Quantstamp is a Y Combinator backed security company that is developing a new protocol for smart contract verification that aims to help blockchain developers and projects around the world use its technology to perform cost-effective security audits on their contracts.
They also perform manual smart contract audits, security consultations, and build security tools for the blockchain space.
Quantstamp was founded in June 2017 by Steven Stewart and Richard Ma. After experiencing his funds being stolen from the DAO hack, Ma was motivated to create a tool (Quantstamp) to improve the security of smart contracts.
They boast an impressive customer resume including Binance, OmiseGO, Wanchain, and Quoine.
Smart Contracts, Security Concerns, and Quantstamp
In order to understand the vision of Quantstamp, we first must have a basic understanding of smart contracts.
Smart contracts enable the exchange of value in an open, transparent, trustless environment that removes the need for a fee-seeking middleman. This is achieved through code that performs predetermined actions based on assumptions. If X conditions are met, then Y transactions are performed.
What Problem is Quantstamp Trying to Solve?
The two biggest roadblocks preventing the proliferation of smart contracts are the “oracle problem” and maintaining security of smart contracts.
Quantstamp aims to solve the smart contract security problem. To date, over $250 million worth of ETH has been stolen from the Ethereum networks due to vulnerabilities found in smart contracts. Currently, the only option to secure smart contracts is through a manual audit process which has proven to be ineffective in its current form.
As stated on their website:
Quantstamp aims to create protocol that can automate the auditing process and enhance the quality of smart contracts on the Ethereum network because it’s one major problem present before Ethereum is ready for mainstream adoption.
To understand the contrarian perspective, I highly recommend reading Jimmy Song’s critique: The Truth about Smart Contracts which addresses the “oracle problem” and why ensuring the security of smart contracts is hard.
The greater smart contracts industry will eventually find ways to overcome the “oracle problem” and companies like Quantstamp will help improve the security problem.
Investing in Quantstamp (QSP)
Make no mistakes about it, investing in Quantstamp is risky. This is a long shot with potentially massive upside which lends itself nicely to a small position size that’s held long term.
In a recent issue of the Palm Beach Research Group Newsletter, Teeka Tiwari picked Quantstamp as a smart investment. Whether you trust Tiwari or the Palm Beach crew is a totally different question…
Below we’ll cover 5 reasons to consider investing in Quantstamp.
However, as with most projects, there are some concerns that should be examined before considering investing. Let’s start with the FUD.
Does the Recent FUD Surrounding Quantstamp Have Merit?
There has been some recent concerns with Quanstamp that are worth mentioning.
Concern #1: Is Quantstamp following the original plan?
Apparently the company has been accepting ETH and USD for manual security audits instead of the QSP token, which many community members assumed to be the original plan.
This raises potential concerns over the alignment of incentives shared between the company and the token holders. In other words, can the Quantstamp company succeed financially without the QSP token accumulating value?
On the other hand, these manual audits are revenues for the company which theoretically will be used to create a thriving ecosystem surrounding the QSP token. Not many tokenized projects have revenues, let alone a product-market fit.
Concern #2: Quantstamp is leveraging open source software; what happened to the QSP protocol?
Most investors believed the team was creating a decentralized platform (Quantstamp protocol) that facilitated the audit of smart contracts. Yet the team has reportedly been using open source software to perform audits. This raises the concern of what competitive technological advantage does the team have, if any?
It’s important to distinguish between Quantstamp’s current web services and the Quanstamp protocol. The current services are better viewed as a test environment for the future decentralized protocol. The Quantstamp team definitely benefits by “seeing smart contracts in the wild,” as Co-Founder Steven Stewart said.
I’m not surprised the team has delayed the launch date of the Quantstamp protocol. Smart contracts are in their infancy, not to mention creating decentralized communities with aligned incentives is incredibly challenging.
The team released an MVP version of the QSP protocol on testnet that you can examine here. Currently they’re developing a more robust version of the protocol, and it will be released on the Ethereum mainnet. However, at this point, the team is still unsure if the QSP protocol will stay an ERC-20 token or migrate to their own blockchain.
Concern #3: What is the purpose of the QSP token?
Related to the above point, there are some concerns regarding the QSP token—is it actually needed?
Without truly understanding the proposed Quantstamp protocol, discerning whether the QSP token is truly required is challenging. On paper it sounds reasonable. However, as a community we definitely need to be more vigilant with the question: “Why does your project need a token?”
According to MyCryptoPedia.com, the QSP tokens will be used by each Quanstamp participant in the following way:
- Contributors – QSP tokens will be used to financially reward developers that contribute software to the Quantstamp protocol.
- Validator nodes – QSP tokens are rewarded to nodes that contribute their computing resources in order to run checks on a smart contract.
- Bug Finders – QSP tokens are rewarded to individuals as a bounty, in exchange for detecting any vulnerabilities in smart contract code.
- Contract Creators – QSP tokens will be paid by the contract creator, in exchange for getting their smart contract validated.
