Critical vulnerability discovered in NFT open-source library

The company Thirdweb, specialized in providing tools for developing Web3 applications, recently revealed the existence of a vulnerability within a popular open-source library used to create smart contracts, or smart contracts, for non-fungible tokens (NFT). This vulnerability impacts several contracts used in the Web3 industry and the discovery was communicated via a post on X, formerly known as Twitter, on November 20th.

Preventative action required for smart contracts

While there are no reports of active exploits resulting from this security gap yet, developers who have used pre-configured smart contracts on Thirdweb have been alerted to the need to take mitigation measures. Such contracts, executed before November 22, 2023 at 7:00 pm PT, include DropERC20, ERC721, ERC1155 and AirDrop20, as stated by the company, which also provided a detailed list and verification and mitigation tools available online.

Impact on the sector and countermeasures

The identity of the library affected by this vulnerability was not disclosed by Thirdweb to limit the risk of exploits, but the developers responsible were informed and warned. Following this, major players in the Web3 industry, including OpenSea and Coinbase Inc., have spoken out regarding the issue, highlighting their collaboration with Thirdweb to assist affected developers.

Thirdweb strengthens security measures

Thirdweb said it plans to use this event to step up its security efforts, doubling its bug bounty reward to $50,000 and introducing more stringent auditing processes to identify and prevent possible threats of this type in the future.