What is Quantstamp?
Quantstamp is a security auditing protocol for securing smart contracts. The team is currently focused on securing the Ethereum’s application layer. It offers a unique suite of features to audit smart contracts by launching:
• Decentralized network that uses validator nodes to achieve consensus and verify transactions;
• Security library for Solidity;
• Application Programming Interface (“API”) for Ethereum; and
• Adaptable, modular, platform-agnostic design.
In the future, Quantstamp aims to expand their security library to support programming languages other than Solidity, and Quantstamp’s API may be implemented for other platforms.
Quantstamp’s Protocol
This protocol is used to perform a security audit on all the smart contracts on the Ethereum network. It consists of two key components:
• Automated and upgradeable software verification system; and
• Automated Bounty Payout system.
Automated and upgradeable software verification system.
The core utility of this system is to enable automated audits without any manual intervention. It uses a security audit engine and security library to run the security and vulnerability checks on the smart contract. Both the security audit engine and security library work in tandem to deliver a systematic check on the smart contract. Within the security audit engine, there are several software verification and automated reasoning tools to indicate the types of checks to perform and codes to verify. These tools are built upon well-founded academic studies.
Automated Bounty Payout System
The automated bounty payout system rewards human participants for detecting errors in smart contracts. While the main objective of Quantstamp is to achieve full automation in the near future, this is currently not possible. Thus, the purpose of this system is to bridge the gap while moving towards full automation. This incentive is to attract experts such as white or black hackers to report vulnerabilities in the smart contract. It automatically rewards the user once a pre-defined set of parameters is fulfilled.
Prisoner’s Dilemma
The key tenet of the automated bounty payout system can be easily understood by examining the prisoner’s dilemma. Prisoner’s dilemma is a widely used game in the game theory to explain a paradox involving decision analysis. An example in relation to the Quantstamp’s bounty payout system can be illustrated as such:
For example, Project A decides to offer a bounty of US$100,000 over a 14 day timeframe for any third party to report bugs on its smart contract. Hacker A discovers a critical bug on the 2nd day that he could potentially exploit for an estimated gain of US$1,000,000. Now, he has the option to exploit the bug after the 14 day timeframe or report the bug immediately. If Hacker A chose the former, he runs the risk of having other hackers discovering and reporting the bug before the 14 day timeframe thereby negating any possible gains. As such, it is more likely than not that Hacker A will report the bug to get the bounty of US$100,000.
Why is Quantstamp
Worth Investing?
The key target market for Quantstamp is the Ethereum platform because majority of the ICOs are built on it. Moreover, Year 2018 is anticipated to be a huge year for Ethereum, with scaling and energy issues to be addressed through the implementation of Casper and Plasma. As Ethereum becomes more
successful, the number of new smart contracts increase as well. Currently, there are no defined standards in the cryptocurrency space when it comes to security. As such, new or existing smart contracts may be fraught with hidden vulnerabilities that could result in huge monetary losses and slow mainstream adoption. Also,
with the recent spate of security breaches, the demand for code audits will only increase in the coming months. Since Quantstamp positions itself as an automated audit platform, it is in a favourable position to meet the growing audit demand and set the appropriate security benchmark for existing and future smart contracts. Audit demand will similarly increase the need for Quantstamp’s tokens as the bounty and audit requests can only be paid in Quantstamp’s tokens.
Community
Quantstamp has garnered the support of over 18,000 members in its telegram channel till date, making it one of the biggest and fastest growing communities in the cryptocurrency space. Additionally, the selection of pre-sale participants through their unique Proof-of-Caring screening process has enabled many prominent community leaders to become stakeholders. This project has also established a strong presence in the Internet, which primarily stems from the powerful word of mouth of the vested investors.
Efficiency
Quantstamp announced 2 major exchange listings 2 days after their ICO was concluded - Huobi (popular Chinese exchange where cryptocurrencies can be bought in RMB) and Binance. In comparison, another project that has garnered a lot of attention, has still yet to complete their token distribution more than 2 months into their ICO. In this fast-moving space, many projects have been sidelined by either slow development or lack of exchange listings and media exposure. It appears that Quantstamp’s team is heading in the right direction by delivering results right at the onset of the project.
First Mover Advantage
As previously discussed, security, or the lack of it, is a major concern for Ethereum’s advancement as a platform. The identification of whether the coding error lies in the user, the specific smart contract or on Ethereum’s coding is secondary. The primary focus is to have a means to perform checks to ensure that smart contract’s vulnerabilities are addressed in a prompt manner. Being the only cryptocurrency that has a functional product and proof of concept to audit smart contracts, Quantstamp could potentially emerge as the market leader for securing smart contracts.
Team
The Quantstamp team is a star studded cast of engineers, developers and programmers, with most of them holding academic qualifications in the field of computing and engineering. Notably, there are 3 PhD holders on the team, with an additional 2 highly experienced security engineers coming on board. Moreover, the advisory board is filled with high calibre industry specialists such as Evan Cheng who is the director of engineering at Facebook, David Park who is the product manager of Facebook, Dr. Vijay Ganesh who is a computer engineering professor at the University of Waterloo and Chris Miess who is the former Chief Financial Officer of TenX.
Key Concerns
Ethereum
The demand of Quantstamp is strongly co-related to the progress of Ethereum since the project has yet to become a language and code agnostic platform. If things were to go south for Ethereum, it would surely affect the demand of Quantstamp. Furthermore, as the development of blockchain technology is still at its infancy, Ethereum could be replaced by newer generation of blockchain concepts.
Nature of audit
There is always a gap between the public perception of audit and the nature of audit. The public expects audit to be a guarantee that the audited smart contract remains free of all vulnerabilities while the nature of audit cannot or will not uphold that level of standards. As such, any serious breaches that occur after a smart contract is being audited by Quantstamp may result in severe reputational damage.
Rate of development
As Quantstamp is a newly launched ICO, most of the development will only be completed in 2018. It is highly likely for future entrants to enter the market and compete for market share from now till then. Furthermore, it remains to be seen if the team can fulfil the product development’s deadlines stipulated in the website and whitepaper.
Competitors
Quantstamp faces competition from traditional auditing firms such as Zeppelin Solutions (“Zeppelin”) and Hosho.IO. In particular, Zeppelin has conducted multiple audits for various projects running on the Ethereum platform and stands as the greatest challenge in terms of competition. While Quantstamp is gathering positive momentum with the help of its community, it has to deliver audit results with speed as well as efficiency before they can claim market dominance as the premier smart contract auditing firm.
Conclusion
Security is one of the priority concerns that is holding Ethereum back from mainstream adoption. Unlike centralized systems, where rollbacks and compensations can be exercised when coding errors occur, there are no such functions in a decentralized blockchain, which is purposefully intended to be tamper-proof with no single point of failure or control. The advent of security audit is an opportune time for creators of smart contracts to improve their level of security. Zeppelin is currently leading in this security race although Quantstamp has the first mover advantage in launching its own cryptocurrency.
However, I believe that Quantstamp’s unique proposition of automating the audit allows it to scale efficiently and effectively within a short span of time. Together with its strong leadership and community, Quantstamp is well poised to be the market leader in this field. Having said that, Quantstamp has to navigate quickly in this territory, and at the same time ensure that the audits are conducted to a high standard where any vulnerabilities, significant or not, are clearly documented in the audit reports to avoid possible repercussions.
I are extremely bullish about Quantstamp’s medium to long term prospects as this project solves a critical problem using an innovative approach. It has the potential to become one of the top 10 cryptocurrencies. Thus, I believe that Quantstamp’s current market valuation of less than US$100 million is undervalued with excellent upside potential.