

NFT
What We Know About The Contract Vulnerability Worrying Web3 – Crypto News
Today, thirdweb—creators of a popular web3 development toolkit—disclosed the existence of a major vulnerability in an open-source code library that is widely-used in smart contracts throughout web3.
According to thirdweb, this vulnerability was present—but not yet taken advantage of—in a number of thirdweb’s pre-built smart contracts. “Based on our investigation so far, this vulnerability has not been exploited in any thirdweb smart contracts. However, smart contract owners must take mitigation steps on certain pre-built smart contracts that were created on thirdweb prior to November 22nd, 2023 at 7pm PT,” they said in a post on X.
Thirdweb noted that the vulnerability may have been present in some of the pre-built contracts that their users had set up to drop fungible or non-fungible tokens—including some ERC20, ERC721 and ERC1155s.
While they have not disclosed the nature of the vulnerability—stating on their newly-launched mitigation website that this would risk the security of others—thirdweb have included a full list of their affected contracts on that site, and have provided detailed instructions and tools for their users who need to take immediate steps to mitigate the risk. “In most cases, the mitigation steps will involve locking the contract, taking a snapshot and migrating to a new contract without the known vulnerability. The exact steps you need to take will depend on the nature of your smart contract, and you can determine these using the [mitigation] tool,” they said on X.
At present, the extent of where and how this vulnerable open-source library is deployed in other smart contracts across the web3 ecosystem is confirmed—which is causing concern across web3, with developers, builders and creators fielding worried questions from clients and colleagues. “Has anything actually been disclosed? I’ve seen this ‘we found something’ post and a bunch of others like Rarible saying ‘they found something’ but no one has said what it is or what to do or even what is impacted exactly. It’s a little frustrating because I woke up to a dozen panicked emails from various projects I’ve worked on saying ‘are we impacted? What do we need to do??’ And all I can say is ‘no idea, we just have to wait and see what gets revealed in the coming days,’” Sean Bonner, artist and veteran project creator, told nft now. “It would have been nice if the announcement also included the fix instead of just launching everyone into the unknown,” he said.
As thirdweb’s contracts have been commonly used to create NFT collections, marketplaces have been quick to respond, including OpenSea, Coinbase NFT and Rarible, which used affected thirdweb contracts in a number of drops. Although information is still sparse, the marketplaces have taken public steps to reassure users. In a post on X, Rarible addressed creators. “If your drop was on Polygon, there’s nothing you need to do. We are mitigating the issue, and we will be in touch when the solution has been implemented. If your drop was on Ethereum, you don’t need to do anything yet. We will address the vulnerability, and will be in touch with a plan for redistributing tokens on a secured contract. We will continue to monitor this issue & keep our users informed,” they posted.
“OpenSea is in touch with thirdweb after their disclosure of a security vulnerability that impacts a subset of collections,” their spokesperson told nft now. “Thirdweb has published a blog post that outlines the steps creators can take to migrate their collections to a new smart contract without the known vulnerability. We strongly encourage impacted collection owners to take action, and we are evaluating how to support the newly migrated collections on OpenSea,” they said.
Although the issue’s underlying cause is linked to third-party tooling, the OpenSea team is coordinating closely with thirdweb to support a resolution, while taking proactive measures on their own platform to ensure user safety. They also emphasized that their own SeaDrop contract is not affected. In response to a question on X, OpenSea business development lead Will Brooke underscored this point. “Confirmed—does not affect ERC721SeaDrop,” he wrote.

OpenZeppelin, the secure blockchain standard whose libraries may have been involved in the disclosed vulnerability, offered a a write-up on X, sharing early results from their enquiry that may reassure a worried web3 community. “Based on our investigation, the issue is inherent to a problematic integration of specific patterns, and NOT particular to the implementations contained in the OpenZeppelin Contracts library. Nonetheless, we will lead the effort to assess who in the community is affected and provide them with mitigation strategies. At the appropriate time, we will responsibly disclose this vulnerability following best practices for the safety of the community,” they wrote. They also assured the public that after giving those affected time to mitigate the vulnerability, they will disclose it in accordance with responsible cybersecurity practices.
The post What We Know About The Contract Vulnerability Worrying Web3 appeared first on nft now.
