100 — illustrative : Flash loan > $10M origination — RT signal [via realtime_signals/Unusual borrowing: Y — large flash loan borrow followed by abnormal series of side token conversions]
- RD-F-126 — causal : Is-a-fork-of (Cat 8 anchor) [via dashboard_risk_factors/Forked?: Y — lending pool design influenced by Compound/Aave patterns adapted for RSK] || Is-a-fork-of (BTC-DeFi taxonomy partial — see PD-032) [via cross-hack: Factor 44: Bitcoin L2 / Sidechain Legacy Code Without Standard Security Patterns]
- RD-F-127 — related : Upstream Compound has patches that may not be merged here [via dashboard_risk_factors/Forked?: Y — lending pool design influenced by Compound/Aave patterns adapted for RSK]