Web3 Firm Discovers Security Vulnerability in Smart Contracts
Thirdweb, a Web3 developer, has recently disclosed a security vulnerability that could potentially impact various smart contracts within the Web3 ecosystem. In a recent post on Twitter, the company informed its followers that it had identified a vulnerability in a widely used open-source library that could affect specific pre-built smart contracts, including some of its own.
Vulnerability Remains Unexploited
The good news is that Thirdweb’s investigations have revealed that the smart contract vulnerability has not been exploited yet. This means that there is a short window of opportunity for Web3 firms to take preventive measures and minimize the risk of a potential hack.
Mitigation Steps
To mitigate the vulnerability, Thirdweb recommends locking the contract, taking a snapshot, and migrating to a new contract without the known vulnerability. The exact steps may vary depending on the nature of your smart contract, but you can determine them using the provided tool.
Impacted Smart Contracts and Mitigation Steps
The impacted pre-built contracts include DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20. Thirdweb has provided a link to view a complete list of affected smart contracts and their respective mitigation steps.
Action Required for Deployed Smart Contracts
If you have deployed any of the listed smart contracts before November 22, it is crucial to take immediate mitigation steps or use the tool provided by Thirdweb.
Revoking Approvals and Increased Security Measures
Thirdweb also advises developers to assist users in revoking approvals on all affected contracts through revoke.cash. Additionally, in response to the vulnerability discovery, Thirdweb plans to double bug bounty payouts and implement a more rigorous auditing process. The company will also provide a grant to cover the costs associated with contract mitigations.
About Thirdweb
Thirdweb is a Web3 developer that offers multichain smart contract deployment tools for various purposes such as minting, gaming, and wallets. The company boasts a monthly user base of over 70,000 developers. In August 2022, Thirdweb raised $24 million in a Series A funding round with the participation of Haun Ventures, Coinbase, Shopify, and Polygon.
Hot Take: Thirdweb Urges Swift Action to Prevent Smart Contract Vulnerabilities
Thirdweb’s discovery of a security vulnerability in smart contracts highlights the importance of proactive measures in maintaining the security of Web3 ecosystems. By promptly addressing vulnerabilities and providing mitigation steps, Thirdweb aims to protect Web3 firms and users from potential hacks. The company’s commitment to increasing investments in security measures demonstrates its dedication to prioritizing the safety of smart contracts. As the Web3 space continues to evolve and expand, it is crucial for developers and users to stay vigilant and take appropriate actions to prevent security breaches.
Wyatt Newson emerges as a luminary seamlessly interweaving the roles of crypto analyst, dedicated researcher, and editorial virtuoso. Within the dynamic canvas of digital currencies, Wyatt’s insights resonate like vibrant brushstrokes, capturing the attention of curious minds across diverse landscapes. His ability to untangle intricate threads of crypto intricacies harmonizes effortlessly with his editorial mastery, transmuting complexity into a compelling narrative of comprehension.