Ethereum NFT Developers Rush Securing Projects Amid Thirdweb Susceptibility

Famous project developers and Ethereum NFT marketplaces strive to avert a series smart contract problem.

Some Ethereum NFT project developers are moving quickly to secure their collections. This is after Thirdweb, a famous crypto development network, revealed that its smart contracts have problems. 

The platform claimed that a safety susceptibility in a ‘frequently utilized open-source library for Web3 smart contracts’ was established, and it impacts pre-developed contracts provided by Thirdweb and others. Smart contracts comprise the code that drives nonfungible token (NFT) and decentralized apps (dapps) suites.

Thirdweb Urges Mitigation of Vulnerability in Smart Contracts

Because of the susceptibility’s seeming gravity, Thirdweb is not revealing the open-source library behind the exploit or information regarding what the matter involves. Recently, OpenZeppelin, a vastly utilized open-source library for smart contracts, claimed the problem is unrelated to its source. 

OpenZeppelin tweeted that based on its probe, the problem is inherent to a challenging integration of particular trends and not linked to the executions in its Contracts library. Additionally, it claimed that it would still ‘govern the effort to evaluate affected community members and offer alleviation interventions.

Thirdweb claimed that despite not believing that smart contracts have been utilized, it suggests the need for projects to implement a mitigation strategy that entails locking down their present smart contract and shifting to another one. Afterwards, the projects should airdrop tokens to present holders. The firm claimed it would aid in covering network charges linked to transferring holders from an affected smart contract.

On November 20, Thirdweb knew about the contract susceptibility and introduced a fix to its pre-created smart contract templates two days later. Thus, all Thirdweb smart contracts after 2200hrs ET are safe. 

Smart Contracts Using ERC-1155 and Ethereum ERC-721 Vulnerable

On the other hand, those deployed before might be affected. The exploit is linked to nonfungible token smart contracts that utilize the ERC-1155 and Ethereum ERC-721. In addition, they utilize the fungible tokens printed through the ERC-20 standard. Thirdweb’s blog post provides a list of affected contract types as well as an alleviation tool to recognize affected contracts.

Most leading industry layers are giving opinions concerning the issue’s effect on nonfungible token holders, NFT project developers, and users. A tweet by OpenSea, a major nonfungible token marketplace, informed users to ‘remain on the watch out for additional information regarding how it can aid affected collection owners with alterations on OpenSea linked to contract migration.’ According to Rarible, another nonfungible token marketplace, numerous NFT drops are impacted across Ethereum and Polygon, a sidechain scaling platform.

Coinbase claimed that some of the suites generated on its nonfungible token platform are affected, while Manifold, a smart contract startup, claimed its contracts are not affected. Additionally, Base, an Ethereum layer-2 scaling platform incubated by Coinbase, argued that the network is safe despite some project contracts used on Base being impacted.

Cool Cats Shifting Avatar System to Alternative Contract

Cool Cats, an Ethereum profile picture (PFP) project, revealed that its Avatar System packs will be shifted to another contract despite its major NFTs being secure. In the meantime, Mocaverse, Animoca Brands’ gaming platform, claimed it had moved its numerous NFT suites to other contracts and will allow holders to claim the latest versions.

Thirdweb wrote that besides covering charges for transferred projects, it has upped the bug bounty payments to $50000 and will use a ‘more stringent auditing strategy.’