In light of a recently discovered security vulnerability in a widely used open-source library impacting Web3 smart contracts, Web3 developer Thirdweb has taken proactive measures to address the issue. The company confirmed the presence of the vulnerability, which affects numerous smart contracts within the Web3 ecosystem. As a response, Thirdweb has not only identified the affected smart contracts but is also increasing its bounty rewards to $50,000 and implementing a more rigorous auditing process.
According to a statement released by Thirdweb on December 4, the vulnerability was initially identified on November 20 and impacts a variety of smart contracts, including some of Thirdweb’s pre-built smart contracts. While the vulnerability has not been exploited thus far, the company is urging smart contract owners to take mitigation steps on certain pre-built smart contracts that were created prior to November 22, 2023 at 7pm PT.
Thirdweb has identified 13 affected smart contracts, including AirdropERC20, ERC721, ERC1155, and others. The company has advised smart contract owners to take proactive mitigation steps to prevent exploitation. Additionally, Thirdweb is working with security partners to develop tools for easy identification and execution of necessary mitigation measures, which may involve contract locking, snapshot creation, and migration to a new contract. Users of these contracts are also encouraged to revoke approvals on all Thirdweb contracts.
The company’s decision to increase the bounty rewards to $50,000 demonstrates its commitment to addressing the security vulnerability and incentivizing the community to actively contribute to the identification and resolution of potential threats. Moreover, Thirdweb’s decision to implement a more rigorous auditing process reflects its dedication to ensuring the security and integrity of its platform and smart contracts.
In response to the vulnerability, several NFT projects, including OpenSea, have engaged in discussions with Thirdweb regarding security concerns in specific NFT collections. While some NFT collections have reassured their holders that they are not affected by the vulnerabilities, the disclosure approach taken by Thirdweb has received criticism within the community.
As Thirdweb continues to address the security vulnerability and work collaboratively with security partners and affected smart contract owners, the company’s efforts reflect a proactive and responsible approach to mitigating potential risks within the Web3 ecosystem. The increased bounty rewards and rigorous auditing process underscore Thirdweb’s commitment to enhancing the security and resilience of Web3 smart contracts.