Thirdweb, a Web3 entity that specializes in smart contract development, has uncovered a substantial security vulnerability in smart contracts. The vulnerability could potentially impact numerous smart contracts pre-constructed using a widely employed open-source library within the Web3 ecosystem.
On December 4th, Thirdweb highlighted a vulnerability in a commonly used open-source library. This flaw could impact specific pre-existing smart contracts, including those developed in-house.
Despite the discovery, Thirdweb’s investigation confirms that the vulnerability has not been exploited in these smart contracts. This revelation underscores the urgency for Web3 entities to take preventive measures before a potential breach occurs.
Underlining the vulnerability’s capacity to inflict considerable harm if left unaddressed, Thirdweb expressed;
“The affected pre-constructed contracts encompass, but are not confined to, DropERC20, ERC721, ERC1155 (across all versions), and AirdropERC20.”
Thirdweb Takes Swift Action to Address Security Vulnerability in smart contracts
After issuing a preemptive alert to the Web3 ecosystem, the company advised users who deployed its contracts before November 22. Users were encouraged to independently take mitigating actions or, alternatively, leverage a tool provided by the company.
Thirdweb further recommended developers to assist users in rescinding approvals on all impacted contracts through revoke.cash. “0xngmi,” a DefiLlama developer, remarked on the appeal to revoke approvals, emphasizing the protective aspect for users choosing not to mitigate the contract.
Thirdweb has initiated contact with the maintainers of the open-source library at the core of the vulnerability, reaching out to other teams potentially affected by the issue.
As part of their commitment to fortifying security measures, Thirdweb declared an augmentation in investment and a twofold increase in bug bounty payouts, raising the figure from $25,000 to $50,000.
Simultaneously, the company is implementing a more stringent auditing process. Additionally, Thirdweb extended a grant to cover the expenses of contract mitigations.
“We acknowledge the disruptive nature of this situation and approach the mitigation of the issue with the utmost gravity. A retroactive gas grant will be provided to cover fees associated with contract mitigations.”
Thirdweb Addresses Smart Contract Vulnerability and Highlights Funding Success
For security reasons, exhaustive details of the vulnerability were withheld, and attempts to obtain further updates from Thirdweb redirected inquiries to the relevant blog post.
Additionally, in August 2022, Thirdweb secured $24 million in a Series A funding round featuring investments from Haun Ventures, Coinbase, Shopify, and Polygon.
The Web3 entity, specializing in providing multichain smart contract deployment tools for gaming, minting, marketplaces, and wallets, boasts a user base exceeding 70,000 developers who utilize its services on a monthly basis.