Web3 Firm Thirdweb Finds Major Vulnerability In Smart Contracts

Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Last updated:
Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Author
Brian Yue
Author Categories
About Author

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more
In an X post on Monday, the firm notified its followers that it had found a vulnerability in a commonly used open-source library that could impact specific pre-built smart contracts, including some of its own.
Source: Pixabay

Web3 developer Thirdweb has disclosed a security vulnerability that has the potential to affect a range of smart contracts within the Web3 ecosystem.

In an X post on Monday, the firm notified its followers that it had found a vulnerability in a commonly used open-source library that could impact specific pre-built smart contracts, including some of its own.

Luckily, Thirdweb’s investigations determined that the smart contract vulnerability remains unexploited, providing a brief window of opportunity for Web3 firms to take preventive measures and mitigate the risk of a potential hack.

“In most cases, the mitigation steps will involve locking the contract, taking a snapshot and migrating to a new contract without the known vulnerability,” the firm said on X. “The exact steps you need to take will depend on the nature of your smart contract, and you can determine these using the tool.”

Thirdweb noted that the impacted pre-built contracts include but are not limited to DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20. The company included a link to see a full list of impacted smart contracts and mitigation steps.

The company advised users who had deployed the listed smart contracts before November 22 to immediately take mitigation steps or use a company-provided tool.

Thirdweb also recommended developers assist users in revoking approvals on all affected contracts through revoke.cash. DefiLlama developer “0xngmi” noted in a reply to the post that this would “protect your users if you choose not to mitigate the contract.”

Following the discovery of the vulnerability, Thirdweb has committed to increasing investments in security measures. The firm plans to double bug bounty payouts, raising them from $25,000 to $50,000, and is implementing a more stringent auditing process. The Web3 developer will also provide a grant to cover the costs associated with contract mitigations.

“We understand that this will cause disruption, and we are treating the mitigation of the issue with the utmost seriousness,” the firm continued in its post. “We will be offering a retroactive gas grant to cover fees for contract mitigations.”

Thirdweb is a Web3 developer that provides multichain smart contract deployment tools for minting, gaming, wallets, and more. The firm claims to have more than 70,000 developers using its services monthly.

The company previously raised $24 million in a Series A funding round with Haun Ventures, Coinbase, Shopify and Polygon in August 2022.

 

More Articles

Podcast
TEAMZ Summit 2025 to Bring Global Web3 and AI Leaders to Tokyo
2025-02-07 12:04:08
Blockchain News
Kadena Partners With Croatian Football Federation, ERC-20 Fan Token Migrates from Polygon
Sead Fadilpašić
Sead Fadilpašić
2025-02-07 12:01:30
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors