Smart contract development company Thirdweb has discovered security vulnerabilities that potentially “affect several smart contracts in the Web3 ecosystem.”
Thirdweb, an all-in-one development platform that provides EVM smart contracts, says it has found a vulnerability in a popular open source library that could potentially affect some pre-built smart contracts, including some of its own.
The team added that the smart contract vulnerability has not yet been exploited, but warned customers that the exploit could cause smart contract vulnerabilities.
The company warned users who implemented its contracts before November 22 to “take mitigation measures,” either on their own or through a company-provided tool.
“We understand that this will cause disruption and we are treating the resolution of the problem with the utmost seriousness. We will offer a retroactive gas subsidy to cover the costs of contract restrictions.”
Thirdweb team
In June, an experiment from OpenZeppelin showed that AI can be a useful tool for detecting certain security vulnerabilities, although GPT-4’s smart contract analysis cannot replace human security audits.
In some cases, even under strict guidance, the AI was unable to develop the right strategy. This highlights the potential of artificial intelligence tools to improve audit effectiveness when the auditor knows specifically what to look for.