Coinbase NFT and OpenSea Address Web3 Vulnerability Alert from Thirdweb
A vulnerability was recently discovered in a commonly used Web3 open-source library. The vulnerability could potentially affect numerous NFT projects built using frameworks from web3 development toolkit provider Thirdweb.
- The vulnerability impacts smart contracts created using Thirdweb’s NFT minting templates prior to Nov. 22nd, including popular collections on OpenSea and Coinbase NFT.
- Specific affected pre-built contracts include DropERC20, ERC721, ERC1155, and AirdropERC20.
- Thirdweb stated the vulnerability has not been actively exploited yet in any of its own smart contracts.
- However, Thirdweb warned that owners of affected NFT projects need to take urgent mitigation steps to lock and migrate existing smart contracts to new secure versions.
Thirdweb disclosed the vulnerability on Nov. 30th and immediately began working to protect affected customers. Additionally, the company released guidance for determining if a project’s smart contracts are vulnerable, along with mitigation tools to safely migrate contracts and reissue replacement NFTs to holders.
OpenSea and Coinbase respond
In response to Thirdweb’s disclosure, OpenSea, a prominent NFT marketplace, expressed collaboration in addressing the security concern. In addition, they assured users of ongoing communication with Thirdweb to assist affected collection owners.
Coinbase NFT also responded promptly to Thirdweb’s tweet, clarifying that they were informed about the vulnerability on December 1st. Coinbase NFT confirmed that the security flaw affects some NFT collections on Coinbase NFT created using Thirdweb but emphasized that there has been no breach of the Coinbase platform, ensuring the safety of customer funds.
Coinbase’s Actions:
- Immediate response to Thirdweb’s disclosure.
- Outreach to builders with impacted contracts prior to November 22nd, 2023.
- Offering response support and a mitigation tool for affected contracts.
- Assuring users of the safety of funds on Coinbase.
Coinbase acknowledges Thirdweb’s efforts in managing the situation and remains optimistic that the mitigations implemented by builders will minimize any potential impact on users. In addition, it’s emphasized that Coinbase itself remains unaffected by the issue, reiterating the safety of all funds on its platform.