In a lengthy post on X, Thirdweb, a key player in the Web3 space, unveiled a security flaw affecting numerous smart contracts, including some of Thirdweb’s pre-built versions.
Thirdweb took immediate measures to address the vulnerability and made a massive commitment to security in the future.
Thirdweb Detected a Smart Contract Vulnerability
According to the tweet, Thirdweb detected the vulnerability on November 20. Per the report, the vulnerability discovered in a popular open-source library has yet to be exploited.
On unearthing the flaw, Thirdweb immediately took measures to protect customers including creating a tool to help in risk mitigation. As such, the post highlighted a must-follow procedure for all contract owners to mitigate the risks.
The contracts exposed include DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20. Users who deployed any of those contracts before November 22 need to take urgent mitigation steps, according to Thirdweb.
As per the tweet,
“In most cases, the mitigation steps will involve locking the contract, taking a snapshot and migrating to a new contract without the known vulnerability. The exact steps you need to take will depend on the nature of your smart contract, and you can determine these using the tool.”
Before beginning the mitigation procedure, contract creators should allow token holders in liquidity or staking pools to withdraw their tokens.
Emphasis on Commitment to Security
Thirdweb took this time to express its commitment to security measures to create a safe environment for web3 developers. For instance, Thirdweb will offer gas grants for contract creators to cover the fees of contract mitigation.
The network will increase the bug bounty payouts from $25k to $50k per bounty. Moreover, Thirdweb will implement a more rigorous auditing process.
This case underscores the need for proper auditing protocols within the crypto space. However, even with auditing, chances of vulnerability or attacks remain high. Earlier this year, a Certik audited project, Merlin, was wholly drained in a rug-pull.
