Smart contract development firm Thirdweb recently identified a critical security vulnerability that has the potential to impact a wide range of smart contracts within the Web3 ecosystem.
On December 4th, Thirdweb disclosed this vulnerability, which was found in a commonly used open-source library.
The vulnerability could affect specific pre-built smart contracts, including some developed by Thirdweb itself.
Fortunately, the firm’s investigation revealed that this security flaw has not been exploited yet, providing a limited window of opportunity for Web3 entities to address the issue before any potential security breach occurs.
Thirdweb emphasized the significance of this vulnerability, stating that it could lead to substantial damage if left unaddressed.
The affected pre-built contracts encompass various types, such as DropERC20, ERC721, ERC1155 (across all versions), and AirdropERC20.
Thirdweb promptly alerted users who had deployed its contracts before November 22nd to take independent mitigation steps or utilize tools provided by the company.
Additionally, Thirdweb encouraged developers to assist users in revoking approvals on all affected contracts using the revoke.cash platform.
This measure aims to protect users who choose not to address the contract vulnerability. A developer known as “0xngmi” from DefiLlama supported this approach.
READ MORE: Crypto Hacker Executes $2 Million Heist through Address Poisoning Attacks
Thirdweb has taken proactive steps to address the issue. They have contacted the maintainers of the open-source library responsible for the vulnerability and reached out to other potentially affected teams.
To bolster security, the company has decided to increase its investment in security measures and double bug bounty payouts from $25,000 to $50,000.
They also plan to implement a more stringent auditing process and are offering grants to cover contract mitigations.
In their commitment to resolving the issue and ensuring the security of the Web3 ecosystem, Thirdweb stated, “We understand that this will cause disruption, and we are treating the mitigation of the issue with the utmost seriousness.
We will be offering a retroactive gas grant to cover fees for contract mitigations.”
For security reasons, Thirdweb has not disclosed the full details of the vulnerability. Further inquiries by Cointelegraph were directed to a blog post for additional updates.
It’s worth noting that Thirdweb recently secured $24 million in a Series A funding round, with notable investors including Haun Ventures, Coinbase, Shopify, and Polygon.
The company, known for providing multichain smart contract deployment tools for gaming, minting, marketplaces, and wallets, boasts a user base of over 70,000 developers who utilize its services on a monthly basis within the Web3 space.
Discover the Crypto Intelligence Blockchain Council
