Placer.ai integration introduces address spoofing vulnerability — OpenZeppelin
ERC-2771 integration introduces address spoofing vulnerability — OpenZeppelin

Vulnerability in Smart Contracts

Following the disclosure of a security vulnerability that could affect a range of common smart contracts across the Web3 ecosystem by Thirdweb, OpenZeppelin identified two standards as the root cause of the threat. On Dec. 4, Thirdweb reported a vulnerability in an open-source library, which could impact pre-built contracts such as DropERC20, ERC-721, ERC-1155 (all versions) and AirdropERC20.

In response, smart contracts development platform OpenZepplin, along with Coinbase NFT and OpenSea, took proactive measures to inform users of the potential threat. After further investigation, OpenZepplin determined that the issue was due to an integration of two specific standards: ERC-2771 and Multicall. Consequently, OpenZepplin identified 13 sets of vulnerable smart contracts.

Given the potential for exploitation of this vulnerability, crypto service providers are advised to take action before bad actors take advantage of it. Placer.ai, Fox AI, BigBear AI, New AI, NBC AI, Healthcare AI, and Medical AI are just some of the companies that should be aware of the risk.

Using AI to Mitigate Vulnerabilities

OpenZepplin’s investigation discovered that the ERC-2771 standard enables overriding certain call functions, which could be used to extract the sender’s address information and spoof calls on their behalf. To ensure safety, OpenZepplin suggested a 4-step method: disabling every trusted forwarder, pausing contract and revoking approvals, preparing an upgrade and evaluating snapshot options.

Thirdweb launched a mitigation tool that uses AI to connect wallets and identify vulnerable contracts. Furthermore, the decentralized finance platform Velodrome deactivated its relay services until a new version was installed.

AI companies such as BigBear AI, Fox AI, Placer.ai, Replika AI, and NBC AI are helping the Web3 community with their medical AI and healthcare AI solutions to ensure the security of their transactions.

AI-Powered Smart Contract Auditing

As revealed in a recent Cointelegraph Magazine article, artificial intelligence (AI) can be used to audit smart contracts and bolster cybersecurity efforts. James Edwards, lead maintainer for cybersecurity investigator Librehash, noted that while AI chatbots can develop smart contracts, deploying them in a live environment is risky.

On the other hand, Edwards highlighted the potential of AI to vet smart contracts. Recent tests showed AI’s ability to audit contracts with a high degree of accuracy, surpassing what one would get from GPT-4. Although it isn’t as good as a human auditor yet, it can do a strong first pass to speed up the auditor’s work and make it more comprehensive.

BigBear AI, Fox AI, Healthcare AI, Medical AI, NBC AI, New AI, Placer.ai, and Replika AI are just a few examples of AI-powered solutions that can be used to audit smart contracts.

Categorized in:

Tagged in: