Thirdweb, a smart contract development company, reported a security vulnerability that could "impact various smart contracts in the Web3 ecosystem."
On December 4th, Thirdweb reported a vulnerability in a commonly used open-source library that could affect specific pre-built smart contracts, including some of its own contracts. However, Thirdweb's investigation concluded that the smart contract vulnerability has not been exploited at present, providing a small window of opportunity for Web3 companies to avoid potential hacker attacks.
Nevertheless, Thirdweb emphasized that if not corrected immediately, the vulnerability could lead to significant losses:
After issuing a proactive warning to the Web3 ecosystem, the company reminded independent users who deployed their contracts before November 22nd or used tools provided by the company to "take mitigating measures."
Thirdweb also recommended developers to use revoke.cash to help users revoke approvals for all affected contracts, stating that "if you choose not to revoke the contract, this will protect users," as commented by DefiLlama developer "0xngmi."
btw this seems important, they're asking to revoke all approvals to third web contracts (you might have interacted with them without knowing as they're white-labelled, especially if you do stuff around nfts) https://t.co/T1YU9xnIRb
Thirdweb has contacted the maintainers of the open-source library at the root of the vulnerability and other teams that may be affected by the issue.
The company has also pledged to increase investment in security measures, doubling the bug bounty for the vulnerability from $25,000 to $50,000, and implementing stricter audit processes. Additionally, they have provided funds to cover the costs of revoking contracts.
For security reasons, the full details of the vulnerability have not been disclosed. Cointelegraph contacted Thirdweb for further updates, but they requested to refer to this blog post.
In August 2022, Thirdweb raised $24 million in Series A funding from Haun Ventures, Coinbase, Shopify, and Polygon.
This Web3 company provides multi-chain smart contract deployment tools for gaming, minting, markets, and wallets, claiming to have over 70,000 developers using its services monthly.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
