What are the consequences of a vulnerability if information about it is carefully hidden?
The company Thirdweb, specializing in the development of smart contracts, discovered a vulnerability affecting many smart contracts in the Web3 ecosystem. The problem was identified in the popular open library on December 4 and may affect some of the pre-created smart contracts, including those developed by Thirdweb itself.
Despite the fact that the vulnerability has not yet been exploited by attackers, it can lead to significant damage if it is not fixed. According to Thirdweb, the affected off-the-shelf contracts include, but are not limited to, DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20.
Thirdweb alerted the Web3 ecosystem and encouraged users using affected contracts to take steps to protect them. The company recommended using the revoke. cash tool to revoke permissions for affected contracts and offered assistance in fixing the vulnerability.
Thirdweb has also stepped up its security measures, doubling bug bounties from $25,000 to $50,000, and tightening the audit process. The company offered a grant to cover the cost of fixing the flaws and promised to compensate the gas commission for fixing the contracts. Details of the vulnerability were not disclosed for security reasons. Thirdweb reached out to the maintainers of the open library and other potentially affected teams.
The company Thirdweb, specializing in the development of smart contracts, discovered a vulnerability affecting many smart contracts in the Web3 ecosystem. The problem was identified in the popular open library on December 4 and may affect some of the pre-created smart contracts, including those developed by Thirdweb itself.
Despite the fact that the vulnerability has not yet been exploited by attackers, it can lead to significant damage if it is not fixed. According to Thirdweb, the affected off-the-shelf contracts include, but are not limited to, DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20.
Thirdweb alerted the Web3 ecosystem and encouraged users using affected contracts to take steps to protect them. The company recommended using the revoke. cash tool to revoke permissions for affected contracts and offered assistance in fixing the vulnerability.
Thirdweb has also stepped up its security measures, doubling bug bounties from $25,000 to $50,000, and tightening the audit process. The company offered a grant to cover the cost of fixing the flaws and promised to compensate the gas commission for fixing the contracts. Details of the vulnerability were not disclosed for security reasons. Thirdweb reached out to the maintainers of the open library and other potentially affected teams.
