Deadline for KYC for presale is on November 5th.
People are notified of tier status between November 5th - 7th.
Presale contributions start on November 5th and ends November 9th.
Main sale is scheduled for Nov 18th - Nov 25th.
Quantstamp is a security verification protocol for smart contracts that improves the security of Ethereum. The advantages of the security protocol include automation, trust, governance, and ability to compute hard problems over a distributed network.
Quantstamp will be offering a unique suite to enable smart contracts by launching:
- A decentralized network that uses validator nodes to achieve consensus and verify transactions.
- A security library for Solidity, the programming language.
- An implementation of the Quantstamp API for Ethereum.
- An adaptable, modular, platform-agnostic design.
In the future, Quantstamp aims to expand their security library to support programming languages other than Solidity, and the Quantstamp API may be implemented for other platforms.
BACKGROUND.
Blockchain networks are secure but smart contracts are not. In June 2016, a hacker stole 55$M in Ethereum coins from the DAO due to a bug in its smart contract’. In July 2017, another hacker stole over $30M in Ether from crypto companies due to a one word bug in the smart contract code in the Parity multi-sig wallet. Security issues like these are a serious impediment to wider adoption of the Ethereum network because they erode trust in smart contracts.
Current efforts to validate smart contracts are inadequate. Engaging security consulting companies require human experts to audit smart contracts. This process is expensive and error-prone. Also, relying on a single company requires trusting that no bad actors exist in the company. A distributed system relying on consensus among many different actors is far more secure.
Security audit processes that rely on human experts cannot keep up with the exploding growth rate of smart contract adoption. Between June 2017 and October 2017, the number of smart contracts grew from 500K to 2M. Within a year, it’s expected that there to be 10M smart contracts. This will create an exponential increase in the demand for auditing. There aren’t enough security experts in the world to audit all smart contracts today, and this shortage will be even more acute in the future.
The potential costs of smart contract failures will also grow. As of October 2017, about $3.2B (11M ETH) was locked in smart contracts. The number of dollars locked in smart contracts will grow exponentially as Ethereum network and smart contract adoption grows. The potential cost of smart contract vulnerabilities will grow commensurately.
The Quantstamp protocol solves the smart contract security problem by creating a scalable and cost-effective system to audit all smart contracts on the Ethereum network. Over time, it’s expected that every Ethereum smart contract will use the Quantstamp protocol to perform a security audit because security is essential.
HOW IT WORKS.
The Quantstamp protocol consists of two parts:
- An automated and upgradeable software verification system that checks Solidity programs. The conflict-driven distributed SAT solver requires a large amount of computing power, but will be able to catch increasingly sophisticated attacks over time.
- An automated bounty payout system that rewards human participants for finding errors in smart contracts. The purpose of this system is to bridge the gap while moving towards the goal of full automation.
Suppose a developer plans to deploy a smart contract written in Solidity on Ethereum. There is substantial risk when writing code that accesses a monetary system, and the developer must be careful to ensure that no funds are lost due to vulnerabilities.
To minimize risk, the developer submits his code for a security audit via the Quantstamp Ethereum smart contract directly from his wallet, with the source code in the data field, and by sending QSP tokens. Depending on the security needs of the program, the developer can decide how much bounty to send. Then, the smart contract receives the request, and on the next Ethereum block validation nodes perform a set of security checks to validate the smart contract. Upon consensus, the proof-of-audit and the report data are added to the next Ethereum block along with the appropriate token payout.
The report classifies issues based on a severity system from 1-10; a 1 is a minor warning, a 10 is a major vulnerability. From that point on, if a serious vulnerability is not immediately detected, the bounty remains until the specified time has elapsed. At the end of the time period, the bounty is returned to the developer who requested the audit.
When requesting an audit, the developer chooses a public or private security report. Private reports are encrypted using the public key of the smart contract and can be decrypted by the owner/developer. The developer and the public can access a web portal called qsscan.io to review any security report. The portal parses the information in the data field of the transactions via the Quantstamp smart contract, and displays it. By using the proof-of-audit hash, security reports viewed by the public exactly match the audited source code to prevent manipulation of report results.
A developer can perform security audits on a local machine prior to issuing a public audit, but may find that the computational overhead is too high. Quantstamp validator nodes are likely to have greater computational capacity in terms of memory and processing cores than the average developer’s machine. In the same way, by aggregating the power of human hackers with a large bounty, the project is able to greatly surpass the coverage of a standard code review. Once the code is ready for deployment, the developer is ultimately motivated to produce a public security report in order to give users the reassurance that a decentralized security audit was performed.
When a security report identifies issues found within a smart contract, the developer can publicly annotate qsscan.io with feedback. This gives developers the power to flag false-positives in the report, and the community can validate the annotations.
Quantstamp does not guarantee flawless source code, but provides a much higher degree of assurance that the code is secure by using both automated and crowdsourcing methods. The Quantstamp team commits to continuously engage in research and development, making regular improvements to the security library. When there are new releases, developers can re-audit their smart contracts, demonstrating their commitment to securing code and increasing public confidence.
Non-developers will have more confidence in projects because they can see whether smart contract developers have audited their code, as well as which version was audited.
USE CASES.
Developers, Entrepreneurs, Businesses, Organizations and Individuals utilizing Smart contracts and Ethereum. Smart Contract makers will use Quantstamp as a validation tool. Secondary customers will look for Quantstamp to ensure quality control.
QSP USES.
Various participants in the Quantstamp protocol use QSP tokens to pay for, receive, or improve upon verification services:
- Contributors receive QSP tokens as an invoice for contributing software for verifying Solidity programs. All contributed code will be open source so that the community can have confidence in its efficacy. Most Contributors will be security experts. Contributions are voted in via the governance mechanism.
- Validators receive QSP tokens for running the Quantstamp validation node, a specialized node in the Ethereum network. Verifiers only need to contribute computing resources and do not need security expertise.
- Bug Finders receive QSP tokens as a bounty for submitting bugs which break smart contracts.
- Contract Creators pay QSP tokens to get their smart contract verified. As the number of smart contracts grows exponentially, demand from Contract Creators is expected to grow commensurately.
ROADMAP.
HOW ADVANCED IS IT?
The project already has a working prototype.
They have already completed a security audit for the Request Network.
SIMILAR PROJECTS.
Solidified.
Solidified is a platform for crowd-sourced review of smart contracts, where any developer can bring their contract for a comprehensive quality review with a large network of verified blockchain experts. Developers and stakeholders are helped to confirm the quality and security of their smart contracts in a transparent, affordable way.
HOW IS IT DIFFERENT FROM OTHER PROJECTS IN THE SPACE?
Automation of the software verification system that checks Solidity programs.
USER REVIEWS.
[This is one project with a very neat fund planning, this project is needed many people. the concept is really good, I’m very interested to follow the next development, and very waiting for your promotional programs, such as bounty, hopefully growing well, good luck]
[I joined the Quantstamp Telegram group and read the Whitepaper in more detail, and I’m really excited about this project as I feel that issues like security and privacy are extremely important. It looks like they have a great team in place (including advisors) and I hope I will have the opportunity to invest in and support this project. The token sale contribution cap is $30 million and they are looking to have the crowd-sale in mid to late November although this is not confirmed yet.]
[Solution to a Genuine Problem – I used to rely on the project’s whitepaper, website, linkedin, google, youtube reiews, bitcointalk forum, github reviews, etc. to verify if all legit. Most can be understandable but the executed technical smart contract codes / language. Bounty has been a good option so far to get it manually checked by members with high credibility but to me as an investor, still there is an unavoidable grey area. The error might be intentional / unintentional but if incase, I will be talking about real money that’s lost / made. Now with Quantstamp, I will be at peace of mind.]
[Most of the projects are either a concept or with MVP. Here, I can find that it not only has a working product but a tested and proven one with upcoming ICO – request network. With the all star team, advisors, immediate requirement and use case, I personally see Quantstamp at the horizon of success already.]
[Considering the token matrix and project as a whole, ICO market cap and $ per token seems to be very low creating immense profit possibilities to investors who will be qualified for pre-sale and crowdsale. I would like to congratulate and thank for such an awesome project and will contribute my part wherever possible. I am definitely in and in the future deserving projects verified by Quantstamp.]
[How many % discount will be on presale ?]
[Presale rates are stated below, based on the proof-of-care level awarded.
Caring level 1 ($3M): 1 ETH = 10,000 QSP (unchanged)
Caring level 2 ($4M): 1 ETH = 7,000 QSP
Caring level 3 ($4M): 1 ETH = 6,000 QSP]
[This is exactly my criticism on the ICO. The project is great, but the token pricing should be fair for the community. Otherwise for those getting 40% less tokens, it may be wiser not to participate and wait for exchanges because there will be some dump that will cause it go below ICO price.]
[It really is a very interesting and much needed project, however my only worries are using human participants to find the errors in smart contracts;
- Humans are prone to errors which is what we are trying to protect the smart contracts from in the first instance. Whats to say there wouldn’t be another human error in overlooking or missing certain loopholes. The relief for this is that the Quantstamp system will continually build towards automation as it matures.
- The prisoner dilemma theory. What is to say the verifier that find a loophole in a Smart Contract does not exploit the loophole themselves. Quantstamp hopes that the knowledge that another verifier can close the loophole and claim the bounty will be enough to avoid the dilemma for verifiers. Lets hope this stands to be true!]
[Why does Transparent Security Audits need token?Is it necessary?It doesn’t seem to be a big market.]
[As far as I understand, a program will be developed to find the bugs of projects with open codes in GitHub. It is a good idea. It is a process that takes hours to manually check codes.]
[I only recently heard about Quantstamp, but the team looks pretty solid and their idea to audit smart contracts would be an important function for all kinds of transactions on the blockchain. With their Proof of Caring they are hitting a home run, marketing wise - it makes all of us show how we care and incentivises us to really read the white paper. Let’s only hope this retains space for criticism and doesn’t become an eco chamber of sorts.]
[I’m glad I participated in a PoC pre ICO. I’ll never do it again. Worthless flooding of forums and FB groups and I didn’t even get a email back to confirm anything. Whatta big fat waste of my time and effort.]
[Is this only necessary for the Presale or will the ICO be proof of care too?]
[This is just for presale]