Web3 firm detects major security flaw in common smart contracts
December 5, 2023Smart contract development firm Thirdweb reported a security vulnerability that potentially “impacts a variety of smart contracts across the Web3 ecosystem.”
On Dec. 4, Thirdweb reported a vulnerability in a commonly used open-source library that could impact certain pre-built smart contracts, including some of its own. However, Thirdweb’s investigations concluded that the smart contract vulnerability has not yet been exploited, allowing a small window of opportunity for Web3 firms to avoid a possible hack.
Highlighting the vulnerability’s potential to cause massive damage if not rectified immediately, Thirdweb stated:
Following the proactive warning to Web3 ecosystem, the firm cautioned users who deployed its contracts before Nov. 22 to “take mitigation steps” independently or by using a tool the company provided.
Thirdweb also advised developers to help users revoke approvals on all affected contracts using revoke.cash, “which will protect your users if you choose not to mitigate the contract.” Defillama developer “0xngmi” commented on the request to revoke approvals.
Thirdweb has contacted the maintainers of the open-source library at the root of the vulnerability and contacted other teams potentially impacted by the issue.
It also pledged to increase investment in security measures and double bug bounty payouts from $25,000 to $50,000 while implementing a more rigorous auditing process. The firm also offered a grant to cover contract mitigations.
Full details of the vulnerability were not disclosed for security purposes and Cointelegraph contacted Thirdweb for further updates but was redirected to the blog post.
Related: 5 smart contract vulnerabilities: How to identify and mitigate them
The firm raised $24 million in a Series A funding round with Haun Ventures, Coinbase, Shopify, and Polygon in August 2022.
The Web3 company, which provides multi-chain smart contract deployment tools for gaming, minting, marketplaces, and wallets, claims to have more than 70,000 developers using its services every month.
Magazine: Real AI use cases in crypto: Crypto-based AI markets, and AI financial analysis
Source: Read Full Article