{"id":26127,"date":"2023-12-05T08:41:09","date_gmt":"2023-12-05T08:41:09","guid":{"rendered":"https:\/\/nftandcrypto-news.com\/crypto\/web3-firm-detects-major-security-flaw-in-common-smart-contracts\/"},"modified":"2023-12-05T08:41:12","modified_gmt":"2023-12-05T08:41:12","slug":"web3-firm-detects-major-security-flaw-in-common-smart-contracts","status":"publish","type":"post","link":"https:\/\/nftandcrypto-news.com\/crypto\/web3-firm-detects-major-security-flaw-in-common-smart-contracts\/","title":{"rendered":"Web3 firm detects major security flaw in common smart contracts"},"content":{"rendered":"

<\/p>\n

\n

Smart contract development firm Thirdweb reported a security vulnerability that potentially \u201cimpacts a variety of smart contracts across the Web3 ecosystem.\u201d<\/p>\n

On Dec. 4, Thirdweb reported a vulnerability in a commonly used open-source library that could impact specific pre-built smart contracts, including some of its own.\u00a0However, Thirdweb\u2019s investigations concluded that the smart contract vulnerability has not yet been exploited, allowing a small window of opportunity for Web3 firms to avoid a possible hack.<\/p>\n

Highlighting the vulnerability\u2019s potential to cause massive damage if not rectified immediately, Thirdweb stated<\/a>:<\/p>\n

\u201cThe impacted pre-built contracts include but are not limited to DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20.\u201d<\/p><\/blockquote>\n

Following the proactive warning to Web3 ecosystem,\u00a0the firm cautioned users who deployed its contracts before Nov. 22 to \u201ctake mitigation steps\u201d independently or by using a company-provided tool.<\/p>\n

\n

IMPORTANT <\/p>\n

On November 20th, 2023 6pm PST, we became aware of a security vulnerability in a commonly used open-source library in the web3 industry.<\/p>\n

This impacts a variety of smart contracts across the web3 ecosystem, including some of thirdweb\u2019s pre-built smart contracts.\u2026<\/p>\n

\u2014 thirdweb (@thirdweb) December 5, 2023<\/a><\/p><\/blockquote>\n

Thirdweb also advised developers to help users revoke approvals on all affected contracts using revoke.cash, \u201cwhich will protect your users if you choose not to mitigate the contract,\u201d\u00a0DefiLlama developer \u201c0xngmi\u201d commented on the request to revoke approvals.<\/p>\n

\n

btw this seems important, theyre asking to revoke all approvals to third web contracts (you might have interacted with them without knowing as theyre white-labelled, especially if you do stuff around nfts) https:\/\/t.co\/T1YU9xnIRb<\/p>\n

\u2014 0xngmi (@0xngmi) December 5, 2023<\/a><\/p><\/blockquote>\n

Thirdweb has contacted the maintainers of the open-source library at the root of the vulnerability and contacted other teams potentially impacted by the issue.<\/p>\n

It also pledged to increase investment in security measures and double bug bounty payouts from $25,000 to $50,000 while implementing a more rigorous auditing process. The firm also offered a grant to cover contract mitigations. <\/p>\n

\u201cWe understand that this will cause disruption, and we are treating the mitigation of the issue with the utmost seriousness. We will be offering a retroactive gas grant to cover fees for contract mitigations.\u201d<\/p><\/blockquote>\n

Full details of the vulnerability were not disclosed for security purposes, and Cointelegraph contacted Thirdweb for further updates but was\u00a0redirected to the blog post. <\/p>\n

Related: <\/em><\/strong>5 smart contract vulnerabilities: How to identify and mitigate them<\/em><\/strong><\/p>\n

The firm raised $24 million in a Series A funding round with Haun Ventures, Coinbase, Shopify and Polygon in August 2022. <\/p>\n

The Web3 company, which provides multichain smart contract deployment tools for gaming, minting, marketplaces and wallets, claims to have more than 70,000 developers using its services monthly.<\/p>\n

Magazine:\u00a0Real AI use cases in crypto: Crypto-based AI markets, and AI financial analysis<\/em><\/strong><\/p>\n<\/div>\n