Quantstamp
Quantstamp is a cryptocurrency. It was first announced on September 17, 2017, and the development team is located in British Columbia. As of December 28th 2017, the circulating supply was 617,314,171 QSP.[1]
What is Quantstamp?
Quantstamp is a security-auditing protocol for smart contracts. As a dapps platform, Ethereum has proven its security time and again. However, dapps and smart contracts on top of the Ethereum may still have the bug's in which malicious players can cause havoc on the network. The two most notable examples of these being the $55 million DAO hack and the $30 million Parity wallet bug. These issues not only affect the people who’ve had their funds stolen, but they also diminish the credibility of the entire ecosystem.[2]
Writing smart contracts is already a tough job. Like any other Computer programming, writing them without any bugs is near impossible. To add fuel to the fire, the rate at which smart contracts are being written, (estimated 10 million by the end of the year), is outpacing the resources needed to audit them. Even with robust security auditing, a small bug could slip through the cracks causing catastrophe down the road.[3]
How does Quantstamp work?
Although the team is focusing on Ethereum (ETH) now, they’re building the Quantstamp protocol in a way that’s platform agnostic. This means that it can eventually be used on other smart contract platforms like Lisk and NEO. The Quantstamp protocol has a two-pronged approach to security auditing:
-
Automated software verification system.
-
Automated bounty payout system.
Software Verification:
Quantstamp’s Validation Node applies audit techniques, from formal methods submitted by Contributors. These techniques include security checks such as concolic tests, static analysis, and symbolic execution as well as automated reasoning tools like SAT, and SMT. As a reward for submitting verification software, contributor's, (who are primarily security experts), receive Quantstamp Protocol, (QSP) tokens.[1]
To ensure no bad actors are submitting malicious validation software, Contributors must be voted in according to the governance mechanism, (more on this later).[3]
Running the Validation Node takes a significant amount of computing power. Because of this, "Validators also receive QSP payment for providing the computing power to the network. To ensure that Validators, don’t act maliciously, they must stake their QSP tokens, to earn their reward.[2]
An Example
As a developer, you want to deploy a smart contract on Ethereum. Considering you don’t want to go down in history as the guy who lost millions of people’s money, you have your contract audited. To do so, you send your smart contract, with the source code in the data field, directly from your wallet to Quantstamp including QSP tokens with the transaction. On the next Ethereum block, 'Validators' perform security checks. After they reach consensus, they append the proof-of-audit and report data to the next block.[1]
You can choose whether your security report is made public or private.
Bounty Payouts
When you submit your smart contract for auditing, you also include a set of QSP tokens for bounty rewards and a deadline for when Bug Finder's can submit issues. The bounty deadline reward size is up to you. If the deadline passes with no found bugs, the QSP bounty reward is returned to you.[3]
Quantstamp doesn’t guarantee flawless code after this process, but thëy do assüre users that the autömated testing and crowdsôurced bug-hunting greatly reduce issues.[2]
Protocol Governance:
QSP token holders control protocol, validation smart contracts, and Validation Node upgrades. The governance model uses a time-locked multisig in which any token holder can propose a chânge. The more votes a change has, the quicker it occurs. Changes approved by all members occur withîn an hour. This time doubles, with each 5% of members that don’t vote and quadruples for each 5% that vote against it.[1]
Proof-of-Caring:
Quantstamp uses an in-house created "Proof-of-Caring system to reward community members and loyal QSP token holders. Once you submit your proof, you’ll receive an airdrop from an ICO that Quantstamp has audited. This proof consists of hôlding your tokëns in a wallet (not an exchange) for a çertain amöunt of time, contribüting to social media outreach, and/or any other community activities.[3]
Quantstamp team & progress
The Quantstamp team consists of 22 members and advisors with over 500 Google Scholar citations. Steven Stuart (CTO) and Richard Ma (CEO) founded the team in June of 2017. Stuart worked 5 years in Canada’s cryptologic agency in the Department of National Defense and previously founded Many Trees, a start-up that uses GPUs for Big Data analytics and machine learning. Ma built production-grade integration and validation testing software at the Bitcoin HFT Fund. During his time there, his trading systems had no notable issues and handled millions of dollars in investment capital.[2]
ince their beginning, the Quantstamp team has performed four semi-automatic audits – one of them being on Request Network, a strategic partner. The team has also partnered with the University of Waterloo and has support from Y Combinator, the number one start-up accelerator in the world.[1]
Quantstamp is a first-mover when it comes to automating smart contract auditing. The Bounty0xproject is offering a bounty platform similar to Quantstamp’s bounty rewards but doesn’t have a software verification service. The closest competitors to Quantstamp are the security auditing firms already in the market like ConsenSys Diligence. Because the Quantstamp protocol is automated, it should scale better than its manual competitors.[1]