Web3 developer platform Thirdweb has disclosed major security vulnerabilities discovered in its open source libraries.
this vulnerability, a fact that Thirdweb learned on November 20, has implications for several NFT collections, particularly the pre-built smart contracts it offers. However, the company did not clarify which specific collections might be affected.
OpenSea, one of the largest NFT trading platforms, responded and noted that some NFT collections on its platform were affected. OpenSea said it is working with these collections to mitigate security concerns. “We have reached out to Thirdweb regarding a security vulnerability affecting some of our NFT collections. Stay tuned for more details on how we can support collection owners affected by changes in OpenSea related to contract migration.” OpenSea wrote.
Coinbase NFT said This was notified of a security vulnerability on December 1 and affects “select NFT collections of Coinbase NFTs created with Thirdweb.”
Base is a layer 2 network supported by Coinbase. decided This issue affects some NFT contracts distributed on the network.
Thirdweb said in today’s disclosure that the vulnerability had not been exploited by any projects using its smart contracts. However, it reiterated that smart contract owners should take action on certain pre-built contracts created by Thirdweb to mitigate potential exploitation of this vulnerability. Affected pre-built contracts include “DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20.”
In most cases, mitigation involves locking contracts, taking snapshots, and migrating to new contracts without known vulnerabilities. If a contract builder holder has locked tokens in a liquidity or staking pool, they must withdraw those tokens before starting this step.
Disclaimer: The Block is an independent media outlet delivering news, research and data. As of November 2023, Foresight Ventures is a majority investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information about the cryptocurrency industry. Below are our current financial disclosures.
© 2023 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.