Critical Vulnerability Discovered in Common Web3 Development Library
ThirdWeb, a web3 development platform, reported the discovery of a critical vulnerability in popular open-source smart contract library.
The Deets
- Affected Contracts: DropERC20, ERC721, ERC1155, and AirdropERC20 among others.
- Impact: Variety of smart contracts across the web3 ecosystem.
- Mitigation: Locking contract, taking a snapshot, and migrating to a new contract.
- Tool Available: Mitigation tool at https://mitigate.thirdweb.com for affected contracts.
The Bulk
A significant security vulnerability has been detected in a widely-used open-source library in the web3 sector. This flaw potentially impacts numerous smart contracts, including several of thirdweb’s pre-built contracts, such as DropERC20, ERC721, ERC1155, and AirdropERC20. Smart contract owners who have used thirdweb's services before November 22, 2023, are urged to take immediate action to avoid potential exploitation.
Thirdweb has swiftly responded by providing a mitigation tool to assist contract owners in assessing and executing necessary steps. These steps typically involve locking the affected contract, creating a snapshot, and transitioning to a safer contract. It's imperative for holders to withdraw tokens from any liquidity or staking pools and revoke approvals on thirdweb contracts as precautionary measures.
🎤 Platform Prose
We understand that this will cause disruption, and we are treating the mitigation of the issue with the utmost seriousness. We will be offering a retroactive gas grant to cover fees for contract mitigations.Thirdweb
🎬 Take Action
If you've deployed any pre-built smart contracts using thirdweb before November 22, 2023, visit https://mitigate.thirdweb.com immediately to assess and mitigate your risk.
🔜 What's Next?
Thirdweb is doubling down on its security measures, including a significant increase in bug bounty payouts and more rigorous auditing processes. This proactive approach aims to fortify the web3 development environment against future vulnerabilities.
For more web3 and NFT news, visit the Lucky Trader newsfeed.