Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
Coinbase NFT and OpenSea respond after Thirdweb vulnerability disclosure

Coinbase NFT and OpenSea respond after Thirdweb vulnerability disclosure

The BlockThe Block2023/12/05 11:18
By:The Block

Quick Take Thirdweb, a web3 developer platform, disclosed a security vulnerability in its open-source library. The vulnerability specifically targets pre-built smart contracts provided by Thirdweb, affecting multiple NFT collections.

Coinbase NFT and OpenSea respond after Thirdweb vulnerability disclosure image 0

Web3 developer platform Thirdweb disclosed a major security vulnerability discovered in its open-source library.

This vulnerability , which Thirdweb became aware of on Nov. 20, affects multiple NFT collections — specifically, pre-built smart contracts it provided. However, the firm has not clarified which specific collections may be impacted.

One of the largest NFT trading platforms, OpenSea, came forward in response — noting that some NFT collections on its platform were impacted. OpenSea said it's working with those collections to mitigate security issues. "We are in touch with Thirdweb about the security vulnerability impacting some NFT collections. Stay tuned for more info on how we can assist affected collection owners with any changes on OpenSea tied to contract migration," OpenSea wrote .

Coinbase NFT said it was notified of the security vulnerability on Dec. 1 and impacts "some NFT collections on Coinbase NFT created with Thirdweb."

The Coinbase-backed Layer 2 network, Base, also stated the issue affects some of the NFT contracts deployed on the network.

Thirdweb said in its disclosure today that, to its knowledge, the vulnerability has not been exploited in any of the projects using its smart contracts. However, it reiterated that smart contract owners must take measures for specific pre-built contracts created on Thirdweb to mitigate potential exploitation of this vulnerability. Affected pre-built contracts include "DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20".

In most cases, mitigation will involve locking the contract, taking snapshots, and migrating to a new contract without known vulnerabilities. If contract builder holders have tokens locked in any liquidity or staking pools, they should withdraw them before starting these steps.


0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!