Connect with us

Hi, what are you looking for?

Latest News

Web3 Firm Thirdweb Finds Major Vulnerability In Smart Contracts

Source: Pixabay

Web3 developer Thirdweb has disclosed a security vulnerability that has the potential to affect a range of smart contracts within the Web3 ecosystem.

In an X post on Monday, the firm notified its followers that it had found a vulnerability in a commonly used open-source library that could impact specific pre-built smart contracts, including some of its own.

Luckily, Thirdweb’s investigations determined that the smart contract vulnerability remains unexploited, providing a brief window of opportunity for Web3 firms to take preventive measures and mitigate the risk of a potential hack.

“In most cases, the mitigation steps will involve locking the contract, taking a snapshot and migrating to a new contract without the known vulnerability,” the firm said on X. “The exact steps you need to take will depend on the nature of your smart contract, and you can determine these using the tool.”

Thirdweb noted that the impacted pre-built contracts include but are not limited to DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20. The company included a link to see a full list of impacted smart contracts and mitigation steps.

The company advised users who had deployed the listed smart contracts before November 22 to immediately take mitigation steps or use a company-provided tool.

Thirdweb also recommended developers assist users in revoking approvals on all affected contracts through revoke.cash. DefiLlama developer “0xngmi” noted in a reply to the post that this would “protect your users if you choose not to mitigate the contract.”

Following the discovery of the vulnerability, Thirdweb has committed to increasing investments in security measures. The firm plans to double bug bounty payouts, raising them from $25,000 to $50,000, and is implementing a more stringent auditing process. The Web3 developer will also provide a grant to cover the costs associated with contract mitigations.

“We understand that this will cause disruption, and we are treating the mitigation of the issue with the utmost seriousness,” the firm continued in its post. “We will be offering a retroactive gas grant to cover fees for contract mitigations.”

Thirdweb is a Web3 developer that provides multichain smart contract deployment tools for minting, gaming, wallets, and more. The firm claims to have more than 70,000 developers using its services monthly.

The company previously raised $24 million in a Series A funding round with Haun Ventures, Coinbase, Shopify and Polygon in August 2022.

 

The post Web3 Firm Thirdweb Finds Major Vulnerability In Smart Contracts appeared first on Cryptonews.

Enter Your Information Below To Receive Free Trading Ideas, Latest News And Articles.







    Fill Out & Get More Relevant News





    Stay ahead of the market and unlock exclusive trading insights & timely news. We value your privacy - your information is secure, and you can unsubscribe anytime. Gain an edge with hand-picked trading opportunities, stay informed with market-moving updates, and learn from expert tips & strategies.

    Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!

    You May Also Like

    Investing

    The Senate is expected to send a temporary spending package known as a Continuing Resolution (CR) to the White House, averting a government shutdown before...

    Latest News

    A bipartisan ethics report concludes there is “substantial evidence” that George Santos violated federal criminal laws, which will almost certainly trigger another attempt to...

    Investing

    Sen. Tommy Tuberville’s, R-Ala., colleagues pleaded on the Senate floor early Thursday morning – from midnight until nearly 4 a.m. – to drop his objection to...

    Editor's Pick

    Helium Evolution Incorporated (TSXV:HEVI) (‘ HEVI ‘ or the ‘ Company ‘), a Canadian-based helium exploration company focused on developing assets in southern Saskatchewan,...

    Disclaimer: Goldenliontraders.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.


    Copyright © 2023 Goldenliontraders.com