Quantstamp Announcements
Oct 9 · 7 min read

Thank you for participating in the beta-testing phase of the Quantstamp Assurance Protocol.

The Assurance Protocol is a new protocol we’re developing at Quantstamp designed to help users protect themselves from smart contract attacks, and other users to be compensated for providing that protection.

The purpose of this phase is to collect feedback from the community in order to make improvements.

As beta-testers, we would like your help to:

  • Find bugs in the Assurance Protocol smart contracts and user interface, and
  • Improve the user experience

The beta-test will take place from : October 7th — Oct 21th

Pool owner (assurance seeker):

Example: Charlie’s business depends on smart contracts, which must be protected against attacks like: coin burning/minting, changes in ownership, theft of funds, etc. He uses the Quantstamp Assurance Protocol to create pools with policies that cover these situations.

Prerequisites:

  • Beginner skills in the development of smart contracts on the Ethereum platform
  • Beginner skills in deployment of smart contracts on Ropsten

Assurance provider (security expert):

Example: Alice is a security expert who carefully looks at all contracts before placing a stake. She is interested in receiving payments for her services, but does not want to go through the hassle of chasing customers.

Prerequisites:

The prerequisite for this role is familiarity with Ethereum smart contract security best practices.‍

Assurance provider (non-expert):

Example: Bob is not a security expert, but would like to put his funds to use. He trusts that the registry of security experts used by the Quantstamp Assurance Protocol contains the top experts in this field and he mimics what they do in order to minimize his risk when using the Assurance Protocol.

Prerequisites:

The only prerequisite is to know how to use MetaMask. No security or development skills are needed.

NOTE: Feel free to try any of the roles even if you don’t satisfy all of the prerequisites. You can use the same address for multiple roles.

Additional Details

If you need additional information on how the protocol works, please read these blog posts:

  1. Introducing the Quantstamp Security Assurance Protocol
  2. A Technical Intro to the Quantstamp Security Assurance Protocol

Test funds: SAFE is the ERC20 token used for this beta-test. All participants can obtain Ropsten SAFE for free from this faucet https://safe-faucet.quantstamp.com/.

Reporting requirements:

  • If you find a bug, if you would like to report an issue, or request a new feature, please do so by creating a ZenDesk ticket using the “Help” widget on assurance.quantstamp.com.
  • If you have questions during the beta-test, please ask them in this Reddit Thread.
  • At the end of the beta-test we kindly ask you to fill out this feedback form.

Report a bug, an issue or request a new feature using the help button. You can find the help button on the bottom-left corner of assurance.quantstamp.com.‍

Set Up Steps

  1. Log into MetaMask and switch to the Ropsten network.
  2. (Only needed once) Add the SAFE token to MetaMask by clicking “ADD TOKEN” > Custom Token > copy the address of the SAFE token 0x8333E6AA49DeD6EAcaa00a9C24ead6b673934f65 and click “NEXT” > click “Add Token” and you are done.
  3. If you do not have Ropsten ETH, get free Ropsten ETH here at this faucet. Ropsten ETH will be used to pay for gas.
  4. You also need SAFE tokens to test our protocol. Get SAFE tokens here at this faucet.
  5. Navigate to the Assurance Protocol interface using your favorite browser.
  6. Preauthorize the Assurance contract to transfer SAFE from your wallet/account by entering an amount of SAFE and clicking the “Preauthorize” button.
In order to add the SAFE token, switch to the Ropsten Network, click on the fox icon, and then click add token.

Testing Instructions

Now you are ready to participate in our test. Your testing instructions are below and will vary based on the role you choose.

