Ethereum NFT project creators are actively working to protect their collections after cryptocurrency platform Thirdweb disclosed vulnerabilities in its smart contracts. Thirdweb reported security vulnerabilities in a "widely used open source library for Web3 smart contracts" affecting off-the-shelf contracts, including smart contracts for NFT collections and decentralized applications (dapps).
Due to the severity of the vulnerability, Thirdweb does not disclose details about the library, but states that the issue is related to the integration of specific templates unrelated to the OpenZeppelin Contracts library. Thirdweb suggests mitigation measures to projects, including blocking current smart contracts and replacing them, as well as distributing tokens to current holders. Major NFT platforms, such as OpenSea and Rarible, are warning users of the potential changes and recommend keeping an eye out for updates. A host of platforms, including Coinbase and Cool Cats, are taking steps to secure their NFT collections by migrating contracts and allowing holders to claim new versions. Thirdweb is also increasing rewards for finding bugs and will strengthen its auditing process.
