Web3 developer Thirdweb has disclosed a security vulnerability that has the potential to affect a range of smart contracts within the Web3 ecosystem.
In an X post on Monday, the firm notified its followers that it had found a vulnerability in a commonly used open-source library that could impact specific pre-built smart contracts, including some of its own.
Luckily, Thirdweb’s investigations determined that the smart contract vulnerability remains unexploited, providing a brief window of opportunity for Web3 firms to take preventive measures and mitigate the risk of a potential hack.
“In most cases, the mitigation steps will involve locking the contract, taking a snapshot and migrating to a new contract without the known vulnerability,” the firm said on X. “The exact steps you need to take will depend on the nature of your smart contract, and you can determine these using the tool.”
Thirdweb noted that the impacted pre-built contracts include but are not limited to DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20. The company included a link to see a full list of impacted smart contracts and mitigation steps.
The company advised users who had deployed the listed smart contracts before November 22 to immediately take mitigation steps or use a company-provided tool.
Thirdweb also recommended developers assist users in revoking approvals on all affected contracts through revoke.cash. DefiLlama developer “0xngmi” noted in a reply to the post that this would “protect your users if you choose not to mitigate the contract.”
Following the discovery of the vulnerability, Thirdweb has committed to increasing investments in security measures. The firm plans to double bug bounty payouts, raising them from $25,000 to
Read more on cryptonews.com