Quantstamp – Decentralized AI Hybrid Smart Contract Auditing


If you haven’t heard, the crypto space has been blowing up recently. The total market cap for all crypto currencies exceeds more than 150 billion USD and there is no sign of it stopping. The real driver for this meteoric rise has been Ethereum and its smart contract protocol, which are a piece of code for digital assets with an arbitrary set of rules. SybcFab rightly describes it as “essentially a cryptographic block containing digital values that can only be unlocked and accessed upon execution of predetermined conditions of which can be created by anyone to ‘create their own arbitrary rules for ownership, transaction formats, and state transition functions.’”

With the massive increase in ICO’s and other dApps connected with them, the growth for smart contracts has risen exponentially and as time goes on, there will be an incredible amount of smart contracts produced to meet the needs of the market. The problem though, however, is that good developers are hard to find to audit these contracts and most are not rewarded for their service. This is what Quantstamp wants to change, by implementing a hybrid AI/human audit system to help the Ethereum community safely scale the number of verified, protected smart contracts which are immune to the even the most sophisticated attacks.

Normally, a code can be relatively safe before it is published, bugs and other issues might exist, but they don’t have major effect on security or people’s money. With crypto however, a small security flaw could lead to massive losses. The largest hack ever of an Ethereum smart contract occurred when $55 million USD was stolen from the DAO, which eventually required a hard fork and led the creation of Ethereum Classic. It’s a major problem and millions of dollars have been stolen already by hackers exploiting weaknesses in smart contract code.

Quantstamp’s solution is to use a decentralized system and protocol to create a scalable and cost-effective solution to audit smart contracts on the Ethereum Network. Eventually, their goal would be to see that every smart contract be audited by them.

The protocol consists of two parts:

  • An automated and upgradeable software verification system that checks Solidity programs. The conflict-driven distributed SAT solver requires a large amount of computing power, but will be able to catch increasingly sophisticated attacks over time.
  • An automated bounty payout system that rewards human participants for finding errors in smart contracts. The purpose of this system is to bridge the gap while moving towards the goal of full automation.

To facilitate this, the protocol is supported by a variety of actors who provide different services. Every actor either uses or receives QSP for their input or work. These include:

  • Contributors receive QSP tokens as an invoice for contributing software for verifying Solidity programs. All contributed code will be open source so that the community can have confidence in its efficacy. Most Contributors will be security experts. Contributions are voted in via the governance mechanism.
  • Validators receive QSP tokens for running the Quantstamp validation node, a specialized node in the Ethereum network. Verifiers only need to contribute computing resources and do not need security expertise.
  • Bug Finders receive QSP tokens as a bounty for submitting bugs which break smart contracts.
  • Contract Creators pay QSP tokens to get their smart contract verified. As the number of smart contracts grows exponentially, we expect demand from Contract Creators to grow commensurately.
  • Contract Users will have access to results of the smart contract security audits.
  • Voters : The governance system is a core feature of the protocol. The validation smart contract is designed to be modular and upgradeable based on token holder voting (time-locked multi-sig). This governance mechanism reduces the chance of upgrade forks and decentralizes influence of the founding team over time.

It’s really a novel idea I’ve got to say. They have taken a critical part of the Ethereum infrastructure and are trying to make their stamp of approval necessary for all smart contracts. This is a massive power play for them and demand is going to be incredibly high for it. There is no one else providing this level of sophisticated and widespread availability of smart contract auditing right now.

The company has huge potential to grow and without any immediate competitors will probably do so quickly

They have an interesting system for their Pre-sale, namely, Proof-of-Care. It’s really novel, they have put some effort into it and they are really doing well. It’s at the top of every list, so make sure you sign up for it now.

OHHEYMATTY Average Rating: 96

Launch Score: 99

Project Score: 96



No Comments

Leave a Reply

Your email address will not be published.

Blockchain and the Unbanked: A Tale of Two ICOs – Kora & Access Network

One thing which really gets me about blockchain projects and ICO’s at this point is the platitudes they reach when trying to define their projects in such an early stage. A startup team may have big ideas to change the world, but really, how effectively can you do it with …

TradeConnect:  Multi-Asset Peer-to-Peer Blockchain-based Trading Network

TradeConnect’s aim is to create the world’s largest peer-to-peer multi-asset trading network that decentralises and democratises trading for all.  The network will create a level playing field between individuals and institutions, with lower transactions costs for all players.  Trades will be automatically settled on the blockchain, with recording and execution …

Atonomi: Tokenised IoT Security Ecosystem built on Ethereum

Atonomi provides a new security protocol and infrastructure network to enable billions of IoT devices to have trusted interoperability for both data and commerce. The key innovation of Atonomi is the combination of their patented security features and blockchain-based immutable ledger to verify the identity and reputation of IoT devices. …