One thing that made Ethereum grow is its support for smart contracts, which in turn enable decentralized apps, so called “dapps,” to run in the blockchain. While this is a great promise — to automate execution of contracts — there are certain problems that could occur, mostly due to human errors. The DAO hack is the best-known example of what could go wrong, as a result of which, today we have Ethereum Classic and Ethereum.
What’s missing from a “standard” smart contract equation is the ability to audit these contracts on a large scale. Right now, checking through all those lines of code is a human endeavor, which can take time and can slow down the process. Also, humans may miss bugs unintentionally added to code (by other humans).
Quantstamp is looking to change that, and we are looking to provide you with 5 things you should know about Quantstamp.
1. What is Quantstamp?
Quantstamp touts itself as the first scalable security-audit protocol designed to find vulnerabilities in Ethereum smart contracts. The project is backed by PhDs with industry experience, and a powerful blockchain industry advisory board.
Quantstamp aims to deliver scalable, cost-effective code auditing, and eventually become a fundamental part of mainstream adoption for Ethereum. It is decentralized and includes the proof-of-audit system making it next to impossible for malicious actors to manipulate audit results.
In other words, Quantstamp wants to make smart contracts more secure.
2. Quantstamp tackles human errors
Quantstamp is designed to (partially) remove the human element. It checks the Solidity code, which is used to write smart contracts on the Ethereum blockchain, to verify it is written correctly and is secure.
Like any other software, smart contracts are made by humans, and humans make mistakes. Quantstamp’s upgradable software verification system scans the smart contract code to determine whether there is a loophole that could be used by malicious actors to steal money (tokens) from the network.
This is important as there is a shortage of skilled Solidity programmers; it is a nascent programming language, after all.
3. How Quantstamp works?
Quantstamp check the smart contract code on an off-chain network that works in a similar way to Proof-of-Work (PoW) mining. As part of the audit process, nodes on the Quantstamp Network “mine” contracts by making the audit part of the mathematical steps necessary to solve a block. Just like in PoW-style mining, it is hard to solve a block but it is easy for other nodes to verify that the block was solved correctly.
Once a contract has been audited, the smart contract maker will receive a report describing any security vulnerabilities. This in turn makes Quantstamp an enhancement to any decentralized virtual machine.
The system does its magic both before an attack, and can also identify them (attacks) while they are happening.
4. Quantstamp incentivizes hackers to find loopholes
Instead of just sitting around and waiting for good Samaritans to find loopholes in the code, Quantstamp has a system to incentivize bad actors and hackers to report flaws. For their efforts, potential bad actors will receive QSP tokens.
The system will then “learn” new skill and fix that particular loophole for future users. Eventually, Quantstamp will be fully automated.
5. Quantstamp is flexible
The fact that Ethereum will be upgraded in the future pretty much “forces” Quantstamp to be flexible, as well.
Quantstamp has its own tokens (QSP) whose holders can vote on what governance system is used to verify a smart contract’s security and can adapt with changing technology. The community (of token holders) will decide what is important and at some point reduce the founders’ influence in the network.
Final word
There are no doubts that hackers will continue to push and test the limits of security for smart contracts. On the other hand, companies vested in blockchain technology will try to make it harder for those bad actors to “do their thing.” Nonetheless, mistakes will be made, and with the help of Quantstamp we may be getting closer to the decentralized app adoption.
This sort of protocol is perfect to push major corporations and institutions towards launching novel blockchain solutions. In that sense — and unlike other projects — Quantstamp aims to eventually be incorporated directly into the Ethereum protocol. That’s a bold vision when you think about it…