Web3 company has detected major security vulnerabilities in common smart contracts.

Web3 Firm Detects Critical Security Flaws in Common Smart Contracts

Author: Martin Young, translated by Shan OuBa and LianGuai

Smart contract development company Thirdweb has reported a security vulnerability that could “affect various smart contracts in the entire Web3 ecosystem.”

On December 4th, Thirdweb reported a vulnerability in a commonly used open-source library that could potentially impact specific pre-built smart contracts, including some of its own. However, Thirdweb’s investigation concluded that the smart contract vulnerability has not been exploited, providing Web3 companies with a small chance of avoiding potential hacking attacks.

Thirdweb emphasizes that if not rectified immediately, the vulnerability could result in significant losses. Affected pre-built contracts include, but are not limited to, DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20.

• Buy new, not old? Here’s a bullish list for the 2024 bull market.
• Unveiling the Achilles’ Heel Thirdweb Discovers Critical Weakness in Smart Contracts
• In-depth Analysis | Current Status, Competitive Landscape, and Future Opportunities of the Fusion of AI and Web3 Data Industries

After issuing proactive warnings to the Web3 ecosystem, the company has urged users who deployed their contracts before November 22nd to take mitigation measures independently or use tools provided by the company.

Thirdweb also recommends developers use revoke.cash to help users revoke approvals for all affected contracts, “which will protect your users if you choose not to mitigate the contracts,” commented DefiLlama developer “0xngmi” on the approval revocation request.

Thirdweb has reached out to maintainers of the open-source library responsible for the vulnerability and other teams potentially affected by this issue.

Furthermore, Thirdweb has pledged to increase investment in security measures, doubled the bug bounty from $25,000 to $50,000, and implemented stricter auditing processes. The company has also offered a contract mitigation subsidy.

For security reasons, detailed information about the vulnerability has not been disclosed. Cointelegraph reached out to Thirdweb for more updates but was redirected to a blog post.

The company completed a $24 million Series A funding round in August 2022 with partners Haun Ventures, Coinbase, Shopify, and Polygon.

This Web3 company provides multi-chain smart contract deployment tools for areas such as gaming, minting, marketplaces, and wallets. Reportedly, more than 70,000 developers use their services monthly.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!