All Systems Go! Qravity Smart Contracts Pass RIAT Audit
Ralph Pichler of RIAT — Institute for Future Cryptoeconomics audited smart contract implementation into the Qravity token sale. To view his report, visit QravityQCOGmbH/smartcontracts on GitHub.
In this article, we will go over the importance of smart contract audits, and why we wanted one done for Qravity.
A smart contract is a computerized transaction protocol containing code and agreements that exist across a distributed, decentralized blockchain network. In simple terms, it’s a digitized version of a real-life contract that allows parties to transact directly with each other, eliminating the need for intermediaries.
Impartial and immutable, a smart contract contains a set of conditions that all contractual parties must meet for it to come into effect. This makes for a secure, fault-proof way of executing monetary transactions and business operations. A smart contract is rendered invalid if any of the contractual parties do not meet its conditions.
Smart contracts for the Qravity token sale comply with the ERC-20 standard. This means Qravity QCO follow best practices for creating token contracts on the Ethereum blockchain. The ERC-20 standard provides a stable and trusted architecture for smart contract development that can be implemented in operations with native currencies that work with decentralized applications, the creation of voting systems, collateral deals, staking platforms, and financial systems. You can learn more about the technical specifications of the ERC-20 token standard in eminent investment advisor Jim McDonald’s insightful article Understanding ERC-20 token contracts. For specifics about the smart contracts developed for the Qravity token sale, read our white paper, which provides an extensive explanation of the technology.
Though their benefits are clear, smart contracts come with a catch: due to their immutability, they cannot be modified once their code has been deployed to a blockchain. Because people code smart contracts, and because people make mistakes, a smart contract audit is a vital step that must be taken before deployment. The dire consequences of not taking this step include security breaches, identity theft, and financial losses.
A smart contract audit is basically a quality assurance check-up that focuses on the vulnerabilities of smart contract technology. To ensure an impartial review, companies usually employ a third-party auditor that examines code thoroughly to make sure it has been implemented correctly.
For a detailed overview of the smart contract audit process, read blockchain expert Aran Davies’ article How to Audit a Smart Contract? — A Guide.
We had Ralph Pichler audit the smart contract code for the Qravity token sale because he is an experienced professional in the fields of cryptoeconomics and blockchain. At RIAT, he oversees everything related to Ethereum and Solidity, and is responsible for the Ethereum Academy.
Ralph audited all the components of the QCO token contract in the context of QCO only, not as standalone applications. He focused solely on scenarios that were most likely to occur, and did not include unlikely vulnerabilities.
Ralph audited the code manually multiple times, paying special attention to:
- Non-zero gas calls to untrusted tokens
- Unchecked overflow
- Contracts getting stuck because of checked overflow
- Unaccounted payments
- Boundaries of maximum gas consumption of FOR loops
- Ways for attackers to block code execution
In addition to inspecting Qravity smart contract code manually, Ralph passed it through several automated security tools, such as Securify, Mythril, and Oyente. Ralph and his team manually reviewed the issues these tools found, even though most of them turned out to be false positives.
If you have any questions regarding the smart contract technology implemented in the Qravity token sale, please don’t hesitate to contact us at office@qravity.com.
The Qravity token presale blasts off tomorrow! Don’t miss your chance to get 30% bonus QCO from August 18 to 31, 2018. Visit www.qravity.com to sign up.
