What is Quantstamp?
Quantstamp is the first smart contract security-auditing protocol.
Quantstamp is a specialized network that connects developers, investors and users around a transparent and scalable proof of audit in ethereum contracts. The platform will run automated security checks using different code analysis and will eventually expect every Ethereum smart contract to use the Quantstamp protocol to perform a security audit.
Security Breaches in the Past
The problem with smart contracts is that they are written manually and risk human error. A human error in coding runs a huge risk of hacks that in turn leads to mistakes that could cost millions. Instead of relying on a single programmer, or even a single auditor, QSP allows the public to audit the smart contract.
In June 2016, a hacker stole $55 million dollars in Ethereum from the DAO (Decentralized Autonomous Organization) due to a bug in its smart contract. In July, another hacker stole $30 million from crypto companies due to a word bug in a smart contract code. Security issues like these are a serious impediment to wider adoption of the Ethereum because they erode trust in smart contracts. In order to increase the adoption of smart contract technology, Quantstamp solves the smart contract security problems and maintains high levels of security for users and investors from getting hacked.
How It Works
The essential goal of Quantstamp is to automate the verification of smart contracts on the Ethereum network, removing human actors in trusted sense but allowing them to continue participating as members of the network utilizing QSP tokens to influence events.
Quantstamp uses an upgradable software verification system that can detect these flaws in Solidity, the code use to write smart contracts on the Ethereum blockchain. Quantstamp technology detects these codes before they happen and recognize attacks while they are happening. Quantstamp uses a series of nodes across the network in both decentralization and termination so if a node goes down, the network keeps working and ensures the smart contract is protected.
Currently in the state of smart contracts we run the risk of manual coding errors and coders reporting those flaws out of honesty. With Quantstamp the coding is verified automated through a verification program and flaws in coding are reported though an incentive program. There are two types of coders when it comes to reporting blemishes in smart contracts. Samaritan coders are known as “White Hats” and will report flaws and backdoors, while malicious coders known as “Black Hats” will try to find ways to exploit those flaws and backdoors. With Quantstamp’s incentive program, reporters are reward with QSP tokens.
Public Network Participants
Contributors - The security researchers and people working in closely aligned fields who writes software intended to audit smart contracts written for the ethereum network. They oversee both elements of security research - those who are breaking it and building it.
Validators - Validators play the importance of validating transactions on the chain as well as contracts previously verified by the network, in other words, mining of the Quantstamp network.
Bug Bounty First Responders - Most crucial part of the network. Bounties in QSP tokens are submitted when the source code is sent to the Quantstamp validator smart contract and then held in escrow. Bug finders are then encouraged to attempt to break the code, using any kind of vulnerabilities that they are able to find. If the hacker is able to find a bug in the smart contract, they are then awarded the bug bounty that was being held in escrow.
There are currently thousands of white hat hackers that are already looking for vulnerabilities, bugs, and exploits in the incumbent software industry. Many of these hackers are able to do this full time, earning a handsome salary from the bounties alone. We are hopeful that these hackers will enter the blockchain industry (many of them already are).
Core Team Members
Richard Ma - Co-founder & CEO
Strategy and Business Operations. Former Algorithmic Trader at Tower Research. Handled Millions of Dollars of Trading using Extreme Software Testing Methods. ECE at Cornell University.
Steven Stewart - Co-founder & CTO
Smart Contract Development. Previously founded Many Trees Inc that built GPU in-memory databases for ML. He worked for 5 years in the Canadian Department of National Defense. PhD dropout.
Edward Zulkoski - Senior Security Engineer
Smart Contract Development. Ex-Microsoft. Extensive research work in SAT and SMT solvers. Ed was awarded a Ph.D. Fellowship from IBM Canada’s Centers for Advanced Studies Research.
Vajih Montaghami - Senior Security Engineer
Software Verification. ECE PhD from the University of Waterloo for his work on verifying formal models. Ex-Google, Ex-Amazon. Expert in security infrastructure and scalable systems.
Prit Sheth - Lead Backend Engineer
Full-stack engineer. Expert in distributed systems. Ex-Barclays Senior Engineer. Ex-Samsung. Winner of Global Think Tank Innovation program at BarclaycardUS.
Why Are We Investing?
The quantstamp ICO white paper leaves us with a firm belief that blockchain offering has a veritable utility, as well as an potential for strong execution. The team is respectable, and their vision is clear. Cybersecurity is a booming industry, and is expected to grow to a $5 trillion dollar industry in the next few years. The blockchain industry itself is quite young -- many tech leaders compare present day crypto to 1993 in the rise of the dot-coms. We are still very early. Thus, there is more of a need for an emphasis in security, as protocols and infrastructure is currently being built, and vastly untested in many situations. Many blockchain protocols are open-source and public, and security should be one of the most important aspects to consider going forward. We are long QSP!