Smart contract development firm Thirdweb has discovered security vulnerabilities that potentially “affect various smart contracts in the Web3 ecosystem.”
Thirdweb, an all-in-one development platform that provides EVM smart contracts, says it found a vulnerability in a popular open-source library that could potentially affect some pre-built smart contracts, including some of its own.
— thirdweb (@thirdweb) December 5, 2023IMPORTANT
On November 20th, 2023 6pm PST, we became aware of a security vulnerability in a commonly used open-source library in the web3 industry.
This impacts a variety of smart contracts across the web3 ecosystem, including some of thirdweb’s pre-built smart contracts.…
The team added that the smart contract vulnerability has not yet been exploited, but warned customers that the exploit could cause smart contract vulnerabilities.
The firm warned users who deployed its contracts before Nov. 22 to “take mitigation measures” either on their own or through a tool provided by the company.
“We understand that this will cause disruption, and we are treating the mitigation of the issue with the utmost seriousness. We will be offering a retroactive gas grant to cover fees for contract mitigations.”
Thirdweb team
In June, an experiment by OpenZeppelin showed that AI can be a useful tool for detecting some security vulnerabilities, although GPT-4’s smart contract analysis cannot replace human security audits.
In some cases, even with strict guidance, the AI was unable to develop the right strategy. This highlights the potential of artificial intelligence tools to improve audit effectiveness when the auditor specifically knows what to look for.