Thirdweb Raises Alarm on Newly Found Smart Contract Vulnerability

In a recent announcement, Thirdweb, a smart contract development firm, uncovered a potential security threat affecting various smart contracts within the Web3 ecosystem.

Identified in a widely used open-source library, this vulnerability could impact pre-built smart contracts, including some developed by Thirdweb itself.

Emphasizing the severity of this issue, Thirdweb highlighted that smart contracts such as DropERC20, ERC721, ERC1155 (across all versions), and AirdropERC20 might be compromised. However, as of their investigation's conclusion, no exploits have been reported, offering a crucial window for preemptive actions to avert potential hacks.

Thirdweb proactively advised users who deployed their contracts before November 22 to take mitigation steps using tools provided or independently. Additionally, the firm recommended employing revoke.cash to revoke approvals on affected contracts, ensuring user protection in case mitigation isn’t feasible.

The company has reached out to the maintainers of the vulnerable open-source library and other potentially affected teams, aiming to address the issue collaboratively. Moreover, according to Cointelegraph, Thirdweb plans to bolster security measures by doubling bug bounty payouts, increasing investment in security, and extending grants to cover contract mitigations, acknowledging the disruption caused.

Details of the vulnerability have been withheld for security reasons, with further updates awaited upon Thirdweb's discretion.

It is worth noting that Thirdweb, known for its Series A funding round of $24 million with backers like Haun Ventures, Coinbase, Shopify, and Polygon, specializes in multi-chain smart contract deployment tools catering to gaming, minting, marketplaces, and wallets.

With over 70,000 developers using their services monthly, their proactive response underlines their commitment to fortifying the Web3 ecosystem against potential threats.