Web3 公司检测到常见智能合约中的重大安全漏洞
作者:Martin Young,cointelegraph 翻译:善欧巴,比特币买卖交易网
智能合约开发公司 Thirdweb 报告了一个安全漏洞,该漏洞可能“影响整个 Web3 生态系统中的各种智能合约”。
12 月 4 日,Thirdweb 报告了常用开源库中的一个漏洞,该漏洞可能会影响特定的预构建智能合约,包括它自己的一些智能合约。然而,Thirdweb 的调查得出的结论是,智能合约漏洞尚未被利用,这为 Web3 公司避免可能的黑客攻击提供了很小的机会。
Thirdweb强调,如果不立即纠正,该漏洞可能会造成巨大损失。受影响的预建合约包括但不限于 DropERC20、ERC721、ERC1155(所有版本)和AirdropERC20。
在向 Web3 生态系统发出主动警告后,该公司警告在 11 月 22 日之前部署其合约的用户独立或使用公司提供的工具“采取缓解措施”。
Thirdweb 还建议开发人员使用 revoke.cash 帮助用户撤销对所有受影响合约的批准,“如果您选择不缓解合约,这将保护您的用户”,DefiLlama 开发人员“0xngmi”对撤销批准的请求发表评论。
Thirdweb已经联系了该漏洞根源的开源库的维护者,并联系了可能受到此问题影响的其他团队。
此外,Thirdweb承诺增加对安全措施的投资,并将漏洞赏金从25,000美元翻倍至50,000美元,同时实施更严格的审计流程。该公司还提供了一笔合同缓解补贴。
出于安全考虑,该漏洞的详细信息并未公开。Cointelegraph联系了Thirdweb以获取更多更新,但被重定向到博客文章。
该公司在2022年8月与Haun Ventures、Coinbase、Shopify和Polygon一起完成了一轮2400万美元的A轮融资。
这家Web3公司提供多链智能合约部署工具,用于游戏、铸造、市场和钱包等领域。据称,每月有超过7万名开发者使用其服务。
The smart contract development company of Shanouba Bitcoin Trading Network reported a security vulnerability, which may affect all kinds of smart contracts in the whole ecosystem. On March, a vulnerability in common open source libraries was reported, which may affect specific pre-built smart contracts, including some of its own smart contracts. However, the investigation concluded that the smart contract vulnerability has not been exploited, which provided a small opportunity for the company to avoid possible hacking attacks. The vulnerability may cause huge losses. The affected pre-built contracts include but are not limited to all versions, and after actively warning the ecosystem, the company warned users who deployed their contracts before March to take mitigation measures independently or using tools provided by the company. It also suggested that developers use to help users revoke the approval of all affected contracts. If you choose not to mitigate the contracts, this will protect your users. The developer has commented on the request to revoke the approval, and has contacted the root of the vulnerability. The maintainer of the open source library contacted other teams that may be affected by this problem, and promised to increase investment in security measures and double the bounty for the vulnerability from US dollars to US dollars, while implementing a stricter audit process. The company also provided a contract mitigation subsidy. For security reasons, the details of the vulnerability were not publicly contacted to get more updates, but were redirected to a blog post. The company completed a round of financing of US$ 10,000 with and in June. It is said that more than 10,000 developers use its services every month. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。