Web3 firm Thirdweb uncovers major security flaw in smart contracts


  • Thirdweb, a key developer in the Web3 ecosystem, has identified a significant security vulnerability in a widely used open-source library, affecting various smart contracts including gaming, minting, and wallets.
  • The firm has not detected any exploitation of this flaw and is urging those who used its contracts before November 22 to take immediate mitigation steps, while also doubling its bug bounty to $50,000 to enhance security.

Thirdweb, a prominent player in developing smart contracts for the Web3 ecosystem, recently identified a significant security vulnerability. This discovery has raised concerns across the Web3 industry, as it potentially impacts a broad array of smart contracts utilized in various applications.

The affected contracts span diverse domains, including gaming, minting, marketplaces, and wallets. Notably, according to a blog post, this vulnerability was found in a widely used open-source library, crucial to the operation of these smart contracts.

Thirdweb has decided not to reveal the name of the open-source library that was the source of the vulnerability or provide any information about the nature of the issue due to its apparent severity. OpenZeppelin, a popular open-source library for smart contracts, has stated that the problem is unrelated to its repository.

Despite the severity of the vulnerability, Thirdweb’s thorough investigation revealed that, fortunately, there have been no instances of exploitation to date. This finding provides a crucial window for Web3 firms to implement preventive measures and secure their systems against potential breaches. The vulnerability affects several pre-built contracts, notably DropERC20, ERC721, and ERC1155 standards, among others. Immediate action is necessary to mitigate risks associated with these contracts.

Thirdweb’s proactive measures and community guidance

In response to the vulnerability, Thirdweb has issued an urgent advisory to its user base, especially those who deployed contracts before November 22. The firm is guiding developers and users to take independent mitigation steps. This includes using tools provided by Thirdweb or employing solutions like revoke.cash, as recommended by DefiLlama developer “0xngmi”. These steps are essential for users who may opt not to update their contracts immediately.

Moreover, Thirdweb has contacted the maintainers of the affected open-source library and other teams that the issue might impact. To bolster its security protocols, Thirdweb has doubled its bug bounty payouts, increasing them from $25,000 to $50,000. This significant increase underscores the firm’s commitment to fortifying its security measures and ensuring the safety of its smart contract deployment tools. Additionally, a more rigorous auditing process is being implemented to enhance overall security.

Responsive actions to safeguard the Web3 ecosystem

The disclosure of this vulnerability has prompted a wave of responses from various industry players. Notable NFT marketplaces like OpenSea and Rarible, as well as Ethereum layer-2 scaling network Base, have acknowledged the potential impact on their platforms and are working to assist affected collection owners. 

Coinbase, another major entity in the space, revealed that some collections on its NFT platform are impacted. In contrast, smart contract startup Manifold confirmed its contracts are unaffected.

Prominent projects such as Cool Cats and Animoca Brands’ Mocaverse have taken steps to migrate their NFT collections to new contracts, ensuring the security of their assets. 

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.</em

Share link:

Damilola Lawrence

Damilola is a crypto enthusiast, content writer, and journalist. When he is not writing, he spends most of his time reading and keeping tabs on exciting projects in the blockchain space. He also studies the ramifications of Web3 and blockchain development to have a stake in the future economy.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

South Korea
Subscribe to CryptoPolitan