Thirdweb Identifies Major Security Vulnerability in Popular Open-Source Library Within Web3 Network
Summary:
Thirdweb, a smart contract development company, has discovered a significant security vulnerability within an open-source library widely used across the Web3 network. The flaw could impact specific pre-built smart contracts, including Thirdweb's own. Although the vulnerability has yet to be exploited, immediate action has been advised to prevent potential breaches. To ensure future security, Thirdweb is increasing its investment in security measures, doubling its bug bounty payouts, and implementing a stricter auditing process.
Thirdweb, a company specialising in the development of smart contracts, has uncovered a security flaw that could potentially affect numerous smart contracts throughout the Web3 network. The vulnerability, reported by Thirdweb on December 4, is embedded within a frequently utilized open-source library and may affect certain pre-existing smart contracts, including some of Thirdweb's own. Investigations by Thirdweb confirmed that this vulnerability has not been exploited so far, offering a limited time period for entities within the Web3 network to prevent a potential breach.
Due to the potential catastrophic effects of this vulnerability if left unresolved, Thirdweb issued a stark warning, stating that the affected pre-built contracts are not limited to DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20. Following this advanced alert to the Web3 ecosystem, the firm advised those who had implemented its contracts before November 22 to independently or cooperatively take steps to mitigate.
Of note is that Thirdweb alerted its developers to assist users in revoking approvals for all contracts at risk using revoke.cash. This action, according to DefiLlama developer "0xngmi", "will protect your users if you choose not to mitigate the contract."
Furthermore, Thirdweb has reached out to the maintainers of the compromised open-source library and other teams potentially affected by the vulnerability. The company has guaranteed an increased investment in security protocols and has doubled the payout for identifying bugs from $25,000 to $50,000. Alongside a more stringent auditing system, the firm has provided a grant to aid in the mitigation of contracts.
While full details of the vulnerability have been withheld for safety reasons, Thirdweb has been contacted for further updates and has redirected inquiring parties to a blog post.
Thirdweb, a Web3 company offering multichain smart contract deployment tools for various services including gaming and marketplaces, raised $24 million in a Series A funding round supported by Haun Ventures, Coinbase, Shopify, and Polygon in August 2022. With over 70,000 developers utilising its services monthly, the firm is dedicated to averting this serious disruption and is addressing the mitigation of this issue with the greatest urgency.
Published At
12/5/2023 7:13:52 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.