OpenZeppelin releases metaverse security service, signs up The Sandbox as client

Quick Take

  • OpenZeppelin has announced the launch of a security service for metaverse projects.
  • The Sandbox has hired OpenZeppelin for comprehensive security analysis.

Blockchain firm OpenZeppelin has announced the launch of its metaverse security service with The Sandbox, a gaming virtual world and a subsidiary of Animoca Brands, becoming the first to sign up.

With the service, OpenZeppelin aims to provide a comprehensive security analysis of metaverse-based applications. The firm plans to achieve this by applying real-time monitoring to detect potential threats and anomalies in such protocols on an ongoing basis, starting with The Sandbox.

“Metaverse projects can now leverage ongoing audit expertise to go beyond the code to support better security practices for on-chain monitoring, access control and other enhancements that are crucial for securing future growth,” said Michael Lewellen, head of solutions architecture at OpenZeppelin.

How will this work?

OpenZeppelin's metaverse security service has multiple components. The first is that the existing logging, key management systems and API-based systems used by The Sandbox will be integrated with a single security dashboard via a security tool called Defender. This tool will provide better visibility over web3 transactions taking place within the metaverse ecosystem, which will be useful in continuous audits of The Sandbox.

Secondly, the service combines OpenZeppelin’s expertise with Forta, a project that will monitor all activities on the metaverse and send notifications if any risks or anomalies on The Sandbox are detected. 


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

“It’s important to ensure safety for our users, and we’re pleased to use OpenZeppelin’s security service as an important part of our suite of security tools and strategies,” said Sebastien Borget, chief operating officer and co-founder of The Sandbox in a statement.

As a blockchain-based app, the metaverse has potential but also carries risks for both users and developers. Cyber threats such as phishing, identity protection and verification, and hardware security are all concerns that must be addressed to ensure the safety of participants. In recent times there have been numerous hacks and exploits targeting decentralized finance. Similar threats could easily apply to any applications built on a metaverse protocol.

OpenZeppelin elaborated on the difference between smart contract audits in decentralized finance versus a metaverse. The team said even though both the metaverse and DeFi may rely on smart contracts, there are many elements to the underlying code of a metaverse platform like Sandbox, which results in a much wider attack surface.

Such components relate to The Sandbox's ERC-20 token, the many non-fungible token contracts and NFT auctions feature.

“Yes, there is crossover in smart contract auditing across the web3 board, but a metaverse entails complications such as native assets and land tokens as well as offering a marketplace for users, the need to monitor native metaverse tokens, meta-transaction implementations and additional required dependencies," Stephen Lloyd Webber, developer advocate at OpenZeppelin, told The Block.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]


To contact the editors of this story:
Walden Siew at
[email protected]
Michael McSweeney at
[email protected]