Web3 company Thirdweb recently announced a significant vulnerability in its smart contracts. In a social media post, ThirdWeb reported that a security flaw had been found in “a frequently used open-source library for Web3 smart contracts.”
These smart contracts contain the code used for autonomous decentralized apps (dApps) and NFT collectibles. “On November 20th, 2023 6pm PST, we became aware of a security vulnerability in a commonly used open-source library in the web3 industry,” said Thirdweb.
Thirdweb disclosed, based on its investigation, that the vulnerability had not been exploited in any smart contracts. However, it advises smart contract holders to take mitigation steps on specific pre-built smart contracts created before November 22.
Because of the severity of the vulnerability, Thirdweb is not revealing the specific open-source library responsible for the exploit or specifying the nature of the exploit.
Open-source library for smart contracts OpenZeppelin has clarified that the problem is not associated with its repository.
“Based on our investigation, the issue is inherent in the problematic integration of specific patterns, and is not specific to the implementation included in the OpenZeppelin contracts library,” it said in a social media post.
OpenZeppelin said that it would continue to oversee the assessment of affected individuals in the community and offer them strategies for mitigation.
According to Thirdweb’s post on X, this exploit affects NFT smart contracts using Ethereum ERC-721 and ERC-1155 standards. It also affects fungible tokens created using the ERC-20 standard. Thirdweb provides a comprehensive list of affected contract types and offers a mitigation tool to identify any affected contracts on its blog.
NFT market platforms OpenSea and Coinbase are examining how Thirdweb’s issue might affect their users, NFT holders and creators.
“We are in touch with @thirdweb about the security vulnerability impacting some NFT collections,” said OpenSea in a social media post.
OpenSea said users should keep an eye out for more details on how it will support affected collection owners with any OpenSea-related changes during contract migration.
Rarible, another NFT marketplace, revealed that some NFTs on its platform, both on Ethereum and the sidechain scaling network Polygon, had been affected.
Coinbase also revealed that some collections created on its NFT platform had been affected.
“The Coinbase team was informed at 9p PT on Fri 12/1 by @thirdweb of a security vulnerability in a common open-source library, impacting some NFT collections on Coinbase NFT created with thirdweb,” said Coinbase in response to Thirdweb’s announcement.
Smart contract startup Manifold said its contracts were unaffected. Base, the Ethereum layer-2 scaling network incubated by Coinbase, disclosed that while some project contracts used on Base were affected, the network itself was secure.
The Ethereum Profile Picture (PFP) project Cool Cats revealed that while its primary NFTs were secure, it planned to transfer its avatar system packs to a new contract. Meanwhile, Animoca Brands’ Mocaverse gaming platform said that it had moved its diverse NFT collections to new contracts and would enable holders to claim new volumes.
Thirdweb announced that besides covering the fees for migrated projects, it had increased its bug bounty payout from $25,000 to $50,000 and planned to implement a “more rigorous auditing process” in the future.
Players must be 21 years of age or older or reach the minimum age for gambling in their respective state and located in jurisdictions where online gambling is legal. Please play responsibly. Bet with your head, not over it. If you or someone you know has a gambling problem, and wants help, call or visit: (a) the Council on Compulsive Gambling of New Jersey at 1-800-Gambler or www.800gambler.org; or (b) Gamblers Anonymous at 855-2-CALL-GA or www.gamblersanonymous.org.
Trading financial products carries a high risk to your capital, especially trading leverage products such as CFDs. CFDs are complex instruments and come with a high risk of losing money rapidly due to leverage. Between 74-89% of retail investor accounts lose money when trading CFDs. You should consider whether you understand how CFDs work and whether you can afford to take the high risk of losing your money.
This site is using Cloudflare and adheres to the Google Safe Browsing Program. We adapted Google's Privacy Guidelines to keep your data safe at all times.
Crypto Gambling is not available at your location.
For US visitors, we recommend playing at Stake.us Social Casino instead.