BanklessTimes
Home News Web3 Company Identifies Huge Security Issue in Common Smart Contracts

Web3 Company Identifies Huge Security Issue in Common Smart Contracts

Daniela Kirova
Daniela Kirova
Daniela Kirova
Author:
Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.
December 5th, 2023
  • The flaw can cause huge damage if it is not remedied at once
  • Developers should assist users in revoking approvals of all impacted contracts

Smart contract development company Thirdweb reported a security flaw that can potentially impact a multitude of smart contracts throughout the Web3 ecosystem, Cointelegraph reported.

The vulnerability that has been reported affects a very popular open-source library that can impact certain pre-built smart contracts, including those within the library in question. According to Thirdweb, no one has exploited the smart contract vulnerability yet, which gives Web3 companies a chance to avoid a possible hack.

Massive damage is possible

Thirdweb tweeted that the impacted contracts include DropERC20, AirdropERC20, ERC721, ERC1155, and other versions. The flaw can cause huge damage if it is not remedied at once, Thirdweb stated.

After issuing the proactive warning to the Web3 community, the company advised users who had deployed smart contracts before Nov. 22 to use a third-party tool or act independently to mitigate the matter.

Thirdweb recommended developers assist users in revoking approvals of all impacted contracts in case they opt out of mitigating them. The company got in touch with the entities maintaining the open-source library at the core of the vulnerability as well as other teams that the issue can potentially impact.

More rigorous auditing processes

The Web3 company promised to increase its investments in security measures, which includes executing more rigorous audits and doubling its bug bounty payouts to $50,000. The company will also cover smart contract mitigation measures by means of a grant. It stated:

We understand that this will cause disruption, and we are treating the mitigation of the issue with the utmost seriousness. We will be offering a retroactive gas grant to cover fees for contract mitigations.

Coinbase and Shopify among Series A investors

Companies such as Coinbase, Polygon, and Shopify took part in a Series A funding round, which raised $24 million for Thirdweb in August 2022. The firm provides smart contract deployment tools on multiple blockchains for wallets, gaming, marketplaces, and minting.

Contributors

Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.