What is Quantstamp?
Quantstamp is a security-auditing protocol for smart contracts. As a dapps platform, Ethereum has proven its security time and again. However, dapps and smart contracts on top of Ethereum may still have bugs in which malicious players can cause havoc on the network. The two most notable examples of these being the $55 million DAO hack and the $30 million Parity wallet bug. These issues not only affect the people who’ve had their funds stolen, but they also diminish the credibility of the entire ecosystem.
Writing smart contracts is already a tough job. Like any other computer programming, writing them without any bugs is near impossible. To add fuel to the fire, the rate at which smart contracts are being written (estimated 10 million by the end of the year) is outpacing the resources needed to audit them. Even with robust security auditing, a small bug could slip through the cracks causing catastrophe down the road.
Here’s where Quantstamp comes into play. The protocol includes a cost-effective, scalable system to easily audit your Ethereum-based smart contracts. In this Quantstamp protocol guide, we’ll talk about:
- How does Quantstamp work?
- Quantstamp team & progress
- Where to buy QSP
- Where to store QSP
- Additional Quantstamp resources
How does Quantstamp work?
Although the team is focusing on Ethereum now, they’re building the Quantstamp protocol in a way that’s platform agnostic. This means that it can eventually be used on other smart contract platforms like Lisk and NEO. The Quantstamp protocol has a two-pronged approach to security auditing:
- Automated software verification system
- Automated bounty payout system
Quantstamp’s Validation Node applies audit techniques from formal methods submitted by Contributors. These techniques include security checks such as concolic tests, static analysis, and symbolic execution as well as automated reasoning tools like SAT and SMT. As a reward for submitting verification software, contributors (who are primarily security experts), receive Quantstamp Protocol (QSP) tokens.
To ensure no bad actors are submitting malicious validation software, Contributors must be voted in according to the governance mechanism (more on this later).
Running the Validation Node takes a significant amount of computing power. Because of this, Validators also receive QSP payment for providing computing power to the network. To ensure that Validators don’t act maliciously, they must stake their QSP tokens to earn their reward.
As a developer, you want to deploy a smart contract on Ethereum. Considering you don’t want to go down in history as the guy who lost millions of people’s money, you have your contract audited. To do so, you send your smart contract, with the source code in the data field, directly from your wallet to Quantstamp including QSP tokens with the transaction. On the next Ethereum block, Validators perform security checks. After they reach consensus, they append the proof-of-audit and report data to the next block.
You can choose whether your security report is made public or private.
When you submit your smart contract for auditing, you also include a set of QSP tokens for bounty rewards and a deadline for when Bug Finders can submit issues. The bounty deadline reward size is up to you. If the deadline passes with no found bugs, the QSP bounty reward is returned to you.
Quantstamp doesn’t guarantee flawless code after this process, but they do assure users that the automated testing and crowdsourced bug-hunting greatly reduce issues.
QSP token holders control protocol, validation smart contracts, and Validation Node upgrades. The governance model uses a time-locked multisig in which any token holder can propose a change. The more votes a change has, the quicker it occurs. Changes approved by all members occur within an hour. This time doubles with each 5% of members that don’t vote and quadruples for each 5% that vote against it.
Quantstamp uses an in-house created Proof-of-Caring system to reward community members and loyal QSP token holders. Once you submit your proof, you’ll receive an airdrop from an ICO that Quantstamp has audited. This proof consists of holding your tokens in a wallet (not an exchange) for a certain amount of time, contributing to social media outreach, and/or any other community activities. You can find more information about the program here.
Quantstamp team & progress
The Quantstamp team consists of 22 members and advisors with over 500 Google Scholar citations. Steven Stuart (CTO) and Richard Ma (CEO) founded the team in June of 2017. Stuart worked 5 years in Canada’s cryptologic agency in the Department of National Defense and previously founded Many Trees, a start-up that uses GPUs for Big Data analytics and machine learning. Ma built production-grade integration and validation testing software at the Bitcoin HFT Fund. During his time there, his trading systems had no notable issues and handled millions of dollars in investment capital.
Since their beginning, the Quantstamp team has performed four semi-automatic audits – one of them being on Request Network, a strategic partner. The team has also partnered with the University of Waterloo and has support from Y Combinator, the number one start-up accelerator in the world.
Quantstamp is a first-mover when it comes to automating smart contract auditing. The Bounty0x project is offering a bounty platform similar to Quantstamp’s bounty rewards but doesn’t have a software verification service. The closest competitors to Quantstamp are the security auditing firms already in the market like ConsenSys Diligence. Because the Quantstamp protocol is automated, it should scale better than its manual competitors.
Quantstamp held a successful ICO in November 2017 in which the team raised a little over $30 million dollars. They distributed 650 million (65%) QSP out of the 1 billion total supply to ICO participants at a price of $0.072 per token.
After the usual post-ICO volatility, the QSP price stabilized at around $0.10 (~0.000005 BTC) through the end of November. The price followed the trend of the altcoin market and rose rapidly to an all-time high of $0.82 (~0.000051 BTC) before slowly falling to its current price of ~$0.286. The QSP price weathered the beginning of the year market downfall better than most other altcoins.
As the Quantstamp auditing service becomes more widely available, more projects will use them and bring value to the QSP token which, in turn, should drive the price upward.
Where to buy QSP
You can find QSP traded against Bitcoin and Ethereum with the most volume on either Binance or Huobi.
Where to store QSP
QSP is an ERC20 token which means you can store it in any wallet with ERC20 support. MyEtherWallet is a community fan favorite when it comes to online wallets.
For more security, albeit at a higher price, the Ledger Nano S is a great hardware wallet for you to use.
Quantstamp is making smart contracts more secure through automated software testing and a system of bug bounties. Although starting with Ethereum, the team is building the protocol to be available on any DApp platform in the long run.
In an industry where security is a primary concern and bugs have caused the theft of millions of dollars, Quantstamp should help to legitimize blockchain projects and ensure that large-scale smart contract hacks are a thing of the past.
Additional Quantstamp resources
CoinCentral's owners, writers, and/or guest post authors may or may not have a vested interest in any of the above projects and businesses. None of the content on CoinCentral is investment advice nor is it a replacement for advice from a certified financial planner.