ERC-2771 integration introduces address spoofing vulnerability — OpenZeppelin
The smart contract vulnerability arises after the integration of ERC-2771 and multicall standards. OpenZepplin identified 13 sets of vulnerable smart contracts.
Soon after Thirdweb revealed a security vulnerability that could impact a variety of common smart contracts used across the Web3 ecosystem, OpenZeppelin identified two specific standards as the root cause of the threat.
On Dec. 4, Thirdweb reported a vulnerability in a commonly used open-source library, which could impact pre-built contracts, including DropERC20, ERC-721, ERC-1155 (all versions) and AirdropERC20.
James Edwards, the lead maintainer for cybersecurity investigator Librehash, said that while AI chatbots can develop smart contracts, deploying them in a live environment is risky.