Blockchain infrastructure security provider OpenZeppelin has launched a metaverse security service bagging The Sandbox, a decentralised gaming virtual world, as its first customer.
The blockchain security firm behind the Forta network audits smart contracts, monitors vulnerabilities and provides alerts for potential threats to the metaverse.
According to Michael Lewellen, head of solutions architecture at OpenZeppelin, the metaverse security service is “a step forward” as projects have been previously reliant on “piecemeal audits”.
“Metaverse projects can now leverage ongoing audit expertise to go beyond the code to support better security practices for on-chain monitoring, access control and other enhancements that are crucial for securing future growth,” Lewellen explains. “We’re delighted that The Sandbox has chosen to be our first client for this new service and we believe their forward-thinking approach to security will be mirrored by many more in the months ahead.”
Forta’s smart contracts
The new metaverse security solution leverages services provided by Forta, including smart contract and transaction activity monitoring. It also sends notifications for risks or anomalies.
In November, the OpenZeppelin team provided feedback and suggested process changes in order to reduce potential attack surfaces.
Sebastien Borget, COO and co-founder of The Sandbox, said: “It’s important to ensure safety for our users. We’re pleased to use OpenZeppelin’s security service as an important part of our suite of security tools and strategies. As we continue to grow our community, their long established experience in this area makes them the perfect choice for us.”
According to OpenZepplin, platform authenticity and cyberthreats are some of the other major issues metaverse users need protection from. This is in addition to identity protection and verification, and hardware security. Recent times have also seen an influx of hacks and exploits in the decentralised finance (DeFi) space. As an extension of the Web3 world, the metaverse will be a target for hackers in the very same way.
Continual audit support
As part of the agreement with The Sandbox, OpenZepplin also provides continual audit support of The Sandbox’s various system components. This includes its ERC20 token, meta-transaction implementation, multiple NFT and semi-fungible token contracts. In addition to its escrowless auctions feature as well.
OpenZeppelin also provides monitoring recommendations as part of its report. Ten ‘detection bots; can monitor privileged accounts, multi-signature transactions, DAO activity, DeFi dependencies, as well as anomalous activity.
Each detection bot code is available under the MIT open-source licence. They run 24/7 on the decentralised alarm system for Web3 and the Forta Network with OpenZeppelin providing ongoing upkeep and assistance.
The Sandbox metaverse offers players and creators a decentralised platform to create immersive 3D worlds and game experiences. Its existing logging and key management systems, including Splunk, Datadog, or other API-based systems, are integrated with the all-in-one dashboard.