Quantstamp – Decentralized AI Hybrid Smart Contract Auditing


If you haven’t heard, the crypto space has been blowing up recently. The total market cap for all crypto currencies exceeds more than 150 billion USD and there is no sign of it stopping. The real driver for this meteoric rise has been Ethereum and its smart contract protocol, which are a piece of code for digital assets with an arbitrary set of rules. SybcFab rightly describes it as “essentially a cryptographic block containing digital values that can only be unlocked and accessed upon execution of predetermined conditions of which can be created by anyone to ‘create their own arbitrary rules for ownership, transaction formats, and state transition functions.’”

With the massive increase in ICO’s and other dApps connected with them, the growth for smart contracts has risen exponentially and as time goes on, there will be an incredible amount of smart contracts produced to meet the needs of the market. The problem though, however, is that good developers are hard to find to audit these contracts and most are not rewarded for their service. This is what Quantstamp wants to change, by implementing a hybrid AI/human audit system to help the Ethereum community safely scale the number of verified, protected smart contracts which are immune to the even the most sophisticated attacks.

Normally, a code can be relatively safe before it is published, bugs and other issues might exist, but they don’t have major effect on security or people’s money. With crypto however, a small security flaw could lead to massive losses. The largest hack ever of an Ethereum smart contract occurred when $55 million USD was stolen from the DAO, which eventually required a hard fork and led the creation of Ethereum Classic. It’s a major problem and millions of dollars have been stolen already by hackers exploiting weaknesses in smart contract code.

Quantstamp’s solution is to use a decentralized system and protocol to create a scalable and cost-effective solution to audit smart contracts on the Ethereum Network. Eventually, their goal would be to see that every smart contract be audited by them.

The protocol consists of two parts:

  • An automated and upgradeable software verification system that checks Solidity programs. The conflict-driven distributed SAT solver requires a large amount of computing power, but will be able to catch increasingly sophisticated attacks over time.
  • An automated bounty payout system that rewards human participants for finding errors in smart contracts. The purpose of this system is to bridge the gap while moving towards the goal of full automation.

To facilitate this, the protocol is supported by a variety of actors who provide different services. Every actor either uses or receives QSP for their input or work. These include:

  • Contributors receive QSP tokens as an invoice for contributing software for verifying Solidity programs. All contributed code will be open source so that the community can have confidence in its efficacy. Most Contributors will be security experts. Contributions are voted in via the governance mechanism.
  • Validators receive QSP tokens for running the Quantstamp validation node, a specialized node in the Ethereum network. Verifiers only need to contribute computing resources and do not need security expertise.
  • Bug Finders receive QSP tokens as a bounty for submitting bugs which break smart contracts.
  • Contract Creators pay QSP tokens to get their smart contract verified. As the number of smart contracts grows exponentially, we expect demand from Contract Creators to grow commensurately.
  • Contract Users will have access to results of the smart contract security audits.
  • Voters : The governance system is a core feature of the protocol. The validation smart contract is designed to be modular and upgradeable based on token holder voting (time-locked multi-sig). This governance mechanism reduces the chance of upgrade forks and decentralizes influence of the founding team over time.

It’s really a novel idea I’ve got to say. They have taken a critical part of the Ethereum infrastructure and are trying to make their stamp of approval necessary for all smart contracts. This is a massive power play for them and demand is going to be incredibly high for it. There is no one else providing this level of sophisticated and widespread availability of smart contract auditing right now.

The company has huge potential to grow and without any immediate competitors will probably do so quickly

They have an interesting system for their Pre-sale, namely, Proof-of-Care. It’s really novel, they have put some effort into it and they are really doing well. It’s at the top of every list, so make sure you sign up for it now.

OHHEYMATTY Average Rating: 96

Launch Score: 99

Project Score: 96



No Comments

Leave a Reply

Your email address will not be published.

Quick Review of ICO’s for July 14th

Auctus – Check out the Auctus review I wrote before. I thought that they had little to no pension experience and that they were simply data scientists. Check out the review. Dmarket – I don’t know why they had two separate ICOs. The first one did ok. I’m not so …

July 13th ICO Quick Review

TopiaCoin Presale Starts – Secure Decentralized File Sharing “Topia will combine its patented security for shredding and encrypting data with the power of blockchain, to deliver the most robust and Secure Decentralized File Sharing infrastructure (SDFS). With SDFS, individuals and businesses will be able to easily and securely share any …

BitDegree – An Incentivized Solidity Developer Training Ground

I’ve taken quite a few free courses online from what are known as MOOCs (Massively Open Online Courses) from a variety of sources. I slogged through CodeAcademy and TreeHouse’s course material for a while to teach myself enough coding not to look stupid. I signed up and missed all my …