- ThirdWeb has detected vulnerabilities in common Ethereum NFT smart contracts
- The web3 platform said it won’t disclose the exact vulnerabilities to the public to avoid malicious actors from taking advantage
- Some NFT projects have started reviewing their smart contracts for any security weaknesses
NFT projects have started looking for weaknesses in their projects after web3 platform ThirdWeb detected vulnerabilities in common smart contracts on the Ethereum blockchain. ThirdWeb didn’t disclose the actual weaknesses for fear that malicious actors may take advantage of the vulnerabilities. Some NFT platforms like OpenSea have contacted ThirdWeb in an attempt to investigate and fix the problem, an indication that web3 platforms take security seriously.
Vulnerability Yet to be Exploited
According to ThirdWeb, the vulnerability is spread across the web3 space, especially for NFT projects using Ethereum’s ERC-721, ERC-20 and ERC-1155 standards.
IMPORTANT
On November 20th, 2023 6pm PST, we became aware of a security vulnerability in a commonly used open-source library in the web3 industry.
This impacts a variety of smart contracts across the web3 ecosystem, including some of thirdweb’s pre-built smart contracts.…
— thirdweb (@thirdweb) December 5, 2023
The web3 firm however noted that the security hole is yet to be exploited, adding that the vulnerability is found on “pre-built smart contracts.” The firm has created a tool to assist affected projects to take mitigation measures.
Affected projects can protect themselves by either “locking the contract [or] taking a snapshot and migrating to a new contract without the known vulnerability,” adding that the actual measures depend on “the nature of your smart contract.”
We’re in Touch with ThirdWeb
The revelation has seen leading web3 platforms disclose that they’re working with ThirdWeb to fix the security weakness. NFT marketplace OpenSea, for example, said that they’re “in touch with ThirdWeb about the security vulnerability.”
We are in touch with @thirdweb about the security vulnerability impacting some NFT collections. Stay tuned for more info on how we can assist affected collection owners with any changes on OpenSea tied to contract migration. Please read @thirdweb’s post below for more detail. https://t.co/HU6bmXWU7U
— OpenSea (@opensea) December 5, 2023
Mocaverse, a gaming platform, revealed that it has already acted on the information. NFT project Cool Cats has also disclosed that it has “thoroughly investigated” its contracts for any of the mentioned vulnerabilities and its “primary collections are confirmed secure.”
Important Update: In partnership with @thirdweb, we’ve thoroughly investigated recent security concerns tied to widely-used contract libraries. Great news — our primary collections are confirmed secure.
We’ll soon be migrating our Avatar System packs contract for even stronger… https://t.co/oCsD4rnWov
— Cool Cats (@coolcats) December 5, 2023
With most NFT projects seemingly affected by the vulnerabilities, it’s to be seen whether all affected projects will fix them on time before they’re exploited.