ThirdWeb Detects Vulnerabilities in Ethereum Smart Contracts

Reading Time: 2 minutes
  • ThirdWeb has detected vulnerabilities in common Ethereum NFT smart contracts
  • The web3 platform said it won’t disclose the exact vulnerabilities to the public to avoid malicious actors from taking advantage
  • Some NFT projects have started reviewing their smart contracts for any security weaknesses

NFT projects have started looking for weaknesses in their projects after web3 platform ThirdWeb detected vulnerabilities in common smart contracts on the Ethereum blockchain. ThirdWeb didn’t disclose the actual weaknesses for fear that malicious actors may take advantage of the vulnerabilities. Some NFT platforms like OpenSea have contacted ThirdWeb in an attempt to investigate and fix the problem, an indication that web3 platforms take security seriously.

Vulnerability Yet to be Exploited

According to ThirdWeb, the vulnerability is spread across the web3 space, especially for NFT projects using Ethereum’s ERC-721, ERC-20 and ERC-1155 standards.

The web3 firm however noted that the security hole is yet to be exploited, adding that the vulnerability is found on “pre-built smart contracts.” The firm has created a tool to assist affected projects to take mitigation measures.

Affected projects can protect themselves by either “locking the contract [or] taking a snapshot and migrating to a new contract without the known vulnerability,” adding that the actual measures depend on “the nature of your smart contract.”

We’re in Touch with ThirdWeb

The revelation has seen leading web3 platforms disclose that they’re working with ThirdWeb to fix the security weakness. NFT marketplace OpenSea, for example, said that they’re “in touch with ThirdWeb about the security vulnerability.”

Mocaverse, a gaming platform, revealed that it has already acted on the information. NFT project Cool Cats has also disclosed that it has “thoroughly investigated” its contracts for any of the mentioned vulnerabilities and its “primary collections are confirmed secure.”

With most NFT projects seemingly affected by the vulnerabilities, it’s to be seen whether all affected projects will fix them on time before they’re exploited.