Thirdweb, a smart contract development firm, recently identified a security flaw that could have significant implications for various smart contracts within the Web3 ecosystem. They disclosed this vulnerability on December 4, pinpointing a commonly used open-source library as the source of the issue.
The potential impact extends to specific pre-built smart contracts, including some developed by Thirdweb. Fortunately, Thirdweb’s investigations revealed that the vulnerability has not been exploited. This discovery offers a brief window for Web3 companies to take preventive measures and protect their smart contracts from potential hacks.
After issuing a proactive alert to the Web3 ecosystem, the company advised users who had implemented its contracts before November 22 to independently address potential risks or utilize a tool provided by the company for mitigation purposes.
Thirdweb recommended developers assist users in withdrawing their permissions from all impacted contracts using revoke.cash. This step is crucial for safeguarding users, especially if developers opt not to address the issues in the contract. DefiLlama developer “0xngmi” shared this advice on the request to revoke approvals.
Thirdweb promised to boost their spending on security measures and to double the rewards for finding bugs, increasing the payout from $25,000 to $50,000. Additionally, they committed to implementing a stricter auditing process. As a proactive step, the company also extended a grant to cover the costs of addressing and mitigating the issue through contracts.
Also Read: Web3 Startup Bastion Appoints Caroline Friedman as COO
