Quantstamp : When Hacking is Not a Crime
I’ve followed tech news regularly and I have come to my own conclusion that there are at least four industries which will likely become prosperous in the near future;
- Robot & Automation
- Genetic/DNA Sequencing
- Blockchain Technology
- Cyber Security
I have been investing a lot in cryptocurrencies lately and found a promising project which falls into two of the industries, blockchain and cyber security. The project is called Quantstamp. In my opinion, it will be among the best ICOs in 2017.
Btw, I’m not a financial adviser…
So, what is Quantstamp?
Quantstamp is a protocol used to audit the security of Ethereum smart contracts. …Why do we have to audit them? Smart contracts, if not written well (arguably), are prone to security vulnerabilities. When someone finds such holes, they may be able to steal the funds in the smart contract. This happens from time to time and many (if not all) are preventable. These incidents had costed people lots of money (and reputation).
“Training errors are recorded on paper. Tactical errors are etched in stone.”
— Erwin Rommel
If you are a person who regularly follows blockchain technology just like me, you would know that security is one of the biggest issues in the industry. As Ethereum/blockchain grows, there will be more and more demand for security audits.
How it works?
QSP = QuantStamp Protocol Tokens
- Contract owners pay QSP to have their contract audited.
- Quantstamp nodes are paid in QSP by contributing computer resources to run automated-upgradable software(made by Quantstamp) to test the security.
- After the automated check, Quantstamp will set up a bounty program for security experts (aka. bug finders) who will try to manually break the smart contract. If a vulnerability is found, he/she will be rewarded in QSP.
You may think this sounds very similar to a normal security audit (partly because I’ve omitted some details for easy understanding). Well, you are right somehow. The team has integrated the regular security audit process into the blockchain. However, there are loads of additional benefits to be gained here.
- Trustless (legit audit result) — multiple nodes will run the same software which should give the same result. Hence, nobody can falsify the result or withhold important security vulnerabilities as the other nodes will help verifying each other.
- Cheaper — This protocol cuts all the middleman out of the business and therefore should cost you less. Also, if no security concern is found during the bounty program, contract creators do not have to pay. I had hired a firm to perform a security audit on a web app before. The scope was limited and the cost was just really high, especially when you want to have a manual penetration test.
- Better (chance of finding vulnerabilities) — when you hire a firm or a team, there will be only a few people trying to break your codes. With this protocol, your project can be audited by the experts around the globe.
- Convenient — Quantstamp has put everything in one-nice package. You don’t need to manually find someone, who may or may not be trust-able, from Google to audit the code for you.
- Scalable— if successful, there will be lots of nodes running which can handle millions of smart contract audits.
- Audit expense depends on QSP price (which can fluctuate significantly).
- Bounty reward has to be big enough to attract the experts.
- There are some big-name competitors in the field who can emulate/improve the protocol.
Quаntѕtаmр’ѕ team and advisers are еxреrtѕ in the field. Some of them are from big firms like Amazon, Samsung, Barclays, Canadian Armed Forces (National Defence), Tower Research, Apple, and Facebook. Long story short, they should have no trouble pulling it off.
Are you in?
The idea is great. If successful, Quantstamp will convert hackers around the world to white-hat hackers. Their team members and advisers are all solid. Most importantly, you are pretty early! Quantstamp’s ICO hasn’t started yet and their cap ($30m USD) is quite generous in my opinion.
1 ETH = 5,000 QSP
Feel free to correct me in certain area, leave a comment, and if you find this article useful, please give me some 👏 !