Thirdweb vulnerability has been discovered. It occured in a “commonly used open-source library for Web3 smart contracts”. It affects pre-built contracts offered by Thirdweb and others. Thirdweb, a prominent crypto development platform disclosed issues with its smart contracts late Monday. As a result, some Ethereum NFT project creators are scrambling to secure their collections. Smart contracts contain the code that powers decentralised autonomous apps (dapps) and NFT collections.
Mitigation Strategy Implementation
Because of the apparent seriousness of the vulnerability, Thirdweb is not disclosing which open-source library was the source of the exploit or any details about the problem. OpenZeppelin, a popular open-source library for smart contracts, has since stated that the problem is not related to its repository.
Thirdweb believes that no smart contracts have yet been exploited. However, it advises projects to implement a mitigation strategy that includes locking down their current smart contract and migrating to a new one, followed by airdropping tokens to current holders. According to the company, it will assist in covering network fees associated with migrating holders from an affected smart contract.
According to Thirdweb, the contract vulnerability happened on November 20 and a fix for its pre-built smart contract templates was released on November 22. As a result, any Thirdweb smart contracts deployed after 10 p.m. will be affected. ET on November 22 are thought to be safe, but those deployed before that date may be affected.
Is the NFT Winter Season Over? Bitcoin and Ethereum Prices Are Rising
Rising tides lift all ships, including the battered, beleaguered, and frequently lauded NFT market. As altcoins such as Ethereum and Solana continue to rise, largely on the back of Bitcoin’s incredible, now weeks-long price rally, NFT collections associated with those blockchain networks appear to be riding shotgun. The exploit occured to NFT smart contracts that use the Ethereum ERC-721 and ERC-1155 standards, as well as ERC-20 fungible tokens.
Thirdweb’s blog post contains a complete list of affected contract types. Also, it has a mitigation tool that can identify any impacted contracts. Many major industry participants have spoken out about how the issue may affect their users, NFT holders, and NFT project creators.
Click here for latest crypto updates.
IMPORTANT
On November 20th, 2023 6pm PST, we became aware of a security vulnerability in a commonly used open-source library in the web3 industry.
This impacts a variety of smart contracts across the web3 ecosystem, including some of thirdweb’s pre-built smart contracts.…
— thirdweb (@thirdweb) December 5, 2023
We are in touch with @thirdweb about the security vulnerability impacting some NFT collections. Stay tuned for more info on how we can assist affected collection owners with any changes on OpenSea tied to contract migration. Please read @thirdweb’s post below for more detail. https://t.co/HU6bmXWU7U
— OpenSea (@opensea) December 5, 2023
