Thirdweb, a company that specializes in developing of smart contracts, has discovered a security flaw in an open-source library that is extensively utilized. This flaw has the potential to affect a large number of pre-built smart contracts that are part of the Web3 ecosystem.
Despite the fact that Thirdweb disclosed the vulnerability on December 4, investigations revealed that the flaw had not yet been exploited. This presents Web3 companies with a small window of opportunity to remedy the issue and avert any prospective breaches. There are several different kinds of pre-built contracts that are affected, including DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20.
Thirdweb strongly recommended that users who have deployed its contracts before to November 22 either take their own preventative measures or make use of a tool that was made available by the company. Moreover, the company has communicated with the individuals responsible for maintaining the open-source library as well as other teams that may be affected.
IMPORTANT
— thirdweb (@thirdweb) December 5, 2023
On November 20th, 2023 6pm PST, we became aware of a security vulnerability in a commonly used open-source library in the web3 industry.
This impacts a variety of smart contracts across the web3 ecosystem, including some of thirdweb’s pre-built smart contracts.…
In an effort to strengthen its security procedures, Thirdweb intends to establish a more stringent auditing process, raise the amount of money it invests in security, and double the amount of bug bounty payouts. In addition to this, it has expressed its commitment to taking the matter seriously and is providing a grant to pay the costs of contract mitigation projects.
Thirdweb underlines the disruption that this could create and intends to support customers with retroactive gas payouts for contract mitigations. This is despite the fact that precise specifics of the vulnerability remain revealed for reasons related to security.
In August of 2022, the firm, which is well-known for its provision of tools for the deployment of multichain smart contracts, successfully raised $24 million in a Series A capital round.
ALSO READ
- TON validators receive single nominator smart contract
- Coinbase Cloud plugs into Chainlink oracle network to improve smart contract reliability