is a company building a smart contract auditing platform. The Quantstamp network will consist of validator nodes running tests against smart contracts, reaching consensus about the results, and producing audit reports from those results.
Quantstamp is also a network protocol, and there’s an ERC-20 token associated with the project trading by the symbol QSP. This token is used in the system to initiate audits and to reward participants, but more on that later. Let’s take a look at the protocol first.
Quantstamp’s stated goal is to create a protocol that can someday be merged directly into the Ethereum codebase. This protocol is basically a meta-protocol riding on Ethereum. That is to say, Ethereum network handles the transaction detail and publishing of blocks, and Quantstamp handles all logic for the security audit function.
There’s not much detailed information at this time due to the early phase of this project, so most of this terse description is based on their white paper, which is far better than most I’ve seen. Said white paper is hosted on a 3rd party site however, which is allowed to collect email addresses and set trackers, so I’m not going to link to it.
WHY DO WE NEED THIS?
Essentially, the Quantstamp network will run automated tests against a given smart contract and produce a report, along with a proof of audit. This testing is performed by validator nodes, which are tricked out Ethereum nodes. The Quantstamp protocol is designed to ensure that malicious nodes cannot behave in the way dishonest human auditors can; e.g. withholding knowledge of security flaws in order to exploit or sell later.
They discuss formal verification techniques for smart contract analysis, as I suppose one does when in Waterloo. The idea is for a validator node to basically act like a hostile solidity compiler. The program code is parsed, a symbol tree is constructed, then the kung-fu begins. The power of this approach comes not only from the fact that they can eliminate bad actor scenarios like described above, but there are testing methods that are hard to perform for humans but for which there are efficient algorithms.
Finally there is a need for a standardized audit function. If big money is going to be controlled by smart contracts, it will flock to those contracts that can offer reassurances users about the level of risk. A Quantstamp audit report will typically be available for public review.
So this project is solving a real need – there is an inherent vulnerability exposed whenever you hire a company to review your code for security issues. Quantstamp validator nodes will perform redundant tests to prevent hiding discovered flaws. By offering both an automated version of standardized testing and testing methods that are not feasible or practical by other means this project offers a better solution than currently exists.
WHO USE IT AND HOW?
There are 6 user roles in the Quantstamp network, described in the white paper:
Smart contract developers call the Quantstamp smart contract
audit() function, sending the contract code along with QSP to finance the audit, and optionally include QSP to cover bounties.
Programmers can contribute to the Quantstamp codebase, and security researchers can contribute tests to run. These contributors are rewarded with QSP tokens.
Validators are rewarded in QSP tokens for running a node on the network.
Bug finders are rewarded with tokens if the bounty rewards were sent by the smart contract developer. After the tests have run and the report has been generated, the bounty remains and can be claimed by finding a specific example.
Hodlers will have voting ability, and control changes and upgrades – this is at the heart of the governance model.
Audit results can be viewed by any users for free before using or sending tokens, assuming the report is not encrypted.
RUNNING A VALIDATOR NODE
The security audits will be performed by what are referred to as validator nodes – analogous to miners in Ethereum. When a developer submits a contract for audit, the Quantstamp smart contract signals the validator nodes to begin on the next block. Nodes will then run tests against the code and when consensus is reached, produce a Proof of Audit (POA) along with a report, and are rewarded in QSP.
Both the POA (or the hash thereof) and report are published to the blockchain, but the report may be encrypted with the contract creator’s public key. This is the result of a choice developers are given when calling the smart contract to choose either a public or private security report, for reasons that should be obvious.
I have some questions about validator node operations, but I suspect they’ll be answered by April, when the project timeline shows they aim to launch their alpha version to a testnet. That should give us a feel for how busy they are, how many tests get run, how fast, and so on.
You can run the validator code on a local machine, but they expect it to be far easier to let the more capable servers running as validator nodes do the heavy lifting instead. Check out the Github code for the demo:
Malicious nodes must be prevented from forging audit results, concealing results in order to profit later, or colluding with other nodes to harm the network. Preventing fraud is a requirement for 2/3 of the nodes to agree on a result before considering it valid.
It’s not yet clear how testing can be segmented into tasks most efficiently, and this optimization may take time to figure out. The network must be fault-tolerant, since malicious nodes may well pose the greatest threat to Quantstamp.
An ongoing battle will need to be waged against bad actors looking to secretly find and exploit vulnerabilities in existing smart contracts by testing against new test libraries. The team discusses some strategies which generally boil down to not providing public access for some time interval.
According to their roadmap, the network should be running on mainnet by August of this year! What a boost to the state of smart contract development and safe utilization.
Their roadmap shows an interest in becoming a player in the insurance market as well. This is surely the best use case for new projects to pay for an audit – in order to secure insurance to protect investors against the downside risks inherent in tying real money to smart contract programming environments, languages & frameworks, and programmer logic.
Hopefully Quantstamp will avoid straying far from the audit function. To do otherwise jeopardizes their objectivity, potentially undermining the trust in their platform. At least, the incentives are misaligned if the same player is involved in performing the audit and involved in the underwriting.
Will Quantstamp become the quality assurance mark that all projects strive for, and all investors demand? Will it become part of Ethereum core? Will it branch out and grow a collection of test library code for contracts running on EOS, Lisk, NEO, and other blockchains? Stay tuned to see the progress on this exciting project!
Full disclaimer: I own some QSP tokens because I think the project has great potential. I tried to present this project in an objective way, but I do hope it succeeds. Please do not consider this to be investment advice. I have no idea if this is a good investment for you.