Error in Web3 Smart Contracts Leads to Rise in Bug Bounty Payments

News Report: Vulnerability Discovered in Web3 Smart Contracts

The Thirdweb company, specializing in smart contract development, has discovered a vulnerability affecting numerous smart contracts in the Web3 ecosystem. The problem was identified in the popular open library on December 4 and can affect some of the pre-created smart contracts, including those developed by Thirdweb.

Despite the fact that the vulnerability has not yet been exploited by attackers, it has the potential to cause significant damage if not addressed. According to Thirdweb, the affected contracts include DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20.

In response, Thirdweb has issued a warning to the Web3 ecosystem, urging users with contracts vulnerable to the exploit to take immediate action to protect their contracts. The company recommends using the Revoke.cash tool to recall permissions to the affected contracts and is offering assistance in resolving the vulnerabilities.

To further enhance security measures, Thirdweb has doubled the rewards for discovering vulnerabilities from $25,000 to $50,000 and has tightened the audit process. The company is offering grants to cover the costs of addressing the vulnerabilities and promises to compensate for gas commissions incurred during the correction of contracts. Detailed information regarding the vulnerability has not been disclosed for security reasons. Thirdweb has reached out to the open library and other potentially affected teams.

/Reports, release notes, official announcements.