Quantstamp: Securing Smart Contracts for Mass Adoption
More and more people are both using and coming up with creative ways to implement smart contracts. Many projects are developing real-world use cases for this technology and are awaiting large enterprise businesses to get involved. The upcoming SIBOS convention this week has multiple presentations on blockchain, hyperledger technology, and business oracles. So why are they talking about it, but not using it? Why have large business sectors such as the financial industry, not implemented a system that uses immutable trust, and is easily verifiable? The answer is, they simply do not feel it is secure enough yet for large transactions.
You really cannot blame them. We have had multiple hacks involving both the DAO and the Parity wallet. If a hacker can get away with stealing millions, what would financial institutions think that are moving billions? The risk of using smart contracts versus the rewards have kept them away. However, that balance may be shifting.
Quantstamp is tackling this problem of security using a multi-layered approach. The first layer involves removing some of the human element. Solidity, the code used to write smart contracts on the Ethereum blockchain is still relatively new, and there are only so many skilled coders out there. Go to the largest projects in the crypto space, nearly all of them are looking for coders experienced in Solidity. This lack of skilled labor leads to smart contracts being written in haste (many contracts to write and a lot of deadlines) or the hiring of people who are not as experienced as they should be. How do we know they have written a good smart contract? You bring in an expert (not everyone does this) to verify it is written correctly and is secure. We are all human and we all make mistakes. Unfortunately, these mistakes can cost millions.
The answer is removing some of the human element of verification. Quantstamp employs an upgradable software verification system that can detect these flaws before they happen and identify attacks while they are happening. By using a series of nodes across the network, the large computing power necessary is shared, adding both decentralization and redundancy. If a node goes down, the network keeps working, ensuring the smart contract is protected.
In addition, it creates a system where bad actors and hackers will be rewarded for reporting flaws. In most cases, your smart contract is shared and open for all to see. Naturally, some people (White Hats) will report known backdoors and flaws but some (Black Hats) will look to exploit a smart contract’s weakness. The reality is there have been few incentives for anyone to report a flaw. Quantstamp addresses this issue by providing incentives for individuals who catch flaws and exploits. A potential bad actor now has a reason (QSP Tokens) to do the right thing. The plan is to have the system fully automated in the future, but until then Quantstamp will combine both human and computer resources to enhance security.
Finally, a security system must be flexible. The Ethereum protocol has and will continue to change. How this might affect smart contracts is unknown, so flexibility is a must. Token holders can vote on what governance system is used to verify a smart contract’s security and can adapt with changing technology. The community will decide what is important and reduce the founders’ influence in the network as time goes on. Quantstamp has the unique ability to adapt and expand, as the uses for smart contracts increases.
Hackers will continue to push and test the limits of security for smart contracts. Right now we have a security system reliant on the quality of the smart contract’s coding, and good Samaritans reporting flaws. The security is falling behind the technology. Many painful lessons have been learned but the process of securing smart contracts has not evolved. Quatstamp looks to add that additional layer of security to ensure that smart contract adoption continues to grow at an exponential rate.
Telegram Invite: https://t.me/joinchat/FxIqAguKiGRujsxHpb_j0A