The Sandbox Signs Up OpenZeppelin’s First-of-its-Kind Web3 Metaverse Security Service

The first step into comprehensive Metaverse security

The Sandbox
3 min readDec 15, 2022

OpenZeppelin, a leading blockchain infrastructure security provider, has announced the launch of the world’s first comprehensive metaverse security service in partnership with The Sandbox.

This type of comprehensive security service has never been offered by any provider before and it goes well beyond the one-off audits that metaverse projects have relied on so far. The new service involves OpenZeppelin applying its real-time monitoring suite and broadcast alerts for potential threats and anomalies, while also providing routine codebase analysis and strengthening smart contract security.

“Our unique new service for comprehensive metaverse security is a step forward for metaverse and Web3 projects that have been reliant on piecemeal audits up until now. Metaverse projects can now leverage ongoing audit expertise to go beyond the code to support better security practices for on-chain monitoring, access control and other enhancements that are crucial for securing future growth. We’re delighted that The Sandbox has chosen to be our first client for this new service and we believe their forward-thinking approach to security will be mirrored by many more in the months ahead,” said Michael Lewellen, Head of Solutions Architecture at OpenZeppelin.

The first step of the service involved the auditing of an upcoming staking contract. During a two week period in November of this year, OpenZeppelin recommended a few optimization fixes, which The Sandbox managed to implement ahead of launch.

This new metaverse security solution relies on established OpenZeppelin security services, leveraging those provided by Forta. Forta will lead on smart contract and transaction activity monitoring and will send notifications when risks or anomalies are found.

“It’s important to ensure safety for our users, and we’re pleased to use OpenZeppelin’s security service as an important part of our suite of security tools and strategies,” said Sebastien Borget, COO and Co-Founder of The Sandbox. “As we continue to grow our community, their long established experience in this area makes them the perfect choice for us.”

Despite having immense potential, there are risks associated with the metaverse, for users and developers alike. Platform authenticity, cyberthreats, identity protection and verification, and hardware security are some of the other major issues users need protection from. Recent times have seen an influx of hacks and exploits in the Decentralized Finance (DeFi) space and, as an extension of the Web3 world, the metaverse will be a target for hackers in the very same way.

The new service that The Sandbox has agreed to purchase includes continual audit support of The Sandbox’s various system components, including its ERC20 token, meta-transaction implementation, multiple NFT and semi-fungible token contracts, as well as their escrowless auctions feature. Furthermore, OpenZeppelin will provide monitoring recommendations as part of its report. There will be 10 Detection Bots or more in the suite. To assist in spotting attacks before they take place, these Detection Bots may monitor privileged accounts, multi-signature transactions, DAO activity, DeFi dependencies, and anomalous activity.

Each detection bot code will be made available under the MIT open-source license. These Detection Bots will be running 24/7 on the decentralized alarm system for Web3, the Forta Network and can rely on OpenZeppelin to provide ongoing upkeep and assistance. The Sandbox’s existing logging and key management systems, whether Splunk, Datadog, or other API-based systems, will be integrated with the all-in-one dashboard for smart contract orchestration and automation, OpenZeppelin Defender.

Under the same umbrella, full incident response training on how to set up war rooms, security incident message planning setup of automatic pausing capabilities in OpenZeppelin Defender will be offered, allowing users to swiftly intervene and halt the system or a component of it if it is being attacked.

Open Zeppelin is trusted by industry stalwarts like Coinbase, Ethereum Foundation, Web3 Foundation, Compound, Brave, Augur, Cosmos, and DFINITY for creating secure, decentralized platforms. With more than a million downloads and 200 contributors, OpenZeppelin created and maintains the top Open Source library for developing smart contracts.