Recently, the smart contract development firm Thirdweb identified a critical security issue that could potentially impact a wide range of smart contracts in the Web3 sector. Revealed on December 4, this vulnerability exists in a commonly utilized open-source library and could affect specific pre-built smart contracts, some of which are Thirdweb’s creations. Fortunately, Thirdweb’s investigation indicated that the vulnerability has not been exploited yet, providing a vital chance for Web3 organizations to prevent possible security breaches.
Thirdweb has stressed the importance of promptly addressing this issue to avert significant harm, identifying affected contracts such as DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20. The firm has urged users who deployed its contracts before November 22 to take necessary mitigation actions, either on their own or using a tool provided by Thirdweb.
Additionally, Thirdweb recommends developers use revoke.cash to assist users in revoking approvals on all affected contracts, ensuring protection even if contract mitigation is not pursued. The company has notified the maintainers of the affected open-source library and has been in contact with other potentially impacted teams.
In light of this situation, Thirdweb is reinforcing its security measures, including increasing its bug bounty payouts to $50,000 and adopting stricter auditing practices. They have also offered a grant to support contract mitigations, recognizing the inconvenience this issue may cause. Although the complete details of the vulnerability are kept confidential for security reasons, Thirdweb is committed to providing ongoing updates.
Having raised $24 million in a Series A funding round in August 2022, Thirdweb provides a range of multichain smart contract deployment tools for various applications and is used by over 70,000 developers monthly.
