Although the staff is focusing on Ethereum now, they’re building the Quantstamp protocol in a way that’s platform agnostic. This means that it may possibly ultimately be used on other smart contract platforms like Lisk and NEO. The Quantstamp protocol has a two-pronged approach to security auditing:
Automated software verification system
Automated bounty payout system
Quantstamp’s Validation Node applies audit strategies from formal methods submitted by Contributors. These techniques embody safety checks equivalent to concolic tests, static analysis, and symbolic execution as well as automated reasoning instruments like SAT and SMT. As a reward for submitting verification software, contributors (who’re primarily security consultants), obtain Quantstamp Protocol (QSP) tokens.
To make sure no bad actors are submitting malicious validation software, Contributors have to be voted in based on the governance mechanism (more on this later).
Running the Validation Node takes a significant quantity of computing power. Because of this, Validators additionally obtain QSP payment for providing computing power to the network. To ensure that Validators don’t act maliciously, they must stake their QSP tokens to earn their reward.
As a developer, you need to deploy a smart contract on Ethereum. Considering you don’t want to go down in history because the man who lost thousands and thousands of people’s money, you have your contract audited. To do so, you ship your smart contract, with the source code in the data discipline, directly from your wallet to Quantstamp, including QSP tokens with the transaction. On the next Ethereum block, Validators carry out security checks. After they reach consensus, they append the proof-of-audit and report data to the following block.
You possibly can select whether your safety report is made public or private.
UPDATE: It seems as if, now, the Quanstamp team additionally presents handbook audits in change for ETH or USD.
If you submit your smart contract for auditing, you also embrace a set of QSP tokens for bounty rewards and a deadline for when Bug Finders can submit issues. The bounty deadline reward size is as much as you. If the deadline passes with no found bugs, the QSP bounty reward is returned to you.
Quantstamp doesn’t guarantee flawless code after this process, however they do guarantee users that the automated testing and crowdsourced bug-hunting drastically reduce issues.
QSP token holders management protocol, validation smart contracts, and Validation Node upgrades. The governance mannequin uses a time-locked multisig in which any token holder can propose a change. The more votes a change has, the quicker it occurs. Modifications approved by all members happen within an hour. This time doubles with each 5% of members that don’t vote and quadruples for every 5% that vote towards it.
Earlier in 2018, Quantstamp applied an in-house Proof-of-Caring system to reward group members and loyal QSP token holders. When you submitted your proof, you’d receive an airdrop from an ICO that Quantstamp has audited. This proof consisted of holding your tokens in a wallet (not an trade) for a sure amount of time, contributing to social media outreach, and/or any other community activities.
The Quantstamp group has since ended this program and no longer rewards group members with ICO airdrops. It’s been some extent of competition in the community.
Quantstamp Crew & Progress
The Quantstamp workforce consists of 30+ members and advisors with over 500 Google Scholar citations. Steven Stuart (CTO) and Richard Ma (CEO) based the workforce in June 2017. Stuart worked 5 years in Canada’s cryptologic company in the Division of National Protection and previously founded Many Timber, a begin-up that makes use of GPUs for Big Data analytics and machine learning. Ma built production-grade integration and validation testing software at the Bitcoin HFT Fund. During his time there, his trading systems had no notable points and dealt with millions of dollars in funding capital.