According to Thirdweb, a Web3 ecosystem-based smart contract development company, there is a security flaw that might impact several different types of Web3 smart contracts.
The company offers multichain smart contract deployment tools for a variety of applications, including gaming, minting, marketplaces, and wallets, and has over 70,000 developers as users.
User Protection in Web3: Thirdweb’s Recommendations
Thirdweb recently revealed a vulnerability in a popular open-source library that may affect certain pre-built smart contracts, including some created by the company
Thirdweb’s studies revealed that no one had taken advantage of the smart contract weakness despite discovering this vulnerability. Nonetheless, this presents a constrained window of time for Web3 companies to implement preventive measures and stop a possible security compromise.
Thirdweb highlighted that if the vulnerability isn’t fixed in time, it could lead to serious repercussions. Should this issue remain unfixed, there is a risk associated with the impacted pre-built contracts, which include AirdropERC20, ERC721, DropERC20, and ERC721.
Following its discovery, Thirdweb alerted the Web3 ecosystem in a proactive manner, advising users who had deployed its contracts by November 22 to either use a tool offered by the firm or take independent mitigating measures.
Thirdweb also recommended developers help users withdraw approvals on any contracts that are affected through the use of revoke.cash, as suggested by DefiLlama developer “0xngmi” in answer to the request for revocation of approval. The goal of the measure was to provide additional protection for users who choose not to apply contract mitigation measures.
Boosting Cybersecurity: Thirdweb Doubles Bug Bounty Awards and Increases Security Investment
Thirdweb has implemented a number of preventive measures in response to the vulnerability found in a widely used open-source library. The company has gotten in touch with the open-source library maintainers responsible for the vulnerability, as well as other teams who might be impacted.
In order to strengthen its security procedures, Thirdweb has doubled its bug bounty awards from $25,000 to $50,000 and committed to boosting its investment in security. Furthermore, the company is putting in place a stricter auditing procedure to improve the general security of its smart contract deployment tools.
In addition, Thirdweb has extended an offer of funding to cover contract mitigations for impacted users. The company hasn’t revealed all of the vulnerability’s details, though, for security concerns.
Notably, in August 2022, Thirdweb raised $24 million in a Series A fundraising round, with contributions from prominent companies like Shopify, Haun Ventures, Polygon, and Coinbase.
Takeaways
Thirdweb has demonstrated its commitment to user safety and the overall security of the Web3 ecosystem by taking proactive measures to address the disclosed security problem. Thirdweb confirms its commitment to strengthening cybersecurity by putting preventive measures in place, tripling bug bounty payouts, and providing financing for contract mitigations.
