Thirdweb, a Web3 firm that develops smart contracts, has disclosed a security flaw that “may affect an assortment of smart contracts throughout the Web3 ecosystem.”
Thirdweb disclosed a vulnerability in a widely utilized open-source library on December 4, which had the potential to affect particular pre-built smart contracts, including some that it had developed.
Nonetheless, Thirdweb’s investigations have determined that the smart contract vulnerability remains untouched, providing Web3 firms with a limited time to avert a potential intrusion.
Thirdweb stated, emphasizing the vulnerability’s potential to cause catastrophic damage if not remedied immediately:
“The impacted pre-built contracts include but are not limited to DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20.”
The company proactively warned users who had deployed its contracts before November 22. These users were advised to “take mitigation steps” either independently or by utilizing a tool provided by the company.
Thirdweb also recommended that developers assist users in rescinding approvals on all impacted contracts through revoke.cash. “This will safeguard your users if you opt not to mitigate the contract,” DefiLlama developer “0xngmi” added in response to the request to revoke approvals.
Thirdweb has initiated communication with the maintainers of the open-source library that contains the critical flaw and with other teams that may be affected by the situation.
It also promised to implement a more stringent auditing procedure and increase funding for security measures and bug bounty payments by twofold, from $25,000 to $50,000. Additionally, the company provided a grant to address contract mitigations.
“We understand that this will cause disruption, and we are treating the mitigation of the issue with the utmost seriousness. We will be offering a retroactive gas grant to cover fees for contract mitigations.”
For security purposes, complete information regarding the vulnerability was withheld.
In August 2022, the company secured $24 million in Series A funding from Haun Ventures, Coinbase, Shopify, and Polygon.
Monthly usage of the Web3 company’s multichain smart contract deployment tools for gaming, minting, marketplaces, and wallets is reportedly over 70,000 developers.
