How Does Quantstamp Work?

How Does Quantstamp Work?

Although the crew is specializing in Ethereum now, they’re building the Quantstamp protocol in a way that’s platform agnostic. This implies that it could finally be used on different smart contract platforms like Lisk and NEO. The Quantstamp protocol has a -pronged approach to safety auditing:

Automated software verification system
Automated bounty payout system
Software Verification
Quantstamp’s Validation Node applies audit strategies from formal strategies submitted by Contributors. These methods embody security checks comparable to concolic tests, static evaluation, and symbolic execution as well as automated reasoning instruments like SAT and SMT. As a reward for submitting verification software, contributors (who're primarily safety consultants), obtain Quantstamp Protocol (QSP) tokens.

To ensure no bad actors are submitting malicious validation software, Contributors have to be voted in in keeping with the governance mechanism (more on this later).

Running the Validation Node takes a significant amount of computing power. Because of this, Validators additionally obtain QSP cost for providing computing energy to the network. To make sure that Validators don’t act maliciously, they must stake their QSP tokens to earn their reward.

An Instance

As a developer, you want to deploy a smart contract on Ethereum. Considering you don’t need to go down in history as the guy who lost thousands and thousands of people’s cash, you have your contract audited. To take action, you send your smart contract, with the source code in the data area, directly from your wallet to Quantstamp, together with QSP tokens with the transaction. On the following Ethereum block, Validators carry out safety checks. After they reach consensus, they append the proof-of-audit and report data to the next block.

You'll be able to choose whether your security report is made public or private.

UPDATE: It seems as if, now, the Quanstamp workforce also offers manual audits in exchange for ETH or USD.

Bounty Payouts
Once you submit your smart contract for auditing, you additionally embody a set of QSP tokens for bounty rewards and a deadline for when Bug Finders can submit issues. The bounty deadline reward measurement is as much as you. If the deadline passes with no discovered bugs, the QSP bounty reward is returned to you.

Quantstamp doesn’t assure flawless code after this process, however they do assure customers that the automated testing and crowdsourced bug-hunting greatly reduce issues.

Protocol Governance
QSP token holders control protocol, validation smart contracts, and Validation Node upgrades. The governance model uses a time-locked multisig in which any token holder can propose a change. The more votes a change has, the quicker it occurs. Modifications approved by all members occur within an hour. This time doubles with each 5% of members that don’t vote and quadruples for every 5% that vote towards it.

Earlier in 2018, Quantstamp carried out an in-house Proof-of-Caring system to reward community members and loyal QSP token holders. Once you submitted your proof, you’d receive an airdrop from an ICO that Quantstamp has audited. This proof consisted of holding your tokens in a wallet (not an change) for a sure period of time, contributing to social media outreach, and/or every other community activities.

The Quantstamp team has since ended this program and no longer rewards group members with ICO airdrops. It’s been a degree of rivalry within the community.

Quantstamp Staff & Progress
The Quantstamp group consists of 30+ members and advisors with over 500 Google Scholar citations. Steven Stuart (CTO) and Richard Ma (CEO) founded the group in June 2017. Stuart worked 5 years in Canada’s cryptologic company within the Division of National Protection and previously based Many Timber, a begin-up that uses GPUs for Big Data analytics and machine learning. Ma built production-grade integration and validation testing software on the Bitcoin HFT Fund. During his time there, his trading systems had no notable points and handled thousands and thousands of dollars in funding capital.