- Contract Users – According to the Quantstamp whitepaper, contract users will have access to the results of the smart contract security audits. However, it does not mention if contract users will have to use QSP tokens in order to access the audits.
- Voters – QSP tokens allow any QSP holder to participate in the protocol’s governance mechanism.
5 Reasons Why Quantstamp (QSP) is A Smart Long-Term Investment
1. Blockchain Technology is Secure But Smart Contracts Are Not
In 2016, a hacker exploited a smart contract bug and stole $55 million in ETH from the Decentralized Autonomous Organization (DAO). This lead to a hard fork creating Ethereum (ETH), which separated from the original chain Ethereum Classic (ETC).
With high-profile vulnerabilities being exploited in smart contracts, there is a huge demand for smart contract security or similar auditing services. As smart contracts start being used more and more, the demand for services like Quantstamp will increase.
2. Quantstamp Supports a High Growth Industry (Smart Contracts)
The smart contract industry is growing fast and is expected to reach over $300 million by 2023. Security is the biggest concern when examining smart contracts at scale. Quantstamp aims to become the dominate security player in the smart contract space. Currently, they’re leading the pack.
3. Quantstamp Expands to Additional Smart Contract Platforms
Quantstamp has begun to expand beyond Ethereum by offering security audits on the EOS network with Insights Network. They will audit Insight’s crowdsale smart contract as well as their blockchain data exchange smart contract. The founders of both Quantstamp and Insights Networks are Y Combinator alumni.
This expansion speaks to the defensibility of the Quantstamp protocol. The reality is, we don’t yet know which smart contract platform(s) will dominate. Will it be a winner takes all? Will we have hundreds of smart contract platforms? Or maybe a handful of networks will fill slightly different niches based on scalability tradeoffs.
Whatever the outcome, it’s clear that Quantstamp is willing to evolve lending their security audit expertise to any network with a need.
4. Quantstamp is Surrounded by High Profile Investors and Partners
While strong partnerships and known investors don’t guarantee success, they’re still generally positive indicators.
Quantstamp emerged from the infamous Y Combinator, the same VC firm behind Coinbase, Reddit, Stripe, Airbnb, Dropbox, among others. Investors like Y Combinator help provide a network of connections and strategic oversight which is especially helpful for a young team like Quanstamp.
Quantstamp has been trusted to perform security audits in some of the biggest brands in the crypto space, including: Binance, OmiseGO, Zilliqa, Quoine, Request Network, Wanchain, and more. This is a strong signal for the value Quantstamp can provide.
Recently, Quantstamp was accepted into a Japanese accelerator called Plug and Play, that “specializes in growing tech startups and connecting them with corporate partners. Plug and Play’s global network includes over 6,000 startups, 220 official corporate partners, universities, enterprises and investors.” This is a great opportunity for Quantstamp to acquire high value clients in Japan, a country known for its forward thinking vision of the blockchain and crypto space.
5. Strong Team With a 3-year Vesting Period
Despite the recent FUD about Quantstamp firing a few team members, there is a lot to be optimistic about with Quantstamp’s team members.
Quanstamp has a team of around 30 members which you can explore on their Linkedin.
A few standout team members include:
- Richard Ma, CEO & Co-founder: Former engineer at Tower Research where he developed software that handled millions of dollars using extreme testing methods.
- Steven Stewart, CTO & Co-founder: Former engineer at Many Trees, Inc. Also worked for Department of National Defense in Canada and Magnetic Forensics.
- Evan Henshaw-Plath, VP of Engineering: First employee and lead engineer of Odeo, the company that created Twitter. Long history of leading successful product teams at companies such as Yahoo, Digital Garage, and Palm.
- Even Cheng, Engineering Advisor: Director of Engineering at Facebook. Programming language system expert.
The core team has a 3-year vesting period on their stake of QSP tokens. This provides a strong financial incentive for the team to continue working hard on the project.
Also, they recently hired Linda Selker, the VP of General Counsel at Visa to help the team with legal compliance at Quantstamp.
Risk Versus Reward: How Does QSP Stack Up?
When evaluating any investment, it’s smart to evaluate the chance of failing (risk) versus the potential upside (reward).
With unknowns surrounding Quantstamp’s competitive technological advantage and the future of the smart contract industry, we can safely assume that investing in QSP is risky.
However, if the Quantstamp protocol can solve the critical issue of security at scale for smart contracts, the QSP token could dramatically increase in value.
At the time of writing, the current market cap of QSP is around $20 million. This leaves a lot of room for potential upside.
The Quantstamp team is strong, they’re surrounded by respected industry partners, and they solve a really important problem in the blockchain industry. My bet is they’ll capitalize on their vision of creating a decentralized network improving smart contract security.
What do you think? Will Quantstamp become a blue chip in the smart contract security industry or disappear into the abyss?
Disclaimer: This is not intended to be financial advice. As always, do your own research. The author currently holds a small long-term position in QSP.