Leading Web3 developer platform Thirdweb has recently uncovered a major security vulnerability in a widely used open-source library, impacting pre-built smart contracts and multiple NFT collections. This discovery has drawn concerns within the Web3 community.

Thirdweb confirmed that, to their knowledge, no exploitation of this vulnerability occurred in projects utilizing their smart contracts. However, they have emphasized smart contract owners’ need to undertake specific actions concerning certain pre-built contracts developed on Thirdweb, preventing possible misuse.

IMPORTANT

On November 20th, 2023 6pm PST, we became aware of a security vulnerability in a commonly used open-source library in the web3 industry.

This impacts a variety of smart contracts across the web3 ecosystem, including some of thirdweb’s pre-built smart contracts.…

Thirdweb identified the vulnerability on November 20, affecting its pre-built smart contracts, including those on OpenSea and the Coinbase NFT platform. OpenSea acknowledged the issue and said, “Stay tuned for more info on how we can assist affected collection owners with any changes on OpenSea tied to contract migration.” 

Coinbase NFT also responded to the security vulnerability, being informed on December 1 about the affected collections on their platform. They said, “In line with thirdweb’s disclosure timeline, we timed outreach to builders who may have deployed impacted contracts before November 22, 2023.”

Both OpenSea and Coinbase NFT have also assured their users that no security breaches happened on their respective platforms, and customers can remain confident about the safety of their funds. Furthermore, the Layer 2 network Base said that the vulnerability affects some of Thirdweb’s pre-built contracts deployed on Base; however, “Base itself is unaffected by this issue. All funds on Base are safe.”

Addressing the smart contract security vulnerability issue, Thirdweb has shared an announcement with steps to take for those affected. They say, “Our immediate priority is to protect our customers impacted by this vulnerability. Users who deployed one of these impacted pre-built smart contracts using thirdweb’s dashboard or SDKs before November 22 at 7pm PST need to perform some mitigation steps.”

To address this vulnerability, Thirdweb recommends that affected smart contract owners lock their contracts, capture snapshots, and progress to new contracts. OpenSea and Coinbase NFT have committed to supporting collection owners while undergoing these mitigation steps.

This incident serves as a crucial reminder of the need for vigilance and prompt action in tackling security issues within the rapidly changing landscape of Web3 and NFTs.

Similar to Notcoin - TapSwap on Solana Airdrops In 2024

origin »

258 +