Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
Thirdweb: There is a security vulnerability in a commonly used open source library. Contracts created on the platform before November 23 need to take

Thirdweb: There is a security vulnerability in a commonly used open source library. Contracts created on the platform before November 23 need to take

CointimeCointime2023/12/05 02:30
By:Cointime

Thirdweb, a Web3 developer platform, posted on X platform that they discovered a security vulnerability in commonly used open source libraries in the Web3 industry at 10:00 on November 21st Beijing time. This will affect various smart contracts in the Web3 ecosystem, including some pre-built smart contracts by Thirdweb. According to investigations so far, this vulnerability has not been exploited in ThirdWeb smart contracts. However, smart contract owners must take mitigating measures for certain pre-built contracts created on ThirdWeb before 11:00 on November 23rd Beijing time. Affected pre-built contracts include but are not limited to DropERC20, ERC721, ERC1155 (all versions), and AirdropERC20.

Thirdweb stated that the top priority is to protect affected customers from this vulnerability. If contract builders deployed one of these pre-built smart contracts using Thirdweb's dashboard or SDK before 11:00 on November 23rd Beijing time, they need to take some steps to mitigate potential exploitation of this vulnerability. In most cases, mitigation measures will involve locking the contract, taking a snapshot, and migrating to a new contract without known vulnerabilities.

It should be noted that if the contract builder's holder has locked tokens in any liquidity or staking pool, they should withdraw these tokens before starting these steps. Otherwise, the contract builder will not be able to distribute new tokens to these users. In addition, contract builders should use http://revoke.cash to request that their users revoke approval for all ThirdWeb contracts. The team has successfully launched remedial measures for all affected pre-built contracts created for Thirdweb after 11:00 on November 23rd Beijing time. All other ThirdWeb services, including wallets, payments, and infrastructure services, are not affected and operate as usual.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

Sony is supposedly working on a handheld PlayStation console to support PS5 games

Share link:In this post: A Bloomberg report suggested that Sony is working on a handheld PlayStation console that will support PS5 games. The report suggested the possibility of the device being years away from launch. Nintendo is currently the only console with a handheld device and will launch its successor next year, while Microsoft is also working on its handheld console.

Cryptopolitan2024/11/25 16:22

UK plans to integrate crypto with traditional finance

Share link:In this post: The UK government is pushing for the integration of traditional finance and crypto assets. Bank of England and the Financial Conduct Authority launched the Digital Securities Sandbox. A Digital Assets Bill was also added to the UK Parliament.

Cryptopolitan2024/11/25 16:22