As known from:
known from Coinwireknown from Benchknown from Coinindex
  • About CryptoGmblr.com
Contains commercial content
Cryptogambling / Web3 company Thirdweb discovers significant smart contract vulnerability

Web3 company Thirdweb discovers significant smart contract vulnerability

Publish Date: 06/12/2023
thirdweb, tags: smart - blog.thirdweb.com

thirdweb – blog.thirdweb.com

Web3 company Thirdweb recently announced a significant vulnerability in its smart contracts. In a social media post, ThirdWeb reported that a security flaw had been found in “a frequently used open-source library for Web3 smart contracts.”

These smart contracts contain the code used for autonomous decentralized apps (dApps) and NFT collectibles. “On November 20th, 2023 6pm PST, we became aware of a security vulnerability in a commonly used open-source library in the web3 industry,” said Thirdweb.

Thirdweb disclosed, based on its investigation, that the vulnerability had not been exploited in any smart contracts. However, it advises smart contract holders to take mitigation steps on specific pre-built smart contracts created before November 22.

Because of the severity of the vulnerability, Thirdweb is not revealing the specific open-source library responsible for the exploit or specifying the nature of the exploit.

Open-source library for smart contracts OpenZeppelin has clarified that the problem is not associated with its repository.

“Based on our investigation, the issue is inherent in the problematic integration of specific patterns, and is not specific to the implementation included in the OpenZeppelin contracts library,” it said in a social media post.

OpenZeppelin said that it would continue to oversee the assessment of affected individuals in the community and offer them strategies for mitigation.

According to Thirdweb’s post on X, this exploit affects NFT smart contracts using Ethereum ERC-721 and ERC-1155 standards. It also affects fungible tokens created using the ERC-20 standard. Thirdweb provides a comprehensive list of affected contract types and offers a mitigation tool to identify any affected contracts on its blog.

Thirdweb’s vulnerability impacting NFT platforms

NFT market platforms OpenSea and Coinbase are examining how Thirdweb’s issue might affect their users, NFT holders and creators.

“We are in touch with @thirdweb about the security vulnerability impacting some NFT collections,” said OpenSea in a social media post.

OpenSea said users should keep an eye out for more details on how it will support affected collection owners with any OpenSea-related changes during contract migration.

Rarible, another NFT marketplace, revealed that some NFTs on its platform, both on Ethereum and the sidechain scaling network Polygon, had been affected.

Coinbase also revealed that some collections created on its NFT platform had been affected.

“The Coinbase team was informed at 9p PT on Fri 12/1 by @thirdweb of a security vulnerability in a common open-source library, impacting some NFT collections on Coinbase NFT created with thirdweb,” said Coinbase in response to Thirdweb’s announcement.

Smart contract startup Manifold said its contracts were unaffected. Base, the Ethereum layer-2 scaling network incubated by Coinbase, disclosed that while some project contracts used on Base were affected, the network itself was secure.

The Ethereum Profile Picture (PFP) project Cool Cats revealed that while its primary NFTs were secure, it planned to transfer its avatar system packs to a new contract. Meanwhile, Animoca Brands’ Mocaverse gaming platform said that it had moved its diverse NFT collections to new contracts and would enable holders to claim new volumes.

Thirdweb announced that besides covering the fees for migrated projects, it had increased its bug bounty payout from $25,000 to $50,000 and planned to implement a “more rigorous auditing process” in the future.

Top Online Casinos
Top Casinos Bonuses
Stake.us
Stake.us
Stake.us Review
4.6/5
McLuck
McLuck
McLuck Review
4.6/5
Sweeptastic
Sweeptastic
Sweeptastic Review
4.5/5
High5Casino
High5Casino
High5Casino Review
4.5/5
Wow Vegas
Wow Vegas
Wow Vegas Review
4.5/5
Stake.us
Stake.us Bonus
$55 Stake Cash + 260K Gold Coins + 5% Rakeback
T&Cs apply
4.6/5
McLuck
McLuck Bonus
Up to 57.500 Gold Coins + 27.5 Free Sweepstakes Coins
T&Cs apply
4.6/5
Sweeptastic
Sweeptastic Bonus
Up to 55,000 Lucky Coins and 34 Sweeps Coins with first purchase
T&Cs apply
4.5/5
High5Casino
High5Casino Bonus
5 Sweeps Coins + 250 Game Coins + 600 Diamonds
T&Cs apply
4.5/5
Wow Vegas
Wow Vegas Bonus
Get 1.5 million WOW Coins + 34.5 SCs FREE
T&Cs apply
4.5/5
Latest News
Twitter warns: $440k lost in MicroStrategy phishing scam
MicroStrategy is the industry pioneer in business intelligence ...
Avail raises $27M in seed funding for Unified Web3 Infrastructure Solution
Avail, a prominent player in the modular blockchain ...
The power of the decentralized Web3 ecosystem: a deep dive into Polkadot
Polkadot is a modern blockchain network designed to ...
Top Crypto Exchange Sites
Crypto Exchange Guide
  • Crypto Exchanges
  • Betting Exchange
Top Brands
Top Bonuses
Stake.us
Stake.us
Stake.us Review
4.6/5
McLuck
McLuck
McLuck Review
4.6/5
Sweeptastic
Sweeptastic
Sweeptastic Review
4.5/5
High5Casino
High5Casino
High5Casino Review
4.5/5
Wow Vegas
Wow Vegas
Wow Vegas Review
4.5/5
Stake.us
Stake.us Bonus
$55 Stake Cash + 260K Gold Coins + 5% Rakeback
T&Cs apply
4.6/5
McLuck
McLuck Bonus
Up to 57.500 Gold Coins + 27.5 Free Sweepstakes Coins
T&Cs apply
4.6/5
Sweeptastic
Sweeptastic Bonus
Up to 55,000 Lucky Coins and 34 Sweeps Coins with first purchase
T&Cs apply
4.5/5
High5Casino
High5Casino Bonus
5 Sweeps Coins + 250 Game Coins + 600 Diamonds
T&Cs apply
4.5/5
Wow Vegas
Wow Vegas Bonus
Get 1.5 million WOW Coins + 34.5 SCs FREE
T&Cs apply
4.5/5

Players must be 21 years of age or older or reach the minimum age for gambling in their respective state and located in jurisdictions where online gambling is legal. Please play responsibly. Bet with your head, not over it. If you or someone you know has a gambling problem, and wants help, call or visit: (a) the Council on Compulsive Gambling of New Jersey at 1-800-Gambler or www.800gambler.org; or (b) Gamblers Anonymous at 855-2-CALL-GA or www.gamblersanonymous.org.

Trading financial products carries a high risk to your capital, especially trading leverage products such as CFDs. CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. Between 74-89% of retail investor accounts lose money when trading CFDs. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.

This site is using Cloudflare and adheres to the Google Safe Browsing Program. We adapted Google's Privacy Guidelines to keep your data safe at all times.

21+NCPG
Close
Players accepted in the US US Flag
Stake.us Exclusive Bonus
$55 Stake Cash + 260K Gold Coins + 5% Rakeback
Promo Code
Go to Stake.us
Visit Site
T&Cs apply, 18+
Payment Methods
Bitcoin
Litecoin
Ethereum
Dogecoin
Highlights
  • Exclusive promo code: CRYPTGAMBL
  • Play Stake Originals games for free
  • Get free Stake Cash daily just by logging in
Stake Originals
Dice
Crash
Plinko
Mines
×
Your Bonus Code:
The bonus offer of was already opened in an additional window. If not, you can open it also by clicking the following link:
Visit Site