ERC-2771 integration introduces address spoofing vulnerability — OpenZeppelin – DeviceFile
0

ERC-2771 integration introduces address spoofing vulnerability — OpenZeppelin

The smart contract vulnerability arises after the integration of ERC-2771 and multicall standards. OpenZepplin identified 13 sets of vulnerable smart contracts.

Soon after Thirdweb revealed a security vulnerability that could impact a variety of common smart

contracts used across the Web3 ecosystem, OpenZeppelin identified two specific standards as the root cause of the threat.

On Dec. 4, Thirdweb reported a vulnerability in a commonly used open-source library,

which could impact pre-built contracts, including DropERC20, ERC-721, ERC-1155 (all versions) and AirdropERC20.

In response, smart contracts development platform OpenZepplin

and nonfungible token marketplaces

Coinbase NFT and OpenSea proactively informed users about the threat. Upon further investigation,

OpenZepplin found that the vulnerability stems from “a problematic integration of two specific standards: ERC-2771 and Multicall.”

The smart contract vulnerability in question arises after the integration of ERC-2771 and multicall

standards. OpenZepplin identified 13 sets of vulnerable smart contracts, as shown below.

However, crypto service providers are advised to address the issue before bad actors find a way to exploit the vulnerability.