{"id":26318,"date":"2023-12-08T08:10:22","date_gmt":"2023-12-08T08:10:22","guid":{"rendered":"https:\/\/nftandcrypto-news.com\/crypto\/erc-2771-integration-introduces-address-spoofing-vulnerability-openzeppelin\/"},"modified":"2023-12-08T08:10:25","modified_gmt":"2023-12-08T08:10:25","slug":"erc-2771-integration-introduces-address-spoofing-vulnerability-openzeppelin","status":"publish","type":"post","link":"https:\/\/nftandcrypto-news.com\/crypto\/erc-2771-integration-introduces-address-spoofing-vulnerability-openzeppelin\/","title":{"rendered":"ERC-2771 integration introduces address spoofing vulnerability \u2014 OpenZeppelin"},"content":{"rendered":"
Soon after Thirdweb revealed a security vulnerability that could impact a variety of common smart contracts used across the Web3 ecosystem, OpenZeppelin identified two specific standards as the root cause of the threat.<\/p>\n
On Dec. 4, Thirdweb reported a vulnerability in a commonly used open-source library, which could impact pre-built contracts, including DropERC20, ERC-721, ERC-1155 (all versions) and AirdropERC20. <\/p>\n
\nIMPORTANT <\/p>\n
On November 20th, 2023 6pm PST, we became aware of a security vulnerability in a commonly used open-source library in the web3 industry.<\/p>\n
This impacts a variety of smart contracts across the web3 ecosystem, including some of thirdweb\u2019s pre-built smart contracts.\u2026<\/p>\n
\u2014 thirdweb (@thirdweb) December 5, 2023<\/a><\/p><\/blockquote>\n
In response, smart contracts development platform OpenZepplin<\/a> and nonfungible token marketplaces Coinbase NFT<\/a> and OpenSea<\/a> proactively informed users about the threat. Upon further investigation, OpenZepplin found that the vulnerability stems from \u201ca problematic integration of two specific standards: ERC-2771 and Multicall.\u201d<\/p>\n
The smart contract vulnerability in question arises after the integration of ERC-2771 and multicall standards. OpenZepplin identified 13 sets of vulnerable smart contracts, as shown below. However, crypto service providers are advised to address the issue before bad actors find a way to exploit the vulnerability.<\/p>\n