Quantstamp Protocol Progress
This month, we continued to move towards our next iteration of the Quantstamp Protocol. Besides making progress on our assurance protocol research (mentioned last month), we are also removing the whitelisting of nodes and are researching a bug bounty protocol.
Removing Whitelisting of Nodes
In the present version of the Quantstamp Protocol, auditing nodes are whitelisted by Quantstamp — only enrolled actors can participate. While the nodes are currently run by different organizations and individuals around the world, we still aim to enhance decentralization in upcoming iterations.
The next iteration of the protocol will remove this whitelisting process. In its place, we plan to add review nodes that check scan reports before reports are published. This mechanism is meant to prevent a bad actor (node) from publishing a false report.
Exploring a Bug Bounty System
Apart from our assurance protocol research, we are also experimenting with a bug bounty system. This system aims to provide bounties to bug finders in case they find vulnerabilities published in smart contracts.
The initial design of the bounty system includes bounty providers, bug hunters, and judges. The bounty providers are stakeholders in the smart contract’s security, such as the smart contract’s owner. They provide a bug bounty which incentivizes bug hunters to try to find vulnerabilities in the smart contract. These bug hunters will submit bug reports. Security experts, identified by a Token-Curated Registry (TCR), will examine the bug reports and determine whether a vulnerability found is a true vulnerability or false positive. Bug hunters who find true vulnerabilities will be rewarded.
Our research efforts into an assurance protocol and a bounty system are excellent complements to the automated security scans provided by the Quantstamp Protocol. Our ultimate goal is to provide protection throughout the life cycle of a smart contract which includes after a smart contract is deployed.
Coral Protocol Audit
This month our security team performed a manual audit of Coral Protocol. Coral Protocol provides data and analytics on blockchain addresses to increase compliance and combat fraud. It analyzes wallets and assigns a trust score, which is kept up to date through blockchain monitoring.
Coral shares our mission of keeping the blockchain safe, which we think is a fundamental pillar of the mainstream adoption of smart contracts.
Fighting Corruption in Colombia
This month our VP of Strategy Olga V. Mack headed off to Colombia where she worked with the World Economic Forum to develop a blockchain solution that addresses corruption in government procurement processes.
Our latest quarterly roadmap update went live earlier this month. It includes exciting news about our planned testing of our Assurance Protocol, Quantstamp Protocol updates, partnerships and our plans to explore using Token-Curated Registries. Check it out here.
Smart Contract Security Alliance
December was another great month for the Smart Contract Security Alliance. We were excited to have Blockgeeks join our efforts to improve blockchain security and drive the healthy growth and adoption of blockchain applications. Blockgeeks provides industry-leading blockchain education and is based out of Canada. The alliance is truly a global presence now, with other members including Modular in the US, NUS in Singapore, as well as LayerX and NRI Secure in Japan.
Security companies interested in advancing blockchain technology standards are encouraged to join the Smart Contract Security Alliance and have a voice in the future of blockchain security. Learn more at SmartContractSecurityAlliance.com or talk to us directly at firstname.lastname@example.org.
We continue to be active in blockchain events and conferences both regionally and internationally. Here are some of the more notable events we attended in December:
We had a strong presence at ETHSingapore, where we gave several talks on the Quantstamp Protocol and also helped sponsored a hackathon. David Mihal won our hackathon with his GUI for the Quantstamp Betanet. Check it out here.
We participated in BUIDL Seoul 2018, a large-scale technical conference in Korea where our head of APAC Kei Oda spoke on a panel about “Preserving Security and Privacy”.
Real World Applications of Blockchain Panel
Our Head of Business Development Don Ho spoke on a panel at Deloitte with Neil Gerber from IBM and Robert Drost from Consensys on the real world applications of blockchain technology. Held in San Francisco, the event was organized by The Blockchain Society.
Quantstamp in Taiwan
This month members of the Quantstamp team visited Taiwan. We spoke at an event hosted by the Taipei Ethereum Meetup, a developer-focused organization, as well as at National Taiwan University — the top university in Taiwan.
We also spoke on a panel about the “Cybersecurity landscape in 2018”, at an event organized by Polyswarm.
Holiday Hours at Quantstamp
The Quantstamp team will be out of office until January 3, 2019. From all of us at Quantstamp, Merry Christmas and Happy Holidays!
Ready for 2019
As we head into the new year and reflect back on 2018, we want to thank our incredible community for their continued support. From Y-Combinator demo day to releasing our betanet protocol on the Ethereum mainnet, co-founding the Smart Contract Security Standards Alliance and writing a book, it’s been an incredible year.
As we move forward in our mission to achieve mainstream adoption of smart contracts, we’re incredibly grateful for friends, partners and collaborators and look forward to what’s coming up in the year ahead.
Interested in working for us?
We are hiring for a variety of positions globally. Check out our careers page.
Still want more?
Don’t miss out on the latest from Quantstamp. Subscribe to our newsletter, follow us on Twitter, or join our Telegram. Our weekly Friday AMA is on hiatus during the holidays and will resume mid-January.
Note: This update includes information and forward-looking statements about upcoming events and concepts under continuing development. Schedules, features, and functionality are subject to change or cancellation at any time and you are not to place undue reliance on this information or any forward-looking statements.