Web3 firm detects major security flaw in common smart contracts

A security vulnerability potentially affecting hundreds of smart contracts that were pre-built using a commonly used open-source library has been reported by Web3 firm Thirdweb.

Smart contract development firm Thirdweb reported a security vulnerability that potentially “impacts a variety of smart contracts across the Web3 ecosystem.”

On Dec.

Highlighting the vulnerability’s potential to cause massive damage if not rectified immediately, Thirdweb stated:

“The impacted pre-built contracts include but are not limited to DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20.”

Following the proactive warning to Web3 ecosystem, the firm cautioned users who deployed its contracts before Nov.

Thirdweb also advised developers to help users revoke approvals on all affected contracts using revoke.cash, “which will protect your users if you choose not to mitigate the contract,” DefiLlama developer “0xngmi” commented on the request to revoke approvals.

Thirdweb has contacted the maintainers of the open-source library at the root of the vulnerability and contacted other teams potentially impacted by the issue.

It also pledged to increase investment in security measures and double bug bounty payouts from $25,000 to $50,000 while implementing a more rigorous auditing process.

Read more

Leave a Reply