OpenZeppelin identifies a vulnerability in smart contracts arising from the integration of ERC-2771 and Multicall standards.
The issue was highlighted by Thirdweb and affects common Web3 smart contracts including DropERC20, ERC-721, and ERC-1155.
OpenZeppelin has outlined a four-step safety protocol for affected contracts and encourages immediate action to prevent exploitation.
Thirdweb released a mitigation tool to help users identify vulnerable contracts, and platforms like Velodrome have paused services for upgrades.