OpenZeppelin, a company specializing in blockchain network security, revealed a critical vulnerability in the integration of ERC-2771 and Multicall standards on Ethereum. The issue put many users and projects at risk, and even allowed the theft of funds in ether (ETH) and the stablecoin USD Coin (USDC).
The "problematic integration" of ERC-2771 and Multicall that OpenZeppelin describes in its statement affects a wide range of smart contracts, including those that support ERC-20 tokens (which use stablecoins, for example) and ERC-721 (that of non-fungible tokens, or NFTs).
This vulnerability generated a potential "address spoofing" attack. Sure enough, there were attacks that led to the theft of 87 ETH (approximately USD 205,000, according to the CriptoNoticias price index) and 17,394 USDC.
Notably, the vulnerability was detected on November 20. Open Zeppelin had received a warning about the vulnerability from the team at ThirdWeb, a company that provides technological solutions for projects in the so-called web3. The issue was made public two weeks later so that we could work on a solution before announcing it, as is often the case in these cases.
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
OpenZeppelin, a company specializing in blockchain network security, revealed a critical vulnerability in the integration of ERC-2771 and Multicall standards on Ethereum. The issue put many users and projects at risk, and even allowed the theft of funds in ether (ETH) and the stablecoin USD Coin (USDC).
The "problematic integration" of ERC-2771 and Multicall that OpenZeppelin describes in its statement affects a wide range of smart contracts, including those that support ERC-20 tokens (which use stablecoins, for example) and ERC-721 (that of non-fungible tokens, or NFTs).
This vulnerability generated a potential "address spoofing" attack. Sure enough, there were attacks that led to the theft of 87 ETH (approximately USD 205,000, according to the CriptoNoticias price index) and 17,394 USDC.
Notably, the vulnerability was detected on November 20. Open Zeppelin had received a warning about the vulnerability from the team at ThirdWeb, a company that provides technological solutions for projects in the so-called web3. The issue was made public two weeks later so that we could work on a solution before announcing it, as is often the case in these cases.