Vulnerability Management, Third-party code

Open-source NFT library flaw reported by Thirdweb

Numerous Web3 smart contracts, including DropERC20, AirDrop20, ERC721, and ERC1155, were discovered by Thirdweb to be exposed to a vulnerability in a widely used open-source nonfungible token library, reports SiliconAngle. "Based on our investigation so far, this vulnerability has not been exploited in any Thirdweb smart contracts. However, smart contract owners must take mitigation steps on certain pre-built smart contracts that were created on Thirdweb prior to November 22nd, 2023 at 7pm PT," said Thirdweb. Such a disclosure has prompted major NFT marketplace OpenSea and major U.S. cryptocurrency exchange Coinbase to coordinate with Thirdweb. "We are in touch with @thirdweb about the security vulnerability impacting some NFT collections. Stay tuned for more info on how we can assist affected collection owners with any changes on OpenSea tied to contract migration," said OpenSea in a post on X, formerly Twitter. On the other hand, Coinbase has already notified builders that distributed contracts before Nov. 22.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.