By: Isha Das
Thirdweb, a significant player in the Web3 ecosystem, recently confirmed a security vulnerability affecting a broad array of smart contracts, including their pre-built ones. The discovery originated from an issue detected in a widely-used open-source library. This flaw has raised concerns among developers as it carries the potential to influence numerous contracts across the Web3 environment.
On discovering the security vulnerability, Thirdweb prompted smart contract owners to initiate mitigation steps. Notably, this defect is yet to be exploited. The affected smart contracts include names like AirdropERC20, ERC721, and ERC1155. Depending on the contract in question, the necessary actions might involve contract locking, snapshot creation, and migration to a new agreement.
Proactive actions are encouraged by the Web3 Software Development Kit Provider to prevent exploitation. This has led the company to significantly enhance the bounty rewards for its platform to $50,000 while also implementing a more extensive auditing process.
Several NFT projects, such as OpenSea, reacted to the vulnerabilities by deliberating with Thirdweb regarding the security concerns. While some NFT collections reassured their holders about their immunity to these vulnerabilities, others have criticized Thirdweb's way of disclosure.