# Lessons From ERC2771 Multicall Vulnerability

> The vulnerability, initially disclosed by Thirdweb, affected over a thousand contracts.

**Published by:** [ETH Daily](https://ethdaily.io/)
**Published on:** 2023-12-22
**Categories:** news, 2023, december2023
**URL:** https://ethdaily.io/365

## Content

Quick TakeOpenZeppelin lessons from ERC2771 vulnerability.Obol Network integrates with EigenLayer.EspressoSys BFT preconfirmation architecture.P2P releases a staking market report.","version":"1.0","provider_name":"Spotify","thumbnail_url":"https://storage.googleapis.com/papyrus_images/bd09ff82882ab2dba35a9043a93c73f4.jpg","type":"rich","thumbnail_height":300,"image":{"base64":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAIAAAD8GO2jAAAACXBIWXMAAC4jAAAuIwF4pT92AAAEvklEQVR4nO1Wf0yUdRh/6MZ1G5fB3YCho5UIW6Mag2kG4XKONYkiZbYaNVRG2+2yYTa4SYTRLtwkuOPukDvuBwdDxoWgF0hosCaiLmdTsqQkIYomOoSNOqGsb/u873vv/eDFf8r+ant4ed7v+9zzeX59n+chklsCpGgMeV2JopruJRn2SfgXaeZeTGCimu5FikaIkSHwKn7i9URwSkIAFI0U3Qzm0Q5SOYg+5shAVEdUzz2DyUjJHtrQ5/9q5BgDiDcu3k1KawAD3CobpXaDKZ+ghFbKGXpaf4Neu0DFo1Rwnnacpze+ol2XSfMtKKE1s+bmBz2MSq5Q4UXKH4HYW2OUexoa4t207ZzgTQjAkz3wY9flB8omdtt85Uf+Krb53vewYpuvootVdjGNa+mlutvVxxllDQBv44ncutvZ+pkDR1mBcT6tavoZ/Q0YrnLQc5+HpCHggcpBie2wd30vIrC6jTL7KakT2KndlO6lNC+YWBepnSQzQ53SCpNX2aAxxg5VMXb8fEUP9o7vtvlW6ybzDXPNZxgClT+ypebWQ7rJrbWzCNo74ykVU0IC5BbAkAnPSDOeESaKa4EHMrMUQFQTFV5cXzVNRZeo9JrGvhhdNkE5Q+UeRhtPINyp3VC96RS8IaNEpcrMAMjoDfkaCFGMndZ5KPskVESY8LqhD+eJ7QgXX2wpn9CathUvgYwLUbpXKgd8iLRXCy0LP99llDdMOUPveRiVXkP9ZJ+kjN61lT8d+oxRzhDio7RKA6idEJYuU6WVCs4d7GXVPWynzVfa9sce9+/b6+f2tt3VupY09kX3CDOcYvCP6vCr4NvEU4QJAFuGQgF43x9uxlFSJyihFZTmhZzaiTvIn6idCFF0MypnnQevvNJggHg3LoREq0ADqKOSKy8b50l7lfJHMmtuUvHXuGhFl+iVL2nbWdKO5Ry8RXu+iy6b2Nf+Z3Hzndj9PyIgjxyBakWj4EHeMCo+xAMeIMJEqd2us+z1w78WHf5N52GxuslXLQv6T5nGvkiZ/fUDrMR+Z5N+prKLfXic0b4fCi0LH/Uxogb8XNGIHKgc9PwXqCWZWUh1iDuRZkQgxi40JZUDtZvYDkZppcc6YGy8GzJxLTjJGuBSwjU+McmbB5flIAyDFxXTKPOLysyBc6H7NgjmizlIaIUHovkSAMt7usLP83EIEws+kXEByBpYOUT/kGQcAF/x4VX0b5HCn+37BSD3Z/E+AshD6X8A+X8MEOmfbhIAfIWFkTzoNoWdrzRwck+jJUtcNAxYgzBjhWeD0B74nox9yygsQsE2irYrrfT29ykVU2v3TwGDuBYbMF/tpMePYiKqnWhqKgeEorneF9cCgTVtWLmSPZi6wQ1ZBIhqoje/KTDOU9n1QA/n/oyU7t1p841Msa21s09VTR8bxVyr7mFPHPjlwXevb6+fQ4fRjnVcYIPj7Ngow3azfKLJLfTiGa1rCVOWX238ACYAbh5E703zYtbnDWPy5Q1j1GT0YqtI6kS7zuzHVpLaDT4sE9zofaF2NlE3+ax+Bnr43UKID+LLr57clond9JCQAGE9NQXJGMFL5jmpE1tFsgexFVq6mANxWxb54E9i/Yi8JAAfd94y7uRviYskvzE5AYsAAAAASUVORK5CYII=","img":{"width":300,"height":300,"src":"https://storage.googleapis.com/papyrus_images/bd09ff82882ab2dba35a9043a93c73f4.jpg"}}}" format="iframe">Lessons From ERC2771 Multicall VulnerabilityListen to this episode from Ethereum News on Spotify. OpenZeppelin shares lessons from an ERC2771 multicall vulnerability. Obol Network integrates with EigenLayer. EspressoSys outlines its BFT preconfirmation architecture. And P2P releases a staking market report. Read more: https://ethdaily.io/365https://spotify.comListen on: Apple | Spotify | Castbox | YouTube Lessons From ERC2771 Multicall VulnerabilityOpenZeppelin shared insights from a vulnerability linked to the combined use of its ERC2771 library with multicall functionalities. The vulnerability, initially disclosed by Thirdweb, affected over a thousand contracts. In response, OpenZeppelin set up a war room with white hats and other organizations