Following the security vulnerability that impacted an OpenSource library, OpenSea, a well-known NFT marketplace, has said it will assist affected collection owners. The NFT marketplace took this stand after Thirdweb, a web3 development toolkit, gave a public update on the incident.
According to Thirdweb, the security vulnerability occurred on November 20th impacting several smart contracts in the web3 industry including some of its pre-built contracts. Thus, smart contract owners have to carry out some mitigation steps on certain pre-built smart contracts created on Thirdweb before November 22nd, Thirdweb said.
Thirdweb listed some of the impacted prebuilt smart contracts including DropERC20, ERC721, ERC1155, and AirdropERC20. Further, Thirdweb said users who deployed one of these pre-built smart contracts using Thirdweb’s dashboard or SDKs before November 22nd need to carry out some mitigation steps against the potential exploitation of the vulnerability.
The mitigation steps could involve migrating to a new contract after locking and taking a snapshot of the contract.
OpenSea mentioned it is in touch with Thirdweb and will give out more information on how it intends to “assist affected collection owners with any changes on OpenSea tied to contract migration.”
The mitigation steps however depend on the nature of a user’s smart contract which can be determined before starting the mitigation process.
Additionally, liquidity locked or staked by holders of tokens on any of the smart contracts with the vulnerability will have to unstake or unlock before the mitigation steps. Also, approvals on all Thirdweb contacts have to be revoked.
Despite the vulnerability updates, Thirdweb stated that all of its smart contract deployed after November 22nd is not impacted by the vulnerability. Adding that “all other thirdweb services, including wallets, payments, and infrastructure services, are also unaffected and functioning as usual.”
Thirdweb however did not disclose the open-source library, saying it did so to mitigate the chance of exploitation.
Read also;
DigiFT scores license from Monetary Authority of Singapore
What do you think of this article? Share comments below.