Quantstamp ICO Token Sale Summary

The Rise of Inital Coin Offerings

According to statistics published by Coindesk  we are currently witnessing an exponential rise in fund raising through  Initial Coin Offerings (ICO), with $662.85 million raised in September 2017  alone. 

coindesk.com

Sadly this paradigm shift has been closely mirrored by a steep rise in revenue from cyber crime as can be seen in these figures published by Chainalysis.

chainalysis.com

  

Chainalysis estimate that a total of $103 million was stolen from 11,000 victims in the first eight months of 2017 solely by exploiting code vulnerabilities.

Many ICOs make use of Ethereum smart contracts to mint their token supplies.  A smart contract is code which can be deployed to the blockchain by a developer and subsequently used to conduct transactions or perform specific actions. 

The Ethereum blockchain platform provides a decentralised Turing complete Virtual Machine (EVM) which is designed to serve as a runtime enviroment for smart contracts. Through programming languages such as Solidity, developers are provided with the ability to perform looping and branching statements together with local state storage.

As reliance on smart contracts for handling and transferring assets increases, it becomes more and more important for the code to execute as intended and be secure against malicious actors aiming to steal or tamper with them. Unless smart contracts can become more secure and reliable, more widespread adoption remains problematic.

Systematic Approach to Security

Clearly a more systematic approach to smart contract security would be a big step forward. Several new companies have emerged offering specialised security audit services for the cryptocurrency space. One such company is Quantstamp who plan to hold their own ICO in November to raise funds for a comprehensive smart contract auditing system to be delivered in spring 2018.

The Quantstamp team are aiming to release, in their own words, 'the first decentralized smart contract security-audit platform'. They plan to provide automated tests for common vulnerabilities as well as a bounty program to foster a community able to rigorously test contract code before it is deployed onto the blockchain for public use. Their stated focus is to create a cost effective, scalable and secure auditing process.

The audits are designed to produce detailed reports which developers can use privately to detect and correct potential oversights in their contract code. Privacy can be maintained by encrypting reports using the contract's public key. 

Once a smart contract is deployed the final report can be permanently linked to the contract code and made accessible to the wider public, thus also allowing end users to confirm that security testing has taken place. Public reports include a cryptographic hash of the source code so that if any changes to the code have taken place since the test it will be immediately apparent.

The Quantstamp network will act as a decentralised database in which reports generated by the platform are stored. The data can only be updated through network consensus which prevents malicious interference or situations requiring a trusted third party.

Quantstamp Platform (QSP) tokens will be used as a form of payment to access the platform and pay bounties for code reviews. When a new smart contract is submitted to the network by a developer a bounty bid is attached which can range from small amounts for simple automated tests to much larger sums designed to attract testers with a higher level of expertise. Developers will be able to specify how long a bounty should be available for and after that time any unclaimed bounty will be returned.

Project Team

Co-founders Richard Ma and Steven Stewart have assembled an impressive looking team of engineers mostly made up of current and former PhD students from the Canadian university of Waterloo, among them a former Microsoft research intern, a former Google intern who went on to work for Amazon and a former Barclays and Samsung mobile India engineer.

The project advisors include Facebook director and former Apple manager Evan Cheng and two professors from Waterloo.

Prototype

Quantstamp have released a sample test on their GitHub site which generates a syntax tree from solidity contract code that is subsequently analysed for public methods that modify private variables and potentially unsafe delegatecalls. They have also published the report from their security audit of the recent Request ICO's smart contract carried out by the CTO and two engineers.

Token sale details

The public sale for Quantstamp's 'QSP' Ethereum ERC20 token will take place in November.

650,000,000 QSP will be available to the public from a total supply of 1,000,000,000 QSP.

The soft cap is $3M,hard cap $30M.

Of the remaining 350,000,000 QSP, 200,000,000 tokens will be distributed to the team and advisers on a long term vesting schedule.

The other 150,000,000 are intended as a reserve and for community development.

Tokens will be distributed 7 days after the public sale. Unallocated tokens will be burnt.