Thirdweb, a renowned Web3 developer platform, recently disclosed a significant security vulnerability impacting NFT collections that was detected in its open-source library. Although Thirdweb became cognizant of this vulnerability on November 20, it has yet to specify which collections could be affected.
Response from Major NFT Trading Platforms
In the wake of this disclosure, OpenSea, one of the leading NFT trading platforms, acknowledged that some NFT collections on its platform had been affected. The platform is actively collaborating with these collections to address the security issues. OpenSea announced, “We are liaising with Thirdweb regarding the security vulnerability affecting some NFT collections. Stay tuned for more information on how we can support affected collection owners with any changes on OpenSea related to contract migration.”
Meanwhile, Coinbase NFT revealed that it was informed of the security vulnerability on December 1, which affects “some NFT collections on Coinbase NFT created with Thirdweb.”
Implications for the Base Network
The Coinbase-supported Layer 2 network, known as Base, also confirmed that some of the NFT contracts deployed on the network are impacted by the issue. Despite this, Thirdweb assured in its disclosure that, to the best of its knowledge, the vulnerability has not yet been exploited in any of the projects utilizing its smart contracts.
Steps to Mitigate the Vulnerability
Thirdweb emphasized that smart contract owners must implement measures for specific pre-built contracts created on Thirdweb to prevent potential exploitation of this vulnerability. The affected pre-built contracts include “DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20”. In most instances, mitigation will require locking the contract, taking snapshots, and migrating to a new contract devoid of known vulnerabilities. If contract builder holders have tokens locked in any liquidity or staking pools, they are advised to withdraw them prior to initiating these steps.
As we navigate through the complexities of the crypto world, platforms like cryptoview.io can provide valuable insights and tools to help users manage their crypto assets effectively.