to safeguard the ecosystem. They developed a tool within Defender’s Code Inspector to identify vulnerable contracts. ERC2771, designed for account abstraction and allowing contracts to accept meta-transactions with sponsored gas fees, could be manipulated in combination with multicalls to spoof transaction calldata for siphoning tokens. Key lessons from the incident include the need to thoroughly understand how imported dependencies interact and the importance of using upgradable contracts with circuit breakers to effectively respond to incidents.Obol Network Integrates With EigenLayerObol Network, a distributed validator protocol, has integrated with EigenLayer to enable native restaking for its distributed validators. An initial deployment of two Obol distributed validator clusters, each comprising of four operators, is now live on the Goerli testnet. Native restaking enables validators to earn extra rewards by securing Actively Validated Services on EigenLayer. Native restaking does carry added slashing risks. Distributed validators contribute to enhancing Ethereum's fault tolerance by splitting a single validator key among multiple operators, ensuring that validation continues even if one node in the cluster goes offline. EigenLayer is the largest restaking protocol with over $1 billion in TVL.EspressoSys BFT PreconfirmationsEspressoSys introduced a Byzantine Fault Tolerant (BFT) preconfirmation design for rollup sequencing, serving as a method for the confirmation and validation of transactions. The design is backed by on the collective economic security provided of a consensus protocol and is suitable for scenarios that require rapid transaction confirmations. EspressoSys compares its design with Proposer-Promised (PP) preconfirmations, which are simpler and rely on individual validators instead of a consensus group. According to EspressoSys, BFT preconfirmations have a better UX for cross-rollup transactions. Both BFT and Proposer-Promised preconfirmation designs are composable, but they offer different levels of security guarantees.P2P Staking Market OverviewNnode infrastructure provider P2P.org released a staking market report outlining liquid staking, restaking, ZK tech, modularization, and emerging infrastructure. According to the report, liquid staking protocols account for 44% of the 26.4 million ETH staked on the beacon chain. The report also notes that MEV accounts for approximately 10-15% of total validator rewards on Ethereum. The report also outlines decentralized proving, ZKP hardware, and external ZKP generation protocols.Other NewsUniswap V3 to go live on ScrollLaunching the PBS foundationChainlink RWA tokenization explainedEthereum's Endgame by Viktor BuninHorizen Labs ApeChain proposalBase Builder Grant recipientsCelestia DA cost simulatorFollow us on X, Lens, and Farcaster.

## Publication Information

- [ETH Daily](https://ethdaily.io/): Publication homepage
- [All Posts](https://ethdaily.io/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@ethdaily): Subscribe to updates
- [Twitter](https://twitter.com/intent/follow?screen_name=ethdaily): Follow on Twitter

## Optional

- [Collect as NFT](https://ethdaily.io/365): Support the author by collecting this post
- [View Collectors](https://ethdaily.io/365/collectors): See who has collected this post