Although the staff is specializing in Ethereum now, they’re building the Quantstamp protocol in a way that’s platform agnostic. This signifies that it could actually finally be used on other smart contract platforms like Lisk and NEO. The Quantstamp protocol has a -pronged approach to safety auditing:
Automated software verification system
Automated bounty payout system
Software Verification
Quantstamp’s Validation Node applies audit strategies from formal methods submitted by Contributors. These methods include safety checks corresponding to concolic tests, static evaluation, and symbolic execution as well as automated reasoning instruments like SAT and SMT. As a reward for submitting verification software, contributors (who’re primarily safety experts), receive Quantstamp Protocol (QSP) tokens.
To make sure no bad actors are submitting malicious validation software, Contributors have to be voted in in keeping with the governance mechanism (more on this later).
Running the Validation Node takes a significant quantity of computing power. Because of this, Validators also receive QSP fee for providing computing power to the network. To make sure that Validators don’t act maliciously, they have to stake their QSP tokens to earn their reward.
An Example
As a developer, you want to deploy a smart contract on Ethereum. Considering you don’t want to go down in history as the man who lost hundreds of thousands of people’s cash, you have got your contract audited. To take action, you send your smart contract, with the supply code within the data discipline, directly out of your wallet to Quantstamp, together with QSP tokens with the transaction. On the following Ethereum block, Validators carry out safety checks. After they reach consensus, they append the proof-of-audit and report data to the following block.
You can choose whether your security report is made public or private.
UPDATE: It appears as if, now, the Quanstamp group also gives manual audits in alternate for ETH or USD.
Bounty Payouts
Whenever you submit your smart contract for auditing, you also embrace a set of QSP tokens for bounty rewards and a deadline for when Bug Finders can submit issues. The bounty deadline reward dimension is as much as you. If the deadline passes with no discovered bugs, the QSP bounty reward is returned to you.
Quantstamp doesn’t guarantee flawless code after this process, however they do guarantee customers that the automated testing and crowdsourced bug-hunting greatly reduce issues.
Protocol Governance
QSP token holders control protocol, validation smart contracts, and Validation Node upgrades. The governance mannequin uses a time-locked multisig in which any token holder can propose a change. The more votes a change has, the quicker it occurs. Modifications approved by all members occur within an hour. This time doubles with every 5% of members that don’t vote and quadruples for every 5% that vote against it.
Proof-of-Caring
Earlier in 2018, Quantstamp implemented an in-house Proof-of-Caring system to reward group members and dependable QSP token holders. When you submitted your proof, you’d receive an airdrop from an ICO that Quantstamp has audited. This proof consisted of holding your tokens in a wallet (not an alternate) for a sure period of time, contributing to social media outreach, and/or every other community activities.
The Quantstamp staff has since ended this program and now not rewards neighborhood members with ICO airdrops. It’s been a degree of competition in the community.
Quantstamp Team & Progress
The Quantstamp team consists of 30+ members and advisors with over 500 Google Scholar citations. Steven Stuart (CTO) and Richard Ma (CEO) founded the staff in June 2017. Stuart worked 5 years in Canada’s cryptologic company in the Department of National Protection and previously founded Many Timber, a start-up that uses GPUs for Big Data analytