AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Critical vulnerability discovered in NFT open-source library

Security gap detected in smart contract library: exploit risk for non-fungible tokens (NFTs)

Tech company Thirdweb has revealed a vulnerability in an open-source library used to develop smart contracts for NFTs. This bug may affect many contracts in the Web3 industry. While there are no active exploits, Thirdweb has warned developers to take preventative measures. The company has also strengthened its security processes.

This pill is also available in Italian language

The company Thirdweb, specialized in providing tools for developing Web3 applications, recently revealed the existence of a vulnerability within a popular open-source library used to create smart contracts, or smart contracts, for non-fungible tokens (NFT). This vulnerability impacts several contracts used in the Web3 industry and the discovery was communicated via a post on X, formerly known as Twitter, on November 20th.

Preventative action required for smart contracts

While there are no reports of active exploits resulting from this security gap yet, developers who have used pre-configured smart contracts on Thirdweb have been alerted to the need to take mitigation measures. Such contracts, executed before November 22, 2023 at 7:00 pm PT, include DropERC20, ERC721, ERC1155 and AirDrop20, as stated by the company, which also provided a detailed list and verification and mitigation tools available online.

Impact on the sector and countermeasures

The identity of the library affected by this vulnerability was not disclosed by Thirdweb to limit the risk of exploits, but the developers responsible were informed and warned. Following this, major players in the Web3 industry, including OpenSea and Coinbase Inc., have spoken out regarding the issue, highlighting their collaboration with Thirdweb to assist affected developers.

Thirdweb strengthens security measures

Thirdweb said it plans to use this event to step up its security efforts, doubling its bug bounty reward to $50,000 and introducing more stringent auditing processes to identify and prevent possible threats of this type in the future.

Follow us on Instagram for more pills like this

12/05/2023 18:22

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon