01 Aug Quantstamp
Quantstamp (QSP): Sentinel of The Web 3.0
Published: 1st August 2018
Bank robberies, hijacking armored cars transporting cash, hostage kidnappings for ransom – while all of the above make for a great ‘90 action movie plot, we rarely hear of anything like that today, in the world of omnipresent technology. That’s because there are less and less spectacular crimes being committed.
Bank robberies, burglaries and larcenies in the US have been steadily going down over the last couple of years, from well over 7,500 in 2003 and 2004 down to around 4,000 in 2015 and 2016. Data from the UK is confirming a similar trend: we’ve gone down from 847 bank robberies in 1992 to 108 in 2012. Whereas the small street thugs are still thriving in many places all over the globe, the action movie type of crimes are declining.
It shouldn’t go without mentioning that major downtrends such as this one are multi-causal. You have to consider various factors that have an influence on this data: overall better security systems in and around banks, the effectiveness of law enforcement preventing a robbery in the first place, across the board improvement of life-quality which makes people less desperate and thus less likely to commit a crime, etc.
However it isn’t far-fetched to consider that the industry of theft, robbery and broadly defined crime is also experiencing a transition similar to virtually every other industry – it’s moving online.
It’s much cheaper and easier to coordinate a hacking attack, which has the potential to provide even more profit, than to do so with an old school million dollar bank robbery. You don’t have to put your life in direct danger. Heck, you could be even sitting on the opposite side of the globe. You don’t have to point a gun to someone’s head either – hey, how morally uplifting!
You essentially don’t need to leave the comfort of your home – all you need is a decent bandwidth and a reliable Internet provider (which is why no one ever performed an attack using AT&T‘s services).
On a more serious note, it’s fairly understandable why the online crime industry seems so lucrative.
Throughout history, humankind has been mainly focused on improving the tools we use. It’s obvious that new possibilities enabled by new technology are always accompanied by new threats: be it fireworks enabling gunpowder development or ammonium nitrate enabling more powerful bombs. Fortunately mankind sometimes goes the other way around, like with atomic decay, primarily designed for weapons of mass destruction, later to be utilised as a modern energy source.
Blockchain is also a new technology that is accompanied by the old problems of its predecessors. Although, sometimes we wonder if nearly every new invention has been used, or attempted to be used, maliciously, maybe it’s not about the inventions after all, but about the people using them…
But philosophy is not what we’re here for; we’re here to present you with a solution.
Back in the days of old fashioned crime, some very smart people came up with the idea of hiring other people to prevent and catch the criminals. Regardless of the point in time or space, whether they were knights, sheriffs or police men, these people had the uneasy task of protecting the ones who couldn’t protect themselves.
Since then times have changed, empires have risen and fallen, we’ve seen years of war and cruelty and years of peace and prosperity. Yet the basic rules still apply: we need people whose sole job is to protect every citizen from harm.
Crypto has been compared to all kinds of things, one of which appeared more frequently than the others – The Wild West. Well, if crypto space is The Wild West, then, without further ado, let us introduce you to its sheriff:
As the crypto space grows toward a more mainstream adoption with an endless supply of positive news in the background, there are always headlines featuring security breaches. Due to the lucrative nature of our industry, crypto naturally attracts hackers who want to make bank by exploiting the vulnerabilities of blockchain technology’s early days.
And if there is one thing that could massively slow down the expansion of the crypto revolution, it would be a hack causing many people to lose their cryptocurrencies. In fact, that has already happened. Mt. Gox lost around 850,000 bitcoins due to a hack, which left a significant mark on the market.
Another example is the DAO exploit that happened in June 2016 during which the hacker stole around $50 mln worth of Ethereum due to a bug in the code. This resulted in Ethereum losing around 50% of its USD value in two days. It took almost a year for it to return to its price prior to the hack.
Plenty of projects pop up on a daily basis with the intention to improve various industries with blockchain, while the platform most of them are built on – Ethereum – requires improvements. Unfortunately, there are not many projects trying to tackle the security side of this problem. However, we don’t need many sheriffs. We just need one that does a great job.
The project we’re presenting is considered one of the best when it comes to securing smart contracts and it’s still hugely undervalued while already recognised by some big names, which makes us extremely bullish.
What’s the Deal?
In a nutshell, Quantstamp is a project made of software testing experts who audit Ethereum smart contracts for potential vulnerabilities.
At the moment, Quanstamp’s sole priority is to secure smart contracts on the Ethereum Network, although they do plan to expand to other ecosystems in the future. They’re also preparing a wallet audit process for a release this summer. You’ll be able to see which smart contracts can be found in your wallet and which vulnerabilities they have.
Since Quantstamp secures the Ethereum Network, we could say that if you’re pro Ethereum then you’ll absolutely love QSP. However, we don’t like to create camps between different projects, because at the end of the day, we have one common goal – bringing more settlers to our lately founded Wild West enclave.
In other words, making crypto more mainstream since that will increase the value of our investments and lives. So if you’re pro blockchain technology expansion, Quantstamp should be on your radar.
Quantstamp was founded in June 2017 so if you haven’t invested in it yet, do not worry. It is still early enough to take action. The exciting part about the problem solved by Quantstamp is the fact that it’s an issue of an exponentially growing industry.
According to their whitepaper, just between June 2017 and October 2017, the number of smart contracts quadrupled from 500k to 2 mln. This crazy growth is not expected to stop any time soon. 10 million contracts are predicted by the end of 2018. In a word, the Ethereum ecosystem is booming. This will attract even more attention from the bandits trying to exploit the newly emerging projects and as a result, make Quantstamp’s solutions even more sought after.
What’s also amazing is that Quantstamp’s customers are creating extra exposure. As of October 2017, 11 mln ETH was locked in smart contracts and the USD value of these contracts will only grow with the expansion of the Ethereum network. As you can see, there’s a lot of money at stake. The bigger the project is, the more of a target they become. Consequently, there are many serious crypto enterprises looking for security audits that Quantstamp provides.
Take Request Network as an example: a lot of people are incredibly excited about this project so any new roadmap update or partnership from REQ is likely to get a lot of attention. Back in October 2017, Request Network published on Medium an audit summary completed by Quantstamp. The piece received hundreds of “claps” (if you’re not familiar, a “clap” is a way to upvote an article you liked on Medium) and generated free publicity for Quantstamp. The fact alone that REQ and Quantstamp are partners is a highly bullish indicator.
But what happens when a cryptocurrency neglects the security part? Electroneum, which generated a lot of hype back in 2017, is a decent example of security neglect. After raising $40 mln, they were attacked by hackers and forced to shut their accounts for several days.
The official statement included: ‘There are thousands of lines of code to modify or adapt and services that need to be rewritten.’ This is exactly where the Quantstamp guys can shine bright like a diamond. Auditing the code to make sure bad actors can’t cause any harm.
There is no better marketing than social proof so let’s take a look at some of the big names who see the potential that Quantstamp offers.
Back in April 2018, the CEO of Binance and their official account both tweeted about the exchange successfully using Quantstamp services to audit all of their ERC20 tokens. The tweet received a lot of exposure (around 1000 retweets and over 3000 likes at the time of writing) and showed that one of the biggest names in the industry uses their services.
The social proof from Binance is a big deal considering it’s the biggest cryptocurrency exchange at the moment.
It’s hard to find a bigger and more respected crypto company that you can get recognition from. We expect that other exchanges will follow in Binance’s footsteps and become Quantstamp’s customers which will result in an increased price of the QSP token.
#Binance has verified all listed ERC20 tokens are not affected by the Batch or Proxy Overflow Bugs. Thank you @Quantstamp for your assistance in keeping Binance the most secure exchange by efficiently auditing all ERC20 tokens listed.
Read more on Medium: https://t.co/ikfuwYWtI8
— Binance (@binance) April 30, 2018
Another giant of the crypto world who gave indirect support to projects working on improving the security of smart contracts is Vitalik Buterin. In his tweet, he said:
I am deliberately refraining from comment on wallet issues, except to express strong support for those working hard on writing simpler, safer wallet contracts or auditing and formally verifying security of existing ones. — Vitalik Non-giver of Ether (@VitalikButerin) November 8, 2017
If it’s not enough for you to hear that the world’s biggest crypto exchange using Quantstamp and Vitalik expressed strong support for projects working on smart contract security, then that is completely fine. Maybe you’d like to hear an opinion of a non-crypto company? No problem.
How about the fact that Y Combinator accepted Quantstamp into its winter 2018 class?
Yes, the same start up accelerator that spotted gems like Airbnb, Reddit, Coinbase and Dropbox, among many others. Their acceptance rate is extremely low at around 2% so the fact that they gave a green light to Quantstamp means a lot. Their reputation as the world’s best start up accelerator is at stake so they only pick what they consider to be the best of the best.
Quantstamp will be in touch with some extremely knowledgeable people like Avichal Garg, a former Director of Product at Facebook, who they met during the selection process. Meeting other innovators during the Winter Class will be an invaluable experience for the Quantstamp team.
Every self-respecting sheriff has multiple ways of fighting crime. Let’s start with one that was popular during the Wild West era.
The bounty system
In the Wild West, if the law wanted to get its hands on a criminal, it issued bounties and hung them all over the place to let people know that they could potentially get rich if they caught the person. Some bounty hunters were even able to make a living off of the rewards. Of course, the bigger the bounty was, the bigger the incentive of bringing the well-deserved to justice.
Oh, good ol’ America.
If a bounty was particularly high, bounty hunters would sometimes join forces to speed the whole thing up and divide the money among themselves (at least the ones who made it out alive) when the person was captured.
The basic principle of Quantstamp’s bounty system stays the same: if you find a root of a harmful bug, you’ll also get rewarded. In their white paper, Quantstamp estimate that it’s sensible for financially sensitive contracts worth many millions of dollars to have bounties that start in the tens of thousands.
This time however, it’s not the sheriff who sets a bounty, it’s the owner of the smart contract. After all, he’s the one who cares most about the quality of his product or service. This way, he can ensure the level of expertise his code gets would match his needs.
A skilled programmer can earn a decent income purely by finding bugs. Another option that programmers have, just like true bounty hunters before them, is to join forces to obtain an extremely high bounty for a smart contract or a hard-to-find mistake.
Speaking of bug finding, Quantstamp is truly living their motto. They’re already implementing a bounty program for their own services. This is an example of backing their words and declaration by deeds which makes them even more accountable.
Some smart contracts, unbelievably though it may sound at first, might come without any errors to be found in the first place. In such a case, the bounty remains until the end of a set time period and is later returned to the smart contract owner.
It took decades for bounties to become obsolete – we’ve developed far more humane, effective and modern systems of tracking down criminals. In the long run (and we mean a really long run) this is also the plan for Quantstamp. Eventually a transition will take place that in theory will automate the code validation process. No more bounties. No more fear over security.
Quantstamp’s automated audit
Due to their manual nature, tests currently applied during the software development phase are prone to human errors. That is, given the programmers are diligent enough to perform all the necessary tests and not only the dirty ones. Even still, programmers are miles away from providing perfect security which is a must-have for crypto space if we want to go mainstream.
This is exactly where Quantstamp steps in. Here’s how it’s going to work: a developer of a smart contract submits their code via Quantstamp’s website. He’s charged with a certain QSP amount – right now it’s 25. Then he can set the aforementioned bounty. We believe that the automated audits will become a popular go-to solution which will therefore increase the demand for the QSP token and drive the price up.
After the protocol receives the request, validation nodes can start performing security checks to validate the smart contract. For their effort, they are rewarded with QSP tokens. The longer their computation time was, the proportionally higher the reward. Those validation nodes can be perceived as the equivalent of miners of other networks. After reaching a consensus on the number of issues of a smart contract (or lack thereof), a proof-of-audit and report data are generated. Both are written onto the Ethereum blockchain.
Content of a report
According to their needs, the developer can pick between generating a public or encrypted, private security report. As the name suggests, the private report is accessible only to the requester.
This can come in handy when one wants to test his code before actually putting it into use. The public report is moreover available to the public on Quantstamp’s website, where it can be reviewed by anyone who wishes to see it.
These reports are in a human-readable form (at least for the programming humans). Smart contract owners are encouraged to comment on the reported issues, which could be a long and detailed explanation or something shorter along the lines of ‘this issue does not concern us’ or ‘this is a false positive’. The more effort the developer puts into the evaluation of his code, the more confidence (and thereby funds) can be put into a project by the investors.
If you don’t have the required time, need or specific knowledge to read thoroughly through the report, you can rely on an overall ‘trust score’ which will also be included with the report. Its score will be dependent on a combination of the following factors: the results of the security report and the bounty properties (its size, the time it’s been active) and feedback from the community.
That way Quantstamp also creates an easily understandable basis for the smart contracts to be compared.
Proof-of-audit is a hash value that can be compared to the usual hash miners of other networks look for. Bitcoin would be a good example.
The proof-of-audit is generated based on a few things. One of course is the original source code. Thanks to the source code we can be sure that the analysis in the report applies to the very source code you’re looking at; it basically prohibits any possible manipulation between the source code and the report.
Another thing included in the proof-of-audit is the current version of the security library with which the smart contract was validated. This information comes in handy at later stages of development, where more advanced and secure library versions are developed. As an investor you’d like to be sure that the project you consider worthy of your funds was checked by the latest released version.
Naturally, with every new update of the library, a smart contract would need to get re-scanned for potential new vulnerabilities overlooked by the older version. You can think of it as occasional software updates that occur for programs and apps you use every day.
Reaching a consensus
Okay, so you might be asking yourself, ‘What about a rogue node which would try to falsely verify a smart contract only to later exploit its weaknesses?’ That’s a good question, thoughtful reader. To ensure that the above scenario doesn’t happen, Quantstamp’s team have come up with a neat solution.
The short answer is: it’s basically too costly and mathematically improbable to be profitable.
First, the validator nodes, before getting to work, are required to stake collateral tokens to prevent them from trying to behave maliciously (forging audits, intentionally failing to report a bug, etc.). If they do so, their deposits become irretrievable.
Even if one node ‘doesn’t care’ about their deposit – for instance they figure that by letting a bug pass, they could earn much more than their deposit – they still have economic incentive to report the bug. If one node was able to find it, others would be as well. They would then go on to report the bug and claim the bounty, leaving the potential bad actor with nothing. So with this nice application of the mathematical branch known as the game theory, Quantstamp ensures the pointlessness of one node going rogue.
Let’s go one step further and consider what would happen if a few nodes coordinated their actions to let an unsolid smart contract slip. The network requires ⅔ consensus among the nodes to discourage dishonest validators. If it turns out necessary, this number could be altered as well. Who would make the ultimate decision in this scenario? We’ll cover that in a moment.
Another safety measure is taken by distributing various components of the verification problem among the nodes. So even in a scenario of a few coordinated nodes, it is still utterly improbable for those specific nodes to get only the part of the code they’re interested in and all the other, properly functioning nodes to not get that part of the code at all.
This approach also has another point in its favour: the network pursues the most efficient use of computing power it has at its disposal. That too is achieved by dividing different parts of the code among different validators.
Furthermore, if a bug somehow slipped through this range of security measures, Quantstamp is planning to offer insurance plans with cooperation from third party companies.
Once again, the above example emphasises how much they care about relieving any doubts about the safety of using smart contract-based products. This is truly a huge step of mainstream adoption since it makes an average user prone to invest more beyond only the ‘risk’ capital.
The role of the community
Earlier we mentioned possible changes to the quotient of nodes needed for reaching a consensus. You might be asking yourself, who determines these changes or who decides when ‘the right time’ is to release or update the Quantstamp protocol?
The answer is: the community. Every holder of QSP gets to vote and anyone can propose an upgrade to be implemented.
The more approvals a proposal has, the sooner it can be set into motion. If everyone agrees on an upgrade, it can be executed after one hour. For every 5% of members who abstain, the time doubles. And for every 5% voting against, it quadruples.
This system ensures consistency among users, lowers the chance of an upgrade fork and most importantly keeps the whole community of validators and contributors engaged. Admittedly, a strong, supportive community and resulting noticeable social media presence can turn out as important as the team members themselves. Speaking of which…
How many doctors does it take to change a lightbulb?
Silly question. Surely one would figure it out.
Okay, so how about something a little more complex. Say, building one of the most revolutionary tokens on the market? We think that three PhD holders, three PhD candidates and two PhD advisors are more than enough to deliver. It should also be mentioned that most of them have ties to Vitalik Buterin’s alma mater – University of Waterloo.
By no means do we wish to depreciate the insights and hard work of the other team members. On the contrary – we believe that only with combined effort made by talented people with the most various and differentiated backgrounds is it possible to build a project such as this one. And hear us out, this team is truly talented.
After investing and later regretting investing in DAO, Richard decided to take the fate of the cryptospace in his own hands so that people would never again have to experience such loss and regret again. With plentiful experience in designing software handling millions of dollars on European, US and Asian exchanges and applying extreme testing methods, we see Richard Ma as the right man, in the right place, at the right time.
Dr. Vajih Montaghami
Coming from a background of working for giants like Amazon and Google, Vajih is the person with the right set of skills to deal with broadly understood software development for various kinds of problems. He received his degree for working on exactly what Quantstamp considers its main focus – verifying and debugging code.
Evan has been leading product teams for more than 20 years, so we’re confident that he can carry the burden of being the Vice President of Engineering. He was actually the first employee to be hired in 2004 by Odeo – the company behind the creation of Twitter. It’s no doubt that Evan is capable of ‘thinking big’. His job was to help bring QSP auditing demo for YCombinator. Today he remains as an Quantstamp advisor.
The paradigm shift
The early days of crypto, similar to the early days of The Wild West, weren’t really a bed of roses. It’s a place full of both dangers and opportunities for those who know how to navigate themselves through the chaos. But not for long.
The Wild West didn’t stay wild forever. In fact it gave birth to thriving places like Las Vegas and San Francisco. And it eventually became a more tame place that was safe even for unexperienced travelers and newcomers.
Crypto also won’t stay wild forever.
Once it becomes safe enough for the masses to invest more than just their ‘risk’ capital, we’ll witness a gigantic paradigm shift.
Quantstamp is the key player of this shift if not the player. It’s the tool that will bring an easy sleep to the weary. It’s the sheriff that will purge his town of crime.
The time has come to place your bets. The town’s first sheriff has been hired. The first saloon has just opened for business. No one feels secure, no one feels at home.
Not just yet.
But make no mistake – people have always sought a way to feel safe and comfortable. Look at the Wild West now – it’s hardly imaginable that only some two hundred years ago it was one of the more hostile lands on the continent. With the right motivation, will and charisma of the right people it became what it is today: a thriving and vital part of the country – a place that is hard to imagine at one time didn’t exist.
Such will also be the story of crypto. Thanks to Quantstamp and its incredible utility, crypto will become a safe haven for those who seek it. QSP tokens will be bought, sold and used to secure every important smart contract. It’s a beautiful vision. Just make sure to buy in before it becomes a reality.
For more undervalued cryptocurrencies, be sure to subscribe to our newsletter.
ACTION TO TAKE
Want More Badass Content Like This?