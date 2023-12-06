ThirdWeb, a smart contract development firm within the Web3 ecosystem, has discovered a security vulnerability that potentially impacts a range of smart contracts in the Web3 landscape.

The company provides multichain smart contract deployment tools for various applications such as gaming, minting, marketplaces, and wallets with a user base of over 70,000 developers.

ThirdWeb disclosed security vulnerability

On December 4, ThirdWeb disclosed a vulnerability in the widely used open-source library X that could affect specific pre-built smart contracts, including some developed by the firm itself. Are.

Important On November 20th, 2023 at 6pm PST, we became aware of a security vulnerability in a commonly used open-source library in the Web3 industry. It affects a variety of smart contracts in the Web3 ecosystem, including some of ThirdWeb’s pre-built smart contracts.… – thirdweb (@thirdweb) 5 December 2023

Despite identifying this vulnerability, ThirdWeb’s investigation determined that no one had exploited the smart contract flaw. This provides limited opportunities for Web3 firms to take preventive measures and prevent potential security breaches.

ThirdWeb stressed that failing to immediately address the vulnerability could have serious consequences. Affected pre-built contracts, including but not limited to DropERC20, ERC721, ERC1155 (all versions), and AirDropERC20, are at risk if not patched.

In response to this discovery, ThirdWeb issued a proactive alert to the Web3 ecosystem, urging users who deployed their contracts before November 22 to take independent mitigation steps or use company-provided tools.

Additionally, ThirdWeb advised developers to assist users in revoking approval on all affected contracts using revoke.cash, as suggested by DefiLlama developer “0xngmi” in response to a request for approval revocation. This measure is intended to provide additional protection for users who may decide not to implement contract mitigation steps.

ThirdWeb enhances security measures

In response to a vulnerability identified in a commonly used open-source library, ThirdWeb has taken several proactive steps. The company has contacted the maintainers of the open-source library responsible for this vulnerability and has also contacted other teams that may be affected by the issue.

ThirdWeb has committed to increasing its investment in security and has decided to double the bug bounty payout from $25,000 to $50,000 to strengthen its security measures. Additionally, the company is implementing a more rigorous auditing process to increase the overall security of its smart contract deployment tools.

ThirdWeb has also offered grants to cover contract mitigation for affected users. However, due to security reasons, the platform has not disclosed the full details of the vulnerability.

Notably, ThirdWeb successfully raised $24 million in a Series A funding round in August 2022, with contributions from notable institutions such as Hahn Ventures, Shopify, Coinbase, and Polygon.

Special Offer (Sponsored)

Binance Free $100 (Exclusive): Use this link to register and get $100 free and 10% off fees on Binance Futures your first month. (terms).

source: cryptopotato.com