Thirdweb, a Web3 development framework provider, has announced that it has started mitigating a vulnerability that could potentially affect thousands of smart contracts across several networks. The vulnerability, uncovered in November, impacts various pre-built smart contracts that the framework provides for rapidly deploying applications using an undisclosed open-source library.
Thirdweb Mitigates Critical Vulnerability Across Dozens of EVM Networks
Thirdweb, a Web3 development framework provider, is mitigating the impact of a recently discovered vulnerability in its smart contracts suite. The organization stated that in the last 48 hours, more than 8,000 contracts had been mitigated to contain the impact of this vulnerability, and it is working to extend these actions.
While the organization stated that the vulnerability derived from an open-source Web3 library used across the industry, it has not disclosed its specific nature or its mitigation procedures. Thirdweb announced the vulnerability affected several of its pre-built smart contracts provided by the organization for deploying applications across Ethereum Virtual Machine (EVM) chains.
As of writing, Thirdweb has acknowledged that only two smart contracts have been exploited, without offering more details.
The vulnerability was discovered on November 20, when the organization started working to develop a mitigation tool. The situation was publicly disclosed on December 4, with Thirdweb having worked with affected partners like NFT market Opensea previously, to warn them.
In addition, Thirdweb contacted the maintainers and third parties using this undisclosed Web3 open-source library to inform them about the issue and to share its findings and mitigation measures.
Thirdweb also revealed that it would ramp up its investment in security, doubling its payments for its already existing bug bounty program from $25,000 to $50,000 and implementing more rigorous auditing processes.
Hacks and exploits have soared during 2023. According to Certik, a blockchain security company, more than $1 billion had been stolen from smart contracts as of the beginning of September. The cost of attacks ramped up in September, with $332 million lost to hacks, scams, and exploits in this month.
What do you think about Thirdweb’s vulnerability disclosure and mitigation actions? Tell us in the comments section below.
