Leading Ethereum NFT protocols and project creators are prioritizing initiatives to overcome the smart contract issue. The creators are responding to secure collections following the disclosure of smart contracts’ issues by the crypto development platform Thirdweb.
Thirdweb reported a security vulnerability within the open-source library hosting Web3 smart contracts. The platform reported that the vulnerability affects the pre-built contracts that Thirdweb offers.
OpenZeppelin Leading Efforts to Resolve Vulnerability
The affected smart contracts are identified as holding code powering the independent decentralized applications (dapps) and nonfungible token (NFT) collections.
Thirdweb was noncommittal on the exact open-source library being the exploit’s source, citing the vulnerability’s extent. The details of the issues involved were withheld.
The revelation by Thirdweb prompted OpenZeppelin, often utilized for open-source libraries in smart contracts, to dismiss ties with the repository.
OpenZeppelin Contracts indicated in a tweet that its investigation showed the issue is inherent to integrating certain patterns. The investigation ruled out the existence of specific implementations within the OpenZeppelin Contracts library.
OpenZeppelin promised to lead efforts to assess parties in the community affected by the vulnerability. It assured to offer mitigation strategies to the challenges.
Thirdweb ruled out incidents of smart contracts exploitation. Nonetheless, it urged projects to initiate the mitigation process, including locking the current smart contract. Such parties should migrate to the new ones and subsequently airdrop tokens to the current holders.
Thirdweb Settling Network Fees Incurred in Migration
Thirdweb assured that it would settle network fees incurred when migrating holders whose smart contracts.
Thirdweb acknowledged discovering the contract vulnerability on November 20. Two days later, it unveiled a quick fix to the pre-built smart contract templates. The Thirdweb smart contracts deployed earlier than 2200hrs ET on November 22 are vulnerable.
The exploit is linked to the NFT smart contracts utilizing the Ethereum ERC-721 and -1555 standards. Also, the exploit extends to fungible tokens minted by leveraging the ERC-20 standard.
The company indicated that the full list of contract types with potential vulnerability is listed via the official blog post along with the mitigation to identify the affected contracts.
Several industry players have examined how the vulnerability may impact users, NFT creators, and holders.
Leading NFT marketplace, OpenSea urged the users to tune in for updates detailing how to assist the affected collection owners. The platform informed the users that it is mulling several changes linked to contract migration.
Rarible NFT marketplace indicated several NFT drops on the protocol are victim-linked to the Ethereum and Polygon sidechain scaling network.
Coinbase acknowledged that several collections created on the NFT platform are victims. Nonetheless, smart contract startup firm Manifold revealed that no projects are affected.
Coinbase-incubated Ethereum L2 scaling network Base reported several projects suffering from the vulnerability. Bases indicated that the network is secure from the vulnerability.
Cool Cats and Mocaverse Platforms Consider Migration
Cool Cats, the Ethereum profile picture (PFP) project, admitted that though the primary NFTs are safe, it plans to migrate the Avatar System packs to a different contract.
Animoca Brands’ gaming platform, Mocaverse, confirmed migrating NFT collections to the newly created contracts. It plans to allow holders to claim the latest versions.
Thirdweb indicated that besides settling fees incurred during project migration, it doubled the bug bounty payments. As such, it will pay $50,000 from $25,000, besides implementing a rigorous auditing approach for subsequent initiatives.
HeraldSheets.com produces top quality content for crypto companies. We provide brand exposure for hundreds of companies. All of our clients appreciate our services. If you have any questions you may contact us. Cryptocurrencies and Digital tokens are highly volatile, conduct your own research before making any investment decisions. Some of the posts on this website are guest posts or paid posts that are not written by our authors and the views expressed in them do not reflect the views of this website. Herald Sheets is not responsible for the content, accuracy, quality, advertising, products or any other content posted on the site. Read full terms and conditions / disclaimer.