Security Vulnerability Unearthed in Common Smart Contracts by Web3 Company

A significant security flaw in widely-used smart contracts, potentially impacting numerous contracts developed with a commonly utilized open-source library, has been discovered by the Web3 company Thirdweb.

Thirdweb, a firm specializing in smart contract development, unveiled a security vulnerability that could affect a range of smart contracts within the Web3 ecosystem. The revelation, made on December 4, pointed to a flaw in a widely employed open-source library, affecting specific pre-built smart contracts, including some created by Thirdweb itself. Despite the discovery, Thirdweb's investigations revealed that the vulnerability had not yet been exploited, offering a brief window for Web3 firms to safeguard against potential cyber threats.

To address the issue, Thirdweb suggested developers assist users in revoking approvals on all affected contracts using revoke.cash. Notably, this measure was highlighted by DefiLlama developer "0xngmi," emphasizing its role in protecting users who opt not to mitigate the contract.

For security reasons, detailed information about the vulnerability was not disclosed. Cointelegraph reached out to Thirdweb for additional updates but was directed to the company's blog post.

In August 2022, Thirdweb secured $24 million in a Series A funding round featuring investors such as Haun Ventures, Coinbase, Shopify, and Polygon. As a prominent Web3 entity, the company offers multichain smart contract deployment tools tailored for gaming, minting, marketplaces, and wallets. Thirdweb boasts a user base exceeding 70,000 developers utilizing its services on a monthly basis.