May 29, 2024
Web3 Firm Finds Critical Security Flaw in Popular Smart Contracts
Latest Cryptocurrency News

Web3 Firm Finds Critical Security Flaw in Popular Smart Contracts

Smart contract development firm Thirdweb has identified a security vulnerability that could potentially impact various smart contracts within the Web3 ecosystem.

The company reported the vulnerability in a widely used open-source library on Dec. 4, specifying that it could affect specific pre-built smart contracts, including some of its own. While Thirdweb confirmed that the vulnerability has not been exploited yet, it urged Web3 firms to address the issue promptly to avoid potential hacks.

Thirdweb emphasized the potential for significant damage if the vulnerability is not rectified immediately, stating,

“The impacted pre-built contracts include but are not limited to DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20.”

In response to the discovery, the firm issued a proactive warning to the Web3 ecosystem and advised users who deployed its contracts before Nov. 22 to take independent mitigation steps or use a tool provided by the company.

To further assist in addressing the issue, Thirdweb recommended developers help users revoke approvals on all affected contracts using revoke.cash. DefiLlama developer “0xngmi” commented on the request to revoke approvals.

Thirdweb has taken additional steps to address the vulnerability, including contacting the maintainers of the open-source library and reaching out to other teams that might be impacted.

The company has pledged to enhance its investment in security measures, doubling bug bounty payouts from $25,000 to $50,000 and implementing a more rigorous auditing process. Thirdweb also offered a grant to cover contract mitigations and acknowledged the disruption caused by the situation.

While the full details of the vulnerability were not disclosed for security reasons, Thirdweb assured the community that it is treating the mitigation of the issue with the utmost seriousness. The company had previously raised $24 million in a Series A funding round with contributions from Haun Ventures, Coinbase, Shopify, and Polygon in August 2022.

As a Web3 company providing multichain smart contract deployment tools for gaming, minting, marketplaces, and wallets, Thirdweb claims to have over 70,000 developers using its services monthly.

Image by Freepik

Related posts

SEC Postpones Ethereum ETF Decisions, Final Verdict Set For May

Cheryl  Lee

Binance Unveils Fragrance ‘CRYPTO’ to Celebrate Women’s Day in Crypto

harsha

Expert Witness to Challenge Testimonies in Sam Bankman-Fried’s Legal Battle

Anna Garcia

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Please enter CoinGecko Free Api Key to get this plugin works.