Smart Contract Development Firm Discovers Security Vulnerability
Thirdweb, a smart contract development firm, has uncovered a security vulnerability that could potentially impact various smart contracts within the Web3 ecosystem. The vulnerability was found in a widely used open-source library and could affect specific pre-built smart contracts, including Thirdweb’s own contracts. While the vulnerability has not been exploited yet, Thirdweb has issued a warning to Web3 firms to address the issue promptly.
Potential for Massive Damage
The vulnerability has the potential to cause significant damage if left unresolved. It affects several pre-built contracts such as DropERC20, ERC721, ERC1155, and AirdropERC20. Thirdweb urges users who deployed its contracts before November 22 to take immediate mitigation steps using either their own tools or a tool provided by the company.
Developers Advised to Revoke Approvals
Thirdweb also recommends that developers help users revoke approvals on all affected contracts using revoke.cash. This step will protect users in case they choose not to mitigate the contract vulnerabilities.
Increased Investment in Security Measures
To address the issue and prevent future vulnerabilities, Thirdweb has contacted the maintainers of the open-source library and other potentially impacted teams. The company plans to increase its investment in security measures and double bug bounty payouts from $25,000 to $50,000. They will also implement a more rigorous auditing process and offer a grant to cover contract mitigations.
About Thirdweb
Thirdweb is a Web3 company that provides smart contract deployment tools for gaming, minting, marketplaces, and wallets. They recently raised $24 million in a Series A funding round with support from Haun Ventures, Coinbase, Shopify, and Polygon. With over 70,000 developers using their services monthly, Thirdweb plays a significant role in the Web3 ecosystem.
Hot Take: Security Vulnerability Discovered in Web3 Smart Contracts
Smart contract development firm Thirdweb has identified a security vulnerability that poses a risk to various smart contracts within the Web3 ecosystem. The vulnerability, found in a widely used open-source library, could potentially be exploited to cause significant damage. However, no exploits have been reported at this time, giving Web3 firms an opportunity to address the issue proactively. Thirdweb has advised users to take mitigation steps and revoke approvals on affected contracts. They have also reached out to the library maintainers and other impacted teams. To enhance security measures, Thirdweb plans to increase investment, double bug bounty payouts, and implement stricter auditing processes.
By
By
By
By
By