Quantstamp ICO

in quanstamp •  7 years ago 

In this post I will try to explain what quantstamp is, how it works, and the problem it is trying to solve.

What is Quantstamp?
Quantstamp in a nutshell is a decentralized security audit platform for smart contracts.
Quantstamp will use automated methods and decentralized bug bounties to help audit, protect, and find vulnerabilities in smart contracts.
Quanstamp will mainly focus on Ethereum Solidity based smart contracts for now, but will expand to support all types of smart contracts.

Problem Quanstamp solves?
Smart contract code will never be bug free, but qstamp can help mitigate the risks of smart contract deployment by using an automated security library.
Prior to Quanstamp, smart contract code is reviewed manually and may only be tested with the developers unit tests.
Having an automated approach to finding bugs/vulnerabilities in smart contracts makes the inherent risks of deploying a smart contract less human error prone.
The public perception of having a smart contract audited this way, will set a standard for all future developers writing smart contracts.

Whats the goal Quantstamp?
Essentially to Add another layer of security and to help deploy better code that the public can trust.

How does the process of Quanstamp work?
Quantstamp makes use of APIs, Quanstamp Network, and Security reports.
Let's go through a workflow of how this might work in a real scenario:

  1. Project/Developer uses qstamp automated platform to audit their smart contract:
    a)Developer calls qstamp's APIs to audit their smart contract.
    b)Developer puts a bug bounty on the smart contract for independent hackers to verify.
    c)Developer chooses between a public or private security report.
    d)Private reports are encrypted using the public key of the smart contract. Can only be decrypted using their own private key.

  2. The audit is broadcasted out to the Quanstamp Network:
    a. QSP token bounty for this audit is broadcasted through the QN network
    b. QN broadcasts the audit request, miners/verifiers perform a set of security checks to earn the bounty.
    c. These security checks are finalized through dentralized consensus
    We can think about it from a bitcoin perspective, except validation is finding some vulnerability using the security library a node runs.
    Similiar to how bitcoin miners solve the hash and then broadcast that solution out to all the other nodes to verify, which then leads to consensus

  1. Qstamp's automated platform security library will do an audit of the smart contract and return a security report
    a. The security report will classify issues based off severity 1-10 (minor to major)
    b. The security report can be viewed via a web portal hosted by qstamp (qsscan.io)
    c. The security report will contain information about the vulnerability, but not too much information so that malicious hackers could use it at leverage to break a smart contract.
    d. After security report is generated the developer can publicly respond with feedback to address the found issues.

Miners for the qstamp network are called verifiers.
-The goal of the miners/verifiers are to participate in the network by adding transactions to the chain
-Verification and certification of smart contracts is essentially a math problem that a miner needs to solve, similar to bitcoin mining.
-Miners/verifiers need to produce proof or an example of the vulnerability to receive the bounty reward hosted by the company/project that created the smart contract.
-The first miner/verify to find that vulnerability will be the one that gets paid
-Similar to how bitcoin mining is a race also.

The Security Library:
-Qstamp platform rewards miners/verifiers in the network for running the automated checks on smart contracts.
-These automated checks are part of a security library that qstamp will build and maintain.
-Overtime as more vulnerabilities are found this security library will grow and only make code better in the future.
-Platform also rewards independent white/blackhat hackers to find other vulnerbilities not found by the security library.
-The security library itself will act like an antivirus or firewall.
-The library will need to have major/minor updates.
-Upon the release of a new version of the security library, developers can have the option of re-verifying their contracts using a subscription payment model.

Working product?
-Qstamp has already a proof of concept that was tested by the Request network.
-Qstamp is also working with famous youtube ICO reviewer Ian Balina on auditing his smart contract.

Team?
-The team is very solid with many of them graduating from top tier schools as well as PHD degrees
-The CTO of the team has had previous experience in the Canadian Department of Defense.

Overall I feel very confident in Quantstamp and what it aims to deliver.
Vulnerabilities in smart contracts has cost investors millions of dollars.
As the quantstamp platform and security library grows, smart contracts will only become better and more secure overtime.

Thanks for reading!
More info can be found here:
https://quantstamp.com/

quanstamp ico
7 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.00
    0
    Authors get paid when people like you upvote their post.
    If you enjoyed what you read here, create your account today and start earning FREE STEEM!