Virtual Land Migration – On December 10, 2019, The Sandbox’s LAND smart contract undergoes its first security audit by Certik. The audit lasts two weeks and sees the participation of three experts. The project does not encounter any major security concerns for a little over two years. However, a researcher will report a problem on Christmas day 2021. If the detected flaw has already been corrected, The Sandbox asks its users to migrate to a new contract. An operation that each owner of virtual land is encouraged to perform quickly.
A Christmas like no other on The Sandbox: from the flaw to the move
On December 25, 2021, security researcher Danel Hazlewood (@Alphasoups) reports to The Sandbox team, the presence of a vulnerability in the LAND smart contract. The same day, internal tests were performed and confirmed “the reproducibility of the problem”.
Developers then work on a patch from December 25 to 30, 2021. This patch was subsequently submitted to Certik’s security auditors to ensure that it did not introduce new vulnerabilities.
The Sandbox team subsequently decides “that the best course of action” was to deploy the patch while allowing metaverse users to “migrate all LAND tokens to the new smart contract at no cost.” The Sandbox is in fact covering all gas costs.
A non-mandatory move for Land holders: to each his own pace
On January 28, The Sandbox rolls out a new smart contract with the address 0x371f4c6fd305c6772Bc6224b795b0B46b6f8dB. On the same day, the project launched a migration interface allowing LAND token holders to migrate their tokens to the new smart contract.
The Sandbox indicates however, that it did not impose this migration to its users. They can do it “at their own pace when they are ready”. The migration process does not have a “time limit”.
The Sandbox apparently avoided the worst thanks to Danel Hazlewood’s report. The project was able to take the appropriate corrective action in time. Otherwise, could hackers have disturbed the peace of the inhabitants of the metaverse?