Open in app

Sign in

Write

Sign in

Quantstamp (QSP)— Project Analysis

GeoLinkCrypto
CryptoDigest
Published in
6 min readJun 8, 2018

Project Summary

“Quantstamp Inc. is developing a protocol that audits smart contracts using formal verification in order to find bugs before contracts are published to the blockchain.”

Project Overview

Quantstamp is a security verification protocol for smart contracts. The project was inspired by the DAO hack which allowed the hacker to steal $55 million. Quantstamp aims to improve the security of smart contracts on the Ethereum platform.

Quantstamp has created a way to standardise the security of solidity smart contracts. It has done this through the Quantstamp protocol which will include: automation, trust, governance, and ability to compute hard problems over a distributed network. Currently Quantstamp will audit solidity smart contracts but plans to expand to audit any types of smart contracts.

Quantstamp can audit a smart contract in 24 hours for a cost of around $5. This is in contrast to a manual audit which can take up to weeks and can cost anywhere between $5000 — $100,000.

How Does Quantstamp Work?

When a developer wants a smart contract verified they will submit the code for audit via the Quantstamp Ethereum smart contract with the source code in the data field. The developer decides how much bounty to send to the network to get the contract audited.

The smart contract has a set of security checks performed on it and consensus is reached via the Proof of Audit protocol. A report is then generated which will classify the smart contract issues based on a severity from 1–10. 1 is a minor vulnerability and 10 being a critical vulnerability. Upon consensus, the report data and token payout are added to the next block in the Ethereum blockchain.

There are 6 main players in the Quantstamp protocol that ensure the systems works. This is shown below (taken from the white paper):

  • Contributors will be security experts. Contributions are voted in via the governance mechanism.
  • Validators receive QSP tokens for running the Quantstamp validation node, a specialized node in the Ethereum network.
  • Verifiers only need to contribute computing resources and do not need security expertise. Bug Finders receive QSP tokens as a bounty for submitting bugs, which break smart contracts.
  • Contract Creators pay QSP tokens to get their smart contracts verified. As the number of smart contracts grows exponentially, we expect demand from Contract Creators to grow commensurately.
  • Contract Users will have access to results of the smart contract security audits.
  • Voters: The governance system is a core feature of the protocol. The validation smart contract is designed to be modular and upgradeable based on token-holder voting (time-locked, multi-sig). This governance mechanism reduces the chance of upgrade forks and decentralizes inuence of the founding team over time.

In the Quantstamp solution the contract validators must stake tokens as collateral. Since this uses a crowdsourced model, many people will be reviewing the code. If a dishonest verifier ignores a bug, someone else has the possibility to find it. In addition, if a verifier is found to be dishonest, they’ll lose all their staked tokens. This provides an economic incentive for verifier to act honestly. For the nodes to reach consensus in the Quantstamp protocol all the nodes must be 75% in agreement. As this is a large percentage and is a solid way to prevent collusion.

From the results, Quantstamp will build up its security library. The security library contains the code that performs the automated checks to smart contracts. By aggregating the power of developers with a bounty, the project can surpass the coverage of a standard code review and build up a very comprehensive security library.

Quantstamp Token

QSP tokens are used for 2 main purposes:

  1. Pay for an audit
  2. Reward verifiers who identify bugs

One of the exciting features of the QSP token is that they will airdrop coins they audit to QSP holders. 1–3% of each new coin’s total supply will be reserved for this purpose. So by holding the QSP token you can potentially receive an airdrop for every new coin they help launch.

However there are some conditions that have to be met before receiving the airdrop tokens:

  • QSP needs to be stored in an wallet like MEW and cannot be stored on an exchange.
  • Registration with the Quantstamp community. But cannot be located in the USA, Canada or China
  • Quantstamp requires Proof of Caring (PoC). This means providing some level of support to the project. For example, translating website copy, contributing code on github, making social media posts to raise awareness about Quantstamp etc.

Quantstamp does not have a set schedule on how frequently they will airdrop new coins, but so far it has been once every 2 months.

Team

The Quantstamp team is very substantial with a lot of experience across many different fields. We will focus in the two founders.

Core Team

Richard Ma — CEO (Co Founder)

  • Former software engineer at Tower Research

Steven Stewart — CTO (Co Founder)

  • Former Software Engineer at Many Trees Inc
  • Computer Systems Analyst at the Department of National Defense (Canada)
  • Software Developer at Magnetic Forensics

Advisers

Some notable advisers of Quantstamp include:

  • Evan Cheng (Facebook) — Director of Engineering
  • Min Kim (Civic) — Chief of Staff

Locations

The Quantstamp team is based across 4 regional offices in:

  • San Francisco
  • Toronto
  • New York
  • Tokyo

Strengths/Weaknesses Analysis

Strengths

  • Quantstamp has already carried out successful audits, in particular for: Request Network, Binance and OmiseGo. This shows that the concept works and has a proven use case.
  • The Quantstamp security library really stands out as something that can give the project a cutting edge.
  • Developers will constantly add to this library, which in turn will increase the efficiency of the audits. The more efficient the audits, the more confident projects will be in using the service.
  • The longer Quantstamp has no competitors the larger the security library will grow. This in turn will attract more audits and more developers to use the project.
  • The fact that Quantstamp can reduce the price and time of an audit so drastically has the potential to increase cryptocurrency project adoption. A “Quantstamp seal of approval” in the future, could give projects a standard that everyone can trust.
  • Quantstamp has first mover advantage. If it can build on this by forming partnerships, becoming blockchain agnostic and building a large security library, then we could see the value of the project skyrocket.
  • Quantstamp has been working with Y Combinator (a Silicon Valley startup incubator) since 2017.

Weaknesses

  • The project is still in its early phase and the mainnet isnt scheduled for release until August 2018. As we have seen with other projects, transition to mainnet will usually have some unforeseen obstacles.
  • As the number of smart contracts grow, the number of competitors will grow. Although Quantstamp has first mover advantage, it cannot rely on this to stay ahead of the game.
  • If Quantstamp make a mistake in an audit which leads to a critical failure of a smart contract. This could affect its reputation to an extent that it would no longer be trusted.

Conclusion

The amount of smart contracts based on blockchain technology has the potential to outnumber the amount of websites on the internet. With that in mind they will definitely need standards and security to ensure integrity and trust. If Quantstamp are successful in their business aims, they have the potential to be the “seal of approval” on smart contracts. This will show which smart contracts are secure and trustworthy. With this in mind, the project has great potential to capture a huge market share.

The project itself has a solid concept, aim and structure. They have a great asset, in terms of the security library, which competitors will have a hard time replicating/building. Further to this, Quantstamp has already been recognised by Y Combinator as having great potential.

It is still early days in terms of the project and smart contracts. The launch of the mainnet is still on the horizon, and there could be unforeseen circumstances that could stall the project along the way. However, we have seen Quantstamp successfully in action and it has already audited over 400 smart contracts.

Overall the project looks very strong and has excellent potential. Currently Quantstamp is under the radar in terms of cryptocurrency investments, so now could be a good time to buy into the project.

Disclaimer: This is not financial advice, please do your own research before investing into anything.

Ethereum
Quantstamp
Bitcoin
Platform
Blockchain

--

--

GeoLinkCrypto
CryptoDigest

Written by GeoLinkCrypto

27 Followers
Writer for

Specialist in cryptocurrency analysis and macro market trends in the crypto sphere.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams