Introduction to Quantstamp, and why we desperately need it

Summary

What is Quantstamp?

Quantstamp is the first scalable security-audit protocol designed to find vulnerabilities in Ethereum smart contracts. This is a problem that has showed itself numerous times, like what happened with the infamous DAO incident, where millions of dollars worth of Ether was stolen by a clever hacker overnight. With Quаntѕtаmр, they are mаkіng thе fіrѕt аutоmаtеd security аudіtіng аnd bounty tool thаt еlіmіnаtеѕ thіѕ ѕесurіtу thrеаt. Quantstamp lеtѕ ѕmаrt contract соdе bе аudіtеd for security vulnerabilities and fоr effective bug bounties to bе ѕеt uр. Investors аnd ѕtаkеhоldеrѕ саn аѕk projects fоr ѕесurіtу audit trаnѕраrеnсу vіа Quаntѕtаmр’ѕ protocol, аnd crowdfunding participants саn have соnfіdеnсе that a рrоjесt mееtѕ hіgh-ѕесurіtу standards, beyond just lооkіng at сrеdеntіаlѕ and dосumеntаtіоn.

Quantstamp has already finished it’s first audit with Request Network, largely proving it’s credibility and what they offer.

What problems is Quantstamp solving?

One of the most appealing concepts in public blockchain technology is the concept of trustlessness; the idea that we are not putting our trust in people when we transfer value, we are trusting the quality of the protocol itself. Ethereum advanced blockchain technology by allowing people to upload and run code on a worldwide computer we know as the Ethereum Virtual Machine. However, there is an element of human trust we accept when interacting with these smart contracts on Ethereum. If bugs are unintentionally written into a contract, like what happened with the infamous DAO incident, millions of dollars worth of Ether could be stolen by a clever hacker overnight.

Cryptography will not save us from faulty smart contracts but the Quantstamp protocol solves this problem by auditing smart contracts while upholding the values of security through decentralization and trustlessness.

Quantstamp Makes Smart Contracts Smart Again

Quantstamp solves this problem by automating audits of smart contracts in a decentralized and trustless fashion. Quantstamp audits contracts on an off-chain network that works a lot like Proof-of-Work style mining. In order to audit a contract, nodes on the Quantstamp Network “mine” or audit contracts by making the audit part of the mathematical steps necessary to solve a block. Also, just like in PoW style mining, it is hard to solve a block but it is very easy for other nodes to verify that the block was solved correctly. Once a contract is audited, the author will receive a report describing any security vulnerabilities.

If you are concerned about who has control over the security library that Quantstamp draws from, don’t worry! This library is agreed upon by consensus of all nodes participating in the network.

Quantstamp also incentivizes skilled black and white hat hackers to manually review smart contracts through bounty rewards to find bugs that automation hasn’t detected. This bounty program follows the spirit of blockchain by providing financial incentives to potentially bad actors in order to get them to behave in a way that reinforces the strength of the network.

How will Quantstamp work?

Quantstamp is a specialized network that connects developers, investors and users around a transparent and scalable proof-of-audit.

The network acts as a critical piece of transparency by enabling automated checks on smart contract vulnerabilities and automatically rewarding verifiers who identify bugs.

Quantstamp tokens allow the platform to operate in a scalable and fully decentralized fashion, delivering computation fees to verifier nodes, and bounties for locating vulnerabilities.

  1. Contact owners pay QSP to have their contract audited.
  2. Quantstamp nodes are paid in QSP by contributing computer resources to run automated-upgradable software(made by Quantstamp) to test the security.
  3. After the automated check, Quantstamp will set up a bounty program for security experts (aka. bug finders) who will try to manually break the smart contracts. If vulnerability is found, he/she will be rewarded in QSP.

This sounds very similar to a normal security audit (partly because I’ve omitted some details for easy understanding). Well, you are right somehow. The team has integrated the regular security audit process into the blockchain. However, there are loads of additional benefits to be gained here.

Advantages

  1. Trustless (audit result is legit) — multiple nodes will run the same software which should give the same result. Hence, nobody can falsify the result or withhold important security vulnerabilities as the other nodes will help verifying each other.
  2. Cheaper — This protocol cuts all the middleman out of the business and therefore should cost you less. Also, if no security concern is found during the bounty program, contract creators do not have to pay. I had hired a big firm to perform a security audit on a web app before. The scope was limited and the cost was just really high, especially when you want to have a manual penetration test.
  3. Better chance of finding vulnerabilities — when you hire a firm or a team, there will be only a few people trying to break your codes. With this protocol, your project can be audited by the experts around the globe.
  4. Convenient — Quantstamp has put everything in one-nice package. You don’t need to manually find someone, who may or may not be trust-able, from Google to audit the code for you.
  5. Scalable — if successful, there will lots of nodes running which can handle millions of smart contract audits.

Concerns

  1. Audit expense depends on QSP price (which can fluctuate significantly).
  2. Bounty reward has to be big enough to attract the experts.

My personal opinion:-

Quаntѕtаmр is backed bу аwаrd-wіnnіng рrоfеѕѕоrѕ in ѕесurіtу аnd ѕоftwаrе vеrіfісаtіоn, Quаntѕtаmр aims tо сlоѕе the ѕmаrt соntrасt knоwlеdgе gар uѕіng аutоmаtіоn, AI, formal verification аnd ѕtаtіс аnаlуѕіѕ techniques tо improve the security оf thе whоlе есоѕуѕtеm. Quаntѕtаmр’ѕ team соnѕіѕtѕ оf еxреrtѕ in thе ѕесurіtу field frоm соmраnіеѕ rаngіng frоm Gооglе, Amazon, Tower Research, Experian аnd thе Cаnаdіаn cryptologic national аgеnсу. From an investors standpoint, I am very positive for short and long term investment.

Learn more about Quantstamp here: