Though the workforce is specializing in Ethereum now, they’re building the Quantstamp protocol in a way that’s platform agnostic. This implies that it may possibly eventually be used on different smart contract platforms like Lisk and NEO. The Quantstamp protocol has a -pronged approach to safety auditing:
Automated software verification system
Automated bounty payout system
Quantstamp’s Validation Node applies audit techniques from formal methods submitted by Contributors. These methods embody safety checks equivalent to concolic tests, static analysis, and symbolic execution as well as automated reasoning instruments like SAT and SMT. As a reward for submitting verification software, contributors (who’re primarily security specialists), obtain Quantstamp Protocol (QSP) tokens.
To make sure no bad actors are submitting malicious validation software, Contributors must be voted in according to the governance mechanism (more on this later).
Running the Validation Node takes a significant quantity of computing power. Because of this, Validators also obtain QSP cost for providing computing power to the network. To ensure that Validators don’t act maliciously, they need to stake their QSP tokens to earn their reward.
As a developer, you want to deploy a smart contract on Ethereum. Considering you don’t want to go down in history because the man who lost hundreds of thousands of individuals’s cash, you’ve your contract audited. To take action, you ship your smart contract, with the supply code within the data field, directly out of your wallet to Quantstamp, together with QSP tokens with the transaction. On the subsequent Ethereum block, Validators perform safety checks. After they attain consensus, they append the proof-of-audit and report data to the next block.
You’ll be able to select whether your safety report is made public or private.
UPDATE: It seems as if, now, the Quanstamp group additionally offers handbook audits in alternate for ETH or USD.
Once you submit your smart contract for auditing, you also include a set of QSP tokens for bounty rewards and a deadline for when Bug Finders can submit issues. The bounty deadline reward size is as much as you. If the deadline passes with no discovered bugs, the QSP bounty reward is returned to you.
Quantstamp doesn’t assure flawless code after this process, however they do guarantee users that the automated testing and crowdsourced bug-hunting greatly reduce issues.
QSP token holders management protocol, validation smart contracts, and Validation Node upgrades. The governance mannequin makes use of a time-locked multisig in which any token holder can propose a change. The more votes a change has, the quicker it occurs. Changes approved by all members occur within an hour. This time doubles with each 5% of members that don’t vote and quadruples for every 5% that vote towards it.
Earlier in 2018, Quantstamp implemented an in-house Proof-of-Caring system to reward community members and loyal QSP token holders. Once you submitted your proof, you’d receive an airdrop from an ICO that Quantstamp has audited. This proof consisted of holding your tokens in a wallet (not an exchange) for a certain period of time, contributing to social media outreach, and/or any other neighborhood activities.
The Quantstamp workforce has since ended this program and no longer rewards neighborhood members with ICO airdrops. It’s been some extent of contention in the community.
Quantstamp Team & Progress
The Quantstamp staff consists of 30+ members and advisors with over 500 Google Scholar citations. Steven Stuart (CTO) and Richard Ma (CEO) founded the staff in June 2017. Stuart worked 5 years in Canada’s cryptologic company within the Division of National Protection and beforehand founded Many Timber, a start-up that uses GPUs for Big Data analytics and machine learning. Ma built production-grade integration and validation testing software on the Bitcoin HFT Fund. During his time there, his trading systems had no notable issues and dealt with thousands and thousands of dollars in funding capital.