-
others1 week ago
Skies are clearing for Delta as stock soars 13% on earnings beat – Crypto News
-
others1 week ago
Skies are clearing for Delta as stock soars 13% on earnings beat – Crypto News
-
others1 week ago
Will Ethereum Price Rally to $3,200 as Wall Street Pivots from BTC to ETH – Crypto News
-
Blockchain1 week ago
Insomnia Labs Debuts Stablecoin Credit Platform for Creators – Crypto News
-
Blockchain1 week ago
Ant Group Eyes USDC Integration Circle’s: Report – Crypto News
-
Cryptocurrency1 week ago
Tornado Cash Judge Won’t Let One Case Be Mentioned in Roman Storm’s Trial: Here’s Why – Crypto News
-
Blockchain1 week ago
XRP Rally Possible If Senate Web3 Crypto Summit Goes Well – Crypto News
-
others1 week ago
USD/CAD trades with positive bias below 1.3700; looks to FOMC minutes for fresh impetus – Crypto News
-
Blockchain1 week ago
Kraken and Backed Expand Tokenized Equities to BNB Chain – Crypto News
-
Cryptocurrency1 week ago
Bitcoin Breaks New Record at $111K, What’s Fueling the $120K Price Target? – Crypto News
-
Technology1 week ago
XRP Eyes $3 Breakout Amid Rising BlackRock ETF Speculation – Crypto News
-
Business6 days ago
PENGU Rallies Over 20% Amid Coinbase’s Pudgy Penguins PFP Frenzy – Crypto News
-
Technology1 week ago
Solana Meme Coin PNUT Rallies 10% Amid Elon Musk’s Statement – Crypto News
-
Cryptocurrency1 week ago
Is ETH Finally Ready to Shoot For $3K? (Ethereum Price Analysis) – Crypto News
-
Blockchain1 week ago
Binance Founder Backs BNB Treasury Company Aiming For US IPO – Crypto News
-
Blockchain1 week ago
Ethereum Bulls Roar — $3K Beckons After 5% Spike – Crypto News
-
Business1 week ago
Did Ripple Really Win XRP Lawsuit Despite $125M Fine? Lawyer Fires Back at CEO – Crypto News
-
others1 week ago
EUR/GBP posts modest gain above 0.8600 ahead of German inflation data – Crypto News
-
Cryptocurrency1 week ago
XRP price forecast as coins surges 2.19% to $2.33 – Crypto News
-
Blockchain1 week ago
SUI Chart Pattern Confirmation Sets $3.89 Price Target – Crypto News
-
Technology7 days ago
Breaking: SharpLink Purchases 10,000 ETH from Ethereum Foundation, SBET Stock Up 7% – Crypto News
-
others7 days ago
EUR/GBP climbs as weak UK data fuels BoE rate cut speculation – Crypto News
-
Blockchain6 days ago
Bitcoin Hits All-Time High as Crypto Legislation Votes Near – Crypto News
-
Blockchain4 days ago
Robinhood Dealing With Fallout of Tokenized Equities Offering – Crypto News
-
Cryptocurrency4 days ago
Whale Sells $407K TRUMP, Loses $1.37M in Exit – Crypto News
-
Business1 week ago
Metaplanet Trading Volume Hits $12.8B Amid Digital Bank Acquisition Plans – Crypto News
-
others1 week ago
RBA Governor Bullock discusses policy outlook after the surprise interest rate-hold – Crypto News
-
Cryptocurrency1 week ago
Bulls In Control But Resistance Persists at $2.30. What Next? – Crypto News
-
Technology1 week ago
GameSquare Stock Shoots 58% After Revealing $100 Million Ethereum Treasury Strategy – Crypto News
-
others1 week ago
Australian Dollar remains stronger due to persistent inflation risks, FOMC Minutes eyed – Crypto News
-
others1 week ago
US Dollar Resurgence May Be Around the Corner, According to Barclays Currency Strategist – Here’s Why: Report – Crypto News
-
others1 week ago
Trump Jr. Backed Thumzup Media To Invest In ETH, XRP, SOL, DOGE And LTC – Crypto News
-
Cryptocurrency1 week ago
Bitcoin Hits Record Peak. How High Can It Surge in 2025? – Crypto News
-
Technology1 week ago
VC Firm Ego Death Capital Closes $100M Funding to Back Bitcoin-Based Projects – Crypto News
-
Cryptocurrency1 week ago
Tokenized Securities Are Still Securities, US SEC Warns Robinhood, Kraken – Crypto News
-
others1 week ago
NovaEx Launches with a Security-First Crypto Trading Platform Offering Deep Liquidity and Institutional-Grade Infrastructure – Crypto News
-
Blockchain1 week ago
Australia Banks Join Digital Currency Trial for Tokenized Assets – Crypto News
-
Metaverse1 week ago
How Brands Can Deepen Customer Connections in the Metaverse – Crypto News
-
others1 week ago
Anthony Scaramucci Says $180,000 Bitcoin Price Explosion Possible As BTC ‘Supremacy’ Creeps Up – Here’s His Timeline – Crypto News
-
Technology1 week ago
Perplexity launches Comet, an AI-powered browser to challenge Google Chrome; OpenAI expected to enter the space soon – Crypto News
-
Cryptocurrency1 week ago
Bitcoin Breaks New Record at $111K, What’s Fueling the $120K Price Target? – Crypto News
-
Business1 week ago
US Senate To Release CLARITY Act Draft Next Week – Crypto News
-
others1 week ago
$687,220,000 in Bitcoin Shorts Liquidated in Just One Hour As BTC Explodes To $116,000 – Crypto News
-
Business7 days ago
S&P Global Downgrades Saks Global’s Credit Rating – Crypto News
-
Technology1 week ago
Google’s worst nightmare? OpenAI’s new AI web browser is coming soon to challenge Chrome – Crypto News
-
Technology1 week ago
10 Smartchoice tablets from top brands, curated for everyday use, up to 45% off before Amazon Prime Day Sale – Crypto News
-
others1 week ago
China’s Ant Group With 1.4B Users Taps Circle to Integrate USDC – Crypto News
-
Business1 week ago
Just In: DeFi Development Corp. Adds 47,272 SOL, Now Holds $103M In Solana – Crypto News
-
Cryptocurrency1 week ago
Bitcoin crash narrative returns as geopolitical tensions mount – Crypto News
-
Cryptocurrency1 week ago
Ethereum ascends: Institutional pivot and dormant whale moves signal a new era – Crypto News