Last Updated: 1st November 2018
Quantstamp is a smart contract security-auditing protocol that is designed to produce an ecosystem of secure smart contracts in a scalable and cost-effective manner. Quantstamp was conceived to tackle the financially devastating impact that a bugged smart contract can leave. For example, in June of 2016, a hacker was able to exploit a bug that was contained in the DAO (Decentralized Autonomous Organization) smart contract, and steal approximately $55 million in Ether. Quantstamp aims to ensure that events like this do not happen again, by serving as an auditing-protocol that allows developers to submit and produce more secure smart contracts.
The Quantstamp protocol is divided into two parts, the validation protocol, and the automated bounty payout system.
The validation protocol operates on a distributed network of validator nodes that provide the computing power necessary to run checks on smart contracts. A node that runs checks on a smart contract produces what is known as a proof-of-audit, and is in turn awarded with QSP tokens (audit fees). In order to deter malicious behavior, validator nodes are required to ‘stake’ QSP tokens as collateral before they can audit a smart contract. If a validator node acts in away that is contrary to the protocol, by for example, attempting to forge an audit, or failing to report a bug in a smart contract, their staked QSP tokens will be slashed or deleted. Furthermore, the validation protocol discourages collusion between bad actors by requiring that a two-thirds consensus amongst validator nodes be achieved before the fees of an audited smart contract are released to the corresponding validating node. If a two-thirds consensus amongst nodes is not achieved, then the auditing fees are not paid out. On a final note, individuals operating validator nodes need only provide computing resources, and do not need any prior security knowledge to run checks on a smart contract.
An Ethereum intermediary escrow smart contract is also incorporated into the validation protocol. The escrow smart contract provides transaction security for the fee-paying developer. If the submitted smart contract is not validated by a node, the escrow will either send the QSP tokens back to the developer, or hold the tokens until the security bugs have been identified by a validator node.
For a brief description on how the process works:
Bob, a developer, can choose to submit his smart contract code for a security audit on the Quantstamp protocol. This code can be submitted directly from his wallet, along with QSP tokens. Depending on the security needs of Bob’s program, he can decide how much to pay for the code to be audited. A validator node will then pick up Bob’s request, and then perform a set of security checks to validate Bob’s smart contract code. When a two-thirds consensus is reached confirming that the code has been correctly checked, the validating node receives the auditing fee, and an audit report is produced. An audit report classifies the issues found in Bob’s code, if any have been found, on a severity system from 1 – 10. On the Quantstamp protocol, 1 is a minor warning, whilst 10 is a major vulnerability. If any bugs have been identified by the Quantstamp protocol, Bob is now aware of them, and can now fix them.
Audit Reports & Trust Score
Audit reports are also made visible via Quantstamp’s web-based user interface at qsscan.io. Reports can be made either public or private, with public reports being visible to everyone, and private reports being encrypted with a user’s public key, so that only that user can access the contents of the report. However, once a smart contract is deployed, the once private report is made public, allowing potential investors the opportunity to view the report before committing their funds to the project.
Developers are also able to respond to any security warnings that have been flagged up in an audit report, so that anyone reviewing the report can see if the developer views the flagged bug as an issue or not. This process builds what Quantstamp sees as ‘trust’ between a developer and the reviewer. Quantstamp will compute a ‘trust score’ for each submitted smart contract, which will be based on a variety of findings from the audit report. These findings can include factors such as, the size of the reward offered by the developer, and the feedback given from the community.
Bounty Payout System
The Quantstamp protocol also features an automated bounty payout system. This feature rewards individuals in QSP tokens in exchange for finding errors in a smart contract. Bounties in QSP tokens are live when the source code is submitted to a Quantstamp validator smart contract, which is held in escrow. The bugfinder is awarded the bounty that is held in escrow if they are able to detect any major vulnerabilities in the smart contract code. Validator nodes will run checks on the smart contract in order to validate the submitted bug.
Security Audit Engine
Validator nodes run checks on a smart contract using the Security Audit Engine. The engine takes a smart contract that has not been validated as an input, and performs automated security and vulnerability checks, and also produces the audit report. The time taken to run checks on a smart contract scales with the complexity of the smart contract code. As a result, validation rewards will be proportional to the amount of computing resources that is used by a validator node. It is also important to note that the Security Audit Engine will update as new versions of the engine are released. This encourages developers to revalidate their smart contracts using the most up-to-date version of the engine, ensuring that their code is not susceptible to any newly discovered vulnerabilities.
QSP Token Functionalities
QSP tokens will be used by each Quantstamp participant in the following way:
- Contributors – QSP tokens will be used to financially reward developers that contribute software to the Quantstamp protocol.
- Validator nodes – QSP tokens are rewarded to nodes that contribute their computing resources in order to run checks on a smart contract.
- Bug Finders – QSP tokens are rewarded to individuals as a bounty, in exchange for detecting any vulnerabilities in smart contract code.
- Contract Creators – QSP tokens will be paid by the contract creator, in exchange for getting their smart contract validated.
- Contract Users – According to the Quantstamp whitepaper, contract users will have access to the results of the smart contract security audits. However, it does not mention if contract users will have to use QSP tokens in order to access the audits.
- Voters – QSP tokens allows any QSP holder to participate in the protocol’s governance mechanism.
The Quantstamp protocol has been designed to be an upgradeable protocol that is contingent on a governance model in which QSP token holders are entirely in control. A time-locked multisig system is used to govern upgrades. Under this system, an upgrade can be initiated by any member of the Quantstamp ecosystem. The more approvals the proposed upgrade receives, the quicker it can be implemented. An upgrade that is approved by all members is executed after one hour. This execution time will double for every 5% of members that do not vote, and quadruples if they vote against a proposed upgrade.
The Future of Quantstamp
The problem that the Quantstamp protocol is attempting to solve is critical to ensure the future development of the cryptocurrency space. There are increasing instances of hackers exploiting bugged codes and pilfering funds. Although Quantstamp does not claim to produce 100% secure smart contracts, they are taking the first, and most important step in ensuring that smart contract code is as secure as possible. If successful, Quantstamp will have produced a secure ecosystem of smart contract development.