Markets News Report
December 05, 2023

Thirdweb Tackles Security Flaw in Web3 Library Impacting its Smart Contracts

In Brief

Thirdweb discovered a significant security vulnerability in a common open-source library widely used in the web3 industry for smart contracts.

Thirdweb Addresses Security Flaw in Web3 Library Affecting Smart Contracts

Web3 development platform Thirdweb recently became aware of a critical security vulnerability in a widely used open-source library on November 20th, 2023. The discovery has significant implications for numerous smart contracts within the web3 ecosystem, including some of Thirdweb’s own pre-built contracts.

The vulnerability affects various pre-built contracts like DropERC20, ERC721, ERC1155 and AirdropERC20. While Thirdweb’s investigation so far indicates no exploitation in their contracts, they have issued an urgent call to action for smart contract owners.

Smart contract owners who used Thirdweb’s dashboard or SDKs to deploy contracts before November 22nd, 2023, are advised to follow specific mitigation steps to prevent potential exploitation. These steps, which vary based on the contract’s nature, generally involve locking the contract, taking a snapshot, and migrating to a new contract.

Guidance for Thirdweb Smart Contract Owners

Thirdweb and its security partners have developed a tool to assist contract owners in determining and performing necessary mitigation steps. This tool, along with a detailed guide, is available on Thirdweb’s blog.

Upon learning of the vulnerability, Thirdweb’s security team, in collaboration with audit partners, investigated the issue and implemented a fix for all impacted contracts created after November 22nd, 2023. Contracts deployed after this date using the latest version do not suffer from this vulnerability.

In response to this incident, Thirdweb is increasing its investment in security measures.

This includes doubling bug bounty payouts and implementing stricter auditing processes. Thirdweb pledged to cover the gas fees for contract mitigations. Additionally, the platform has advised users to revoke approvals on Thirdweb contracts as a precautionary measure.

Looking forward, Thirdweb aims to enhance security protocols and create a robust environment for web3 developers. the platform have also reached out to the maintainers of the affected library and other potentially impacted teams to share their findings and mitigation strategies.

This incident underscores the importance of vigilant security measures in the rapidly evolving web3 landscape. Thirdweb’s proactive approach and transparent communication aim to ensure the safety and resilience of the web3 community.

Keep track of cryptocurrency distributions in our Airdrops Calendar.

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

More articles
Nik Asti
Nik Asti

Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.

Hot Stories

Flare Completes Open Beta And Launches FXRP On Songbird

by Alisa Davidson
December 18, 2024
Join Our Newsletter.
Latest News

Flare Completes Open Beta And Launches FXRP On Songbird

by Alisa Davidson
December 18, 2024

From Ripple to The Big Green DAO: How Cryptocurrency Projects Contribute to Charity

Let's explore initiatives harnessing the potential of digital currencies for charitable causes.

Know More

AlphaFold 3, Med-Gemini, and others: The Way AI Transforms Healthcare in 2024

AI manifests in various ways in healthcare, from uncovering new genetic correlations to empowering robotic surgical systems ...

Know More
Read More
Read more
Sonic Launches Mainnet With Advanced Blockchain Features And 200M S Token Airdrop
News Report Technology
Sonic Launches Mainnet With Advanced Blockchain Features And 200M S Token Airdrop
December 18, 2024
PancakeSwap Rolls Out PancakeSwap Bridge, Enabling Cross-Chain Transfers Across 8 Networks
News Report Technology
PancakeSwap Rolls Out PancakeSwap Bridge, Enabling Cross-Chain Transfers Across 8 Networks
December 18, 2024
Exploring Liquidity Bottlenecks In Meme Perpetual Contracts Market: Analysis Of Orderly Network, dYdX, And Injective
Opinion Markets Technology
Exploring Liquidity Bottlenecks In Meme Perpetual Contracts Market: Analysis Of Orderly Network, dYdX, And Injective
December 18, 2024
Flare Completes Open Beta And Launches FXRP On Songbird
News Report Technology
Flare Completes Open Beta And Launches FXRP On Songbird
December 18, 2024