Web3 company has detected major security vulnerabilities in common smart contracts.
Web3 Firm Detects Critical Security Flaws in Common Smart ContractsAuthor: Martin Young, translated by Shan OuBa and LianGuai
Smart contract development company Thirdweb has reported a security vulnerability that could “affect various smart contracts in the entire Web3 ecosystem.”
On December 4th, Thirdweb reported a vulnerability in a commonly used open-source library that could potentially impact specific pre-built smart contracts, including some of its own. However, Thirdweb’s investigation concluded that the smart contract vulnerability has not been exploited, providing Web3 companies with a small chance of avoiding potential hacking attacks.
Thirdweb emphasizes that if not rectified immediately, the vulnerability could result in significant losses. Affected pre-built contracts include, but are not limited to, DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20.
- Buy new, not old? Here’s a bullish list for the 2024 bull market.
- Unveiling the Achilles’ Heel Thirdweb Discovers Critical Weakness in Smart Contracts
- In-depth Analysis | Current Status, Competitive Landscape, and Future Opportunities of the Fusion of AI and Web3 Data Industries
After issuing proactive warnings to the Web3 ecosystem, the company has urged users who deployed their contracts before November 22nd to take mitigation measures independently or use tools provided by the company.
Thirdweb also recommends developers use revoke.cash to help users revoke approvals for all affected contracts, “which will protect your users if you choose not to mitigate the contracts,” commented DefiLlama developer “0xngmi” on the approval revocation request.
Thirdweb has reached out to maintainers of the open-source library responsible for the vulnerability and other teams potentially affected by this issue.
Furthermore, Thirdweb has pledged to increase investment in security measures, doubled the bug bounty from $25,000 to $50,000, and implemented stricter auditing processes. The company has also offered a contract mitigation subsidy.
For security reasons, detailed information about the vulnerability has not been disclosed. Cointelegraph reached out to Thirdweb for more updates but was redirected to a blog post.
The company completed a $24 million Series A funding round in August 2022 with partners Haun Ventures, Coinbase, Shopify, and Polygon.
This Web3 company provides multi-chain smart contract deployment tools for areas such as gaming, minting, marketplaces, and wallets. Reportedly, more than 70,000 developers use their services monthly.
We will continue to update Blocking; if you have any questions or suggestions, please contact us!
Was this article helpful?
93 out of 132 found this helpful
Related articles
- The Rise of Elon Musk and Decentralized Social Media
- The trend of financial technology moving towards Web3 is irreversible.
- Cayman Web3 Digital Fund Special Topic Comparing Easily Overlooked Tax Risks Analysis
- Embrace the Blockchain Revolution: Beyond Monkeys and Bitcoin
- Variant Fund Investment Partner What Can Blockchain Applications Achieve and Why It’s Important
- KuCoin’s Big Grant: Investing in TON’s Crypto Ecosystem
- Altcoins Shining Bright: Celestia (TIA), Sei (SEI), Bittensor (TAO), and Everlodge (ELDG)