The Quantstamp Potential
A bit about my background to give some context to why I believe in Quantstamp. I am a Software Engineer currently working at Splunk Inc, the leading big data company, often referred to as the “google for machine data”. Previous to Splunk I was focused mainly on Software Test Engineering at many different companies (Amazon, Aspen Avionics, Sumerge). I want to disclose that the below is just my opinion based on my experience and I have no affiliation with Quantstamp, I have not received any monetary or financial incentive to write this. This is also just my view personally and I do not represent Splunk with this viewpoint.
Quantstamp is the first security-audit protocol built on top of Ethereum, designed to find vulnerabilities in smart contracts prior to blockchain deployment (https://quantstamp.com/). As a Software Engineer who has worked with companies that deal with enterprise security (Splunk) and strict auditing(Aspen Avionics), I know the value that Quantstamp will bring to the space. If not done correctly thorough testing and auditing can take up to 70% of a developers time and cost a lot of money. The longer you wait to fix a problem, the more expensive and troublesome it will be to fix. Quantstamp has the potential to not only minimize the risks for developers but also save them huge amounts of time and money. What I gathered from the whitepaper is Quantstamp will be a step between when the developer has created a smart contract to when he integrates to the blockchain. If Quantstamp is able to establish themselves as “THE” smart contract auditors which as I explained is a very desirable technological space, they will be an essential part of every smart contract moving forward. Both the developers and users of the smart contracts will benefit greatly and feel more secure with the “stamp of approval”.
Auditing software is not an easy task as it usually requires expertise from multiple areas and a combination of automated and manual verifications. For the auditing platform to be successful it needs to be scalable and abstract enough to work for the majority of contracts. Quantstamp looks to be targeting this precisely and rewarding the users who identify issues with the contract. After giving some thought to Quantstamp’s idea and the rewarding system it got me thinking about both the potential of Quantstamp as it is but also the potential for expansion.
Idea 1(Giving back to the community): As far as I know there are not many good testing frameworks and code coverage reporting tools for developers to throughly test their smart contract code. A lot of time in order to meet deadlines developers tend to take shortcuts when it comes to testing to allow for more feature development. If Quantstamp chooses to extend their services to also provide frameworks and tools for developers to use, it would not only improve the quality of code that is coming in to be audited but it would also help save time and money for all involved parties. Developer — finds issues quicker saving himself time and money, Quantstamp — gets cleaner code delivered on the first go requiring less manual involvement, Users — Faster and safer deliverables.
Idea 2 (Rewarding Developers): If Quantstamp makes it an incentive for developers to submit the tests with their smart contract they can somehow pay less in token fees the more thorough their coverage is from the tests they submitted. Which would result in cleaner code coming into the system in general.
Idea 3 (Code Coverage Reporting/Traceability): In an ideal world the code that is written would be 100% tested. Although all vulnerabilities might not necessarily be caught by initial tests, at the very least these tests make sure as many parts of the code are being executed directly as part of the testing. If Quantstamp can develop this type of data in their reports it can bring great value to the teams developing the smart contract but also gives Quanstamp an additional criteria to make the auditing measurable. Examples of such reporting would look as follows:
Idea 4 (Using Data Analytics for reporting): Im a software engineer not in sales or anything but do know how valuable a tool for data analysis really is. Especially for auditing the company I currently work for, Splunk, offers a great product for analyzing logs. Which can detect trends, generate reports etc. As a future idea Quantstamp can look to partner or even utilize some of these tools to create dashboards where the users can automatically see the progress they have made with each code commit. The changes would automatically reflect in the dashboard after Quantstamp’s automation has completed.
Conclusion: Quantstamp has put itself in a position to be one of the most influential projects in the smart contract space. The opportunities to grow the project are endless and as long as the team continues to evolve with the technological needs of the space their stamp of approval will always be a requirement. If you have not checked out their project I definitely recommend that you do and decide for yourself the value of their work. I cant wait to see this project grow in the coming years.