Thirdweb Addresses a Security Vulnerability in Web3 Library Affecting Its Smart Contracts
In Brief
Recently, Thirdweb unveiled a major security issue concerning a popular open-source library that is essential in the web3 sector for smart contract functionality.
Web3 development platform Thirdweb recently became aware of a critical security The vulnerability, identified on November 20th, 2023, carries serious repercussions for a variety of smart contracts within the web3 framework, notably including some of Thirdweb’s own offerings. Thirdweb’s own pre-built contracts.
This security flaw impacts various pre-defined contracts such as DropERC20, ERC721, ERC1155, and AirdropERC20. While their preliminary investigation suggests that none of their own contracts have been affected, Thirdweb has urgently called on all smart contract developers to take action.
Developers who launched contracts via Thirdweb’s dashboard or SDKs prior to November 22nd, 2023, should follow specific precautions to mitigate potential security risks. Recommended actions, which depend on the type of contract, generally include locking the contract and taking a snapshot. migrating to a new contract .
IMPORTANT
— thirdweb (@thirdweb) December 5, 2023
On November 20th, 2023 at 6 PM PST, we became aware of a security vulnerability within a widely adopted open-source library in the web3 landscape.
This issue could potentially impact a wide range of smart contracts throughout the web3 ecosystem, including several from Thirdweb's collection...
Guidance for Thirdweb Users of Smart Contracts
In response to the vulnerability, Thirdweb along with its security partners has created a resource to help contract owners identify and execute necessary protective measures. This resource, along with detailed instructions, is accessible on Thirdweb’s blog .
Upon discovering the flaw, Thirdweb’s security team collaborated with audit partners to investigate the situation and has successfully applied fixes for all affected contracts deployed after November 22nd, 2023. Contracts set up post this date using the updated version are secure.
In light of this incident, Thirdweb is committing more resources towards enhancing their security protocols.
This includes doubling bug bounty This includes improved audits and full coverage for gas expenses related to contract mitigation. Additionally, users are urged to revoke any approvals on Thirdweb contracts as a preventive step.
Looking ahead, Thirdweb's goal is to establish elevated security standards and foster a safe environment for web3 developers. The platform has also communicated with maintainers of the compromised library and other potentially affected teams to disseminate their findings and suggested response strategies.
This event highlights the critical need for robust security practices within the fast-evolving web3 sector. Thirdweb’s proactive stance and clear communication aim to safeguard the integrity and resilience of the web3 community.
Stay updated on cryptocurrency distributions through our Airdrops Calendar .
Disclaimer
In line with the Trust Project guidelines , and remember that the content shared on this page shouldn't be viewed as legal, tax, investment, or any type of financial advice. It's vital to only invest what you can afford to lose and to seek independent financial counsel if uncertainties arise. For further details, we recommend checking the terms and conditions as well as the support resources provided by the issuer or advertiser. MetaversePost promises accurate, impartial coverage, although market conditions may change without prior notice.
