Smart contract development company Thirdweb has reported a security flaw that could potentially impact numerous smart contracts across the Web3 ecosystem. cointelegraph report.
The reported vulnerability affects a very popular open source library and may impact certain pre-built smart contracts, including smart contracts within the library in question. According to Thirdweb, no one has yet exploited the vulnerability in smart contracts, giving Web3 companies an opportunity to avoid potential hacks.
There is a possibility of major damage
Thirdweb tweeted that the affected contracts include versions such as DropERC20, AirdropERC20, ERC721, and ERC1155. Third Web said this flaw could cause significant damage if not fixed immediately.
After issuing advance warning to the Web3 community, the company advised users who deployed smart contracts before November 22nd to use third-party tools or take action on their own to mitigate the issue. did.
Thirdweb-recommended developers will assist users in revoking their approvals if they opt out of all affected contract relaxations. The company has reached out to organizations that maintain open source libraries at the core of the vulnerability, as well as other teams that could potentially be impacted by this issue.
More rigorous audit process
Web3 companies have pledged to increase investment in security measures, including conducting more rigorous audits and doubling bug bounty payments to $50,000. The company also plans to cover smart contract mitigation measures with subsidies. It stated:
We understand that this is disruptive and are working to alleviate this issue with the utmost seriousness. We plan to provide a retroactive gas subsidy to cover the cost of contract relief.
Series A investors Coinbase and Shopify
Companies such as Coinbase, Polygon, and Shopify participated in the Series A funding round, raising $24 million for Thirdweb in August 2022. The company offers smart contract deployment tools on multiple blockchains for wallets, games, marketplaces, and mints.