Quantstamp is the first security-auditing protocol that audits smart contracts for bugs before it is published to the blockchain. It is designed to secure all smart contracts in a cost-effective and scalable manner and currently working on Ethereum smart contract. The protocol uses Quantstamp Token (QSP) for security experts to write safe and secure code.
Over $250 million dollars worth of Ether were either locked or stolen from the Ethereum network due to bugs in smart contracts. Thus, Quantstamp aims to solve this issue of security of smart contracts. The developers seek to verify audits using a distributed network of nodes, similar to how an Ethereum node secures and validates a transaction. If one node attempts to forge an audit, the intended protocol will detect this forgery. By automating audits, the intended protocol will be able to handle audits much faster than a centralized manual auditing company.
The ICO was launched in November 2017 and raised $22.32 million.
How it Works
The Quantstamp protocol consists of two components:
- Automated and upgradeable software verification system: It checks the Solidity programs and will be able to detect increasingly sophisticated attacks over time.
- Automated bounty payout system: It rewards the participants for finding errors in smart contracts.
The protocol relies on distributed network of participants to
- moderate the effect of bad actors
- provide the required computing power
- provide governance
The different types of participants include:
- Contributors: Mostly security experts, they receive QSP tokens on account of contributing software for verifying solidity programs. These contributions are voted in with the help of governance mechanism.
- Validators: They receive QSP tokens for running the Quantstamp validation node which is a specialized node in the Ethereum network.
- Bug Finders: They receive QSP tokens as a bounty for detecting bugs which break smart contracts.
- Contract Creators: They pay QSP tokens to get their smart contract verified.
- Contract Users: They will access the results of smart contract security audits.
- Voters: The validation of smart contract is designed to be modular and upgradeable based on token holder voting. This core feature of governance mechanism reduces the chance of upgrade forks and decentralizes influence of founding team over time.
The security audits which are performed is based on verification-algorithms and blockchain technology and the foundation is the Validator Node that is being developed by Quantstamp. Validator node is a heavily modified Ethereum node containing an analytical toolkit that applies techniques from formal methods.
- Quantstamp aims to develop a protocol that can audit any smart contract from any blockchain.
- The auditing protocol will be automated, scalable and without the need of a trusted 3rd party.
- The protocol allows end-users to directly submit programs for verification, without the possibility of manipulation of results of an audit.
- The verified smart contracts are produced with proof-of-audit hash.
- The miners or verifiers are provided incentives for verification and certification of smart contracts which is a part of the validation node software on Ethereum.
- Richard Ma, Co-founder & CEO
- Steven Stewart, Co-founder & CTO
Security of smart contracts is a matter of concern and Quantstamp protocol is attempting to solve the issue with its security-auditing protocol that will be scalable and cost-effective.