Pool owners (FAQ):

Simple pool creation:

  1. Deploy a candidate contract that you want to protect onto the Ropsten test network. Store the newly created contract address in a safe location. You will need it later.
  2. Navigate to assurance.quantstamp.com
  3. When you finish the “Getting Started” tutorial, preauthorize your SAFE tokens.
  4. Click “Create New Pool” button and submit the following information:
  5. Address of smart contract to cover section: add the smart contract you created on Ropsten.
  6. Cover amount section: enter the amount of SAFE Tokens that you, as the pool owner, will receive if the default policy is violated.
  7. Time section: enter the length of time, measured in blocks, you want your assurance pool to be covered under the default policy.
  8. Quote: the price you pay to cover the cost of the default policy until it expires.

Default policies and simple pools

When you create a simple pool, your coverage will be governed by the default policy. Under the default policy, security experts will vote to decide when a policy violation occurs. At the moment, 4 Quantstamp engineers are listed as security experts; however, we plan to extend this list and eventually switch to a TCR.‍

‍Advanced pool creation

Follow steps 1–3 in the Simple Pool Creation section. For advanced pool creation, you will also need to select and deploy a policy contract:

Deploying a policy contract:

  1. Before selecting a policy contract, think about what you would like to protect in your candidate contract. For example, is your goal to defend against contract ownership changes?
  2. Sample policy contracts are available in the bottom left of this page. Pick one that you want to use to protect your contract.
  3. Copy its code into Remix and make edits. These examples serve as a reference and will not work directly.
  4. Deploy the policy contract and store its address in a safe location: you will need it when creating a pool. Policies are contract specific and need to be tailored and deployed for a particular candidate contract. Alternatively, if you feel comfortable with writing and deploying your own policy contract, we encourage you to do that.
  5. Submit enough SAFE tokens in the initial deposit section to cover all payments to assurance providers.
  6. Submit information for all fields and create your pool.

Manage your pool:

  1. If the pool expires after the amount of time you specified, you can withdraw your deposit.
  2. If your pool is violated, you can withdraw a claim and get all the funds in the pool.
  3. If the deposit in your pool becomes too low, then it will not be able to offer payouts and the pool will become inactive/cancelled. Therefore, you can deposit additional funds in order to be sure that payouts can be awarded to the assurance providers.

Assurance providers — Security Experts (FAQ):

  1. Search for an attractive pool to stake in based on the pool details. Look at the audit report (if available), candidate contract, and protection policy. Make sure that the contract is secure with respect to the associated policy contract. NOTE: If there is no Solidity source code available you can decompile a contract using this tool.
  2. Stake funds in pools that you deem secure.
  3. After the pool(s) you stake in are active and at least one pay period has passed, withdraw interest (payouts) from those pools.
  4. Withdraw your stakes if the pool expires or is cancelled.

Assurance providers — Non-experts (FAQ):

  1. Look at existing pools and make an informed decision concerning which pool you choose to stake in. For example, look at how many experts and non-experts have staked in which pools.
  2. Stake funds in the pools you believe are secure.
  3. After the pool(s) you stake in are active and at least one pay period has passed, withdraw your interest (payouts) from those pools.

How to Provide Feedback and Ask Further Questions

  1. If you find a bug, if you would like to report an issue or request a new feature, please do so by creating a ZenDesk ticket using the “Help” widget at assurance.quantstamp.com.
  2. If you have questions during the beta-test, please ask them in this Reddit Thread.
  3. At the end of the beta-test we kindly ask you to fill out this feedback form.

IMPORTANT NOTICE

The Quantstamp Assurance Protocol, the beta-testing construct, concepts, smart contract(s), documentation, and implementation are under continuing development in a test environment and made available through multiple platforms operated independently. Features, functionality, schedules, and details may not yet work as envisioned and are subject to change or cancellation at any time. Results, payouts, withdrawals, and transmissions are not guaranteed and you may risk loss of QSP, Ether, Ropsten QSP, Ropsten Ether, and/or other amounts. You are responsible for pooled amounts, policy terms, contracts, and submissions.


Originally published at https://quantstamp.com.

quantstamp

The protocol for securing smart contracts

Quantstamp Announcements

Written by

The Standard in Blockchain Security. Visit Quantstamp.com for more.

quantstamp

The protocol for securing smart contracts

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade