Security
OpenZeppelin
The protocol is built over the library OpenZeppelin which provides security products to build, automate, and operate decentralized applications. OpenZeppelin are highly considered in the community and leverage standard, tested, and community-reviewed contracts, covers a lot of uses cases and reduce the attack surface by reusing audited code.
Code source & Tests
The code source of the protocol is opensource and hosted on Github. The protocol is tested through unit testing based on the Mocha library and Hardhat. On top of OpenZeppelin's security, the final contracts are tested through our own unit tests over GitHub Actions to ensure the contracts functionalities and security.
The contracts are also analyzed with Slither. Slither enables developers to find vulnerabilities, enhance their code comprehension, and quickly prototype custom analyses.
Meta-transactions
The protocol implements meta-transactions to potentially grant the users a better experience with gas less transactions (and more features). But that also means the protocol gives full trust over the relayer. For this reason, the Metas Token is implementing the standard to give us the option to use meta-transactions in the future but dosn't use any relayer yet.
Wallets policy
Meta Studio uses 2 wallets to manage the contracts:
a deployer wallet managed by the development team to deploy the contracts
a multi-signatures wallet created on Gnosis Safe owned by the 3 owners of Meta Studio with a threshold of 2, is the administrator of the contracts. The 3 owners use a Ledger Nano S as personal wallet to manage the safe
In the long run, the contracts administration will be delegated to the community through a DAO. The safe will keep the power of pausing contracts in case of an emergency
Audit
Besides OpenZeppelin audits, Meta Studio contracts are audited by Quantstamp. Quantstamp is the leader in blockchain security, having performed over 250 audits and secured over $200 billion in value.
Bug bounty program
Building a secured metaverse will also need the support of the community through a bug bounty program once the protocol is complete. Stay tuned!
Last updated