The blockchain industry entered a new phase with the introduction of dapp platforms. Initially, cryptocurrencies were thought to be just another form of money until the idea of decentralized applications (dapps) arose.
Today, Ethereum is the leader in this sphere, with over 1,500 dapps on its platform. However, this new trend of dapps has not been without its risks. The dapps are based on smart contracts, and vulnerabilities in smart contracts have been costly, dating back to the DAO hack.
The rate at which smart contracts are being developed is much faster than the rate of necessary security measures and audits. It is almost impossible to build a smart contract without bugs, hence the need for a thorough audit of smart contracts to keep funds safe. This is where Quantstamp comes in.
What is Quantstamp?
The bug bounty function of Quantstamp is similar to that of Bounty0x, but the difference is that Quantstamp has a software verification service. This puts Quantstamp on the same level as security audit firms, but Quantstamp’s automated protocol gives it an edge over the competition.
The automated software verification system is illustrated below:
To use the Quantstamp protocol, an Ethereum developer sends their smart contract from their wallet (and its source code in the data field) with QSP tokens to Quantstamp. The validators (nodes) perform security checks, and after they come to a consensus the proof-of-audit and report data are added to the next Ethereum block.
The report can be made public or private according to the developer’s preference. Issues are classified in the report based on a scale of 1 to 10, where 1 is a minor issue and 10 is a major vulnerability.
QSP tokens are included in the transaction for bounty rewards where bug finders work towards a deadline to submit security issues. If no bug is found, the bounty is returned to the developer. This measure is not an absolute assurance that the smart contract is bugless.
However, the combination of the automated system and bug bounty by Quantstamp gives a very low probability of having security issues.
Quantstamp Betanet Release
An audit report accessible to the public will be generated after the audit is complete, along with the proof-of-audit. The proof-of-audit is a publicly verifiable record that an audit took place. This creates more transparency for smart contracts and bequeaths more faith in the blockchain ecosystem.
With Quantstamp, users of a particular dapp can verify independently whether a smart contract audit took place. Previously, users have had to blindly trust whatever the developers say. Now, with Quantstamp, those claims can be verified independently.
Only whitelisted organizations, including research institutions and industrial partners, are allowed to run Quantstamp auditing nodes on the betanet. This is so that the node software and protocol can be perfected before allowing the public to participate as node operators. However, anyone is allowed to request an audit from the Quantstamp protocol.
Onboarding of whitelisted nodes is scheduled to begin in September 2018.
Quantstamp 2018 Roadmap
The Quantstamp protocol has helped secure over $400 million through the Quantstamp audits. The project operates from 4 offices in North America (San Francisco, Toronto, and New York) and Asia (Tokyo).
The Quantstamp team boasts of competence in decades of combined years of experience in software security (and related fields), with 500 Google scholar citations.
Quantstamp has 3 major teams: the protocol team (comprising of engineers and researchers that work on the protocol), the web team (which builds the web products and demos) and the auditing team (which consists of security experts that perform manual audits).
The Quantstamp roadmap for the rest of 2018 is shown below:
The betanet release of the Quantstamp protocol is a vital step in the development of publicly verifiable audits for smart contracts. The development is being carried out iteratively. This means new versions of the protocol will continue to be tested and released until the service rendered to smart contracts and users becomes phenomenally excellent.
The goal of Quantstamp is to improve smart contract security standards, thus making blockchain technology adequate for mainstream use.