Thirdweb Unveils Critical Security Vulnerability Impacting Web3 Smart Contracts
Summary:
Thirdweb, a smart contract firm, identified a security flaw in a commonly used open-source library that could potentially affect multiple smart contracts within the Web3 ecosystem. Despite the threat, no instances of exploitation have been reported. The company has issued a warning to Web3 firms and advised developers to help users revoke approvals on all affected contracts. Thirdweb is also liaising with the open-source library maintainers and other potentially affected teams. It vows to enhance security measures, double bug bounty payouts, and offer a grant to offset contract mitigation costs.
Thirdweb, a firm specializing in smart contract development, recently uncovered a security flaw that could affecting numerous smart contracts throughout the Web3 landscape. Discovered on December 4, the flaw resides in a widely-used open-source library, and could impact specific pre-fabricated smart contracts, including those developed by Thirdweb itself. Nonetheless, following comprehensive investigation, Thirdweb has asserted the vulnerability has not yet been exploited, providing a brief window for Web3 companies to pre-empt a potential cyber attack. Noting the potential for extensive damages should the issue be left unaddressed, Thirdweb listed several contracts that could be affected, including, but not limited to, DropERC20, ERC721, ERC1155(all versions), and AirdropERC20.
In response to their discovery, the firm has called for users that deployed their contracts prior to November 22 to take individual mitigation measures or use tools provided by the company. Developers were further encouraged by Thirdweb to assist users in revoking approvals on all impacted contracts via revoke.cash for protection should they opt not to mitigate the contract. Developer at DefiLlama, known as "0xngmi", has responded to the call to revoke approvals.
In addition to issuing warnings, Thirdweb has also reached out to the administrators of the open-source library responsible for the vulnerability, and to other teams potentially affected. Furthermore, the firm has promised to step up their security investment and double their bug bounty rewards from $25,000 to $50,000, all the while enforcing a stricter auditing system. Aware of the ensuing disruption, Thirdweb has offered a grant to offset contract mitigation costs. Despite not disclosing the full details of the flaw for the sake of security, the firm reassured all involved that it is treating the mitigation process with utmost seriousness.
Having raised $24 million in Series A funding round back in August 2022 from Haun Ventures, Coinbase, Shopify, and Polygon, Thirdweb is a significant player in the Web3 industry. It delivers multichain smart contract deployment tools for gaming, minting, marketplaces, and wallets, with over 70,000 developers utilizing its services monthly.
Published At
12/5/2023 10:13:52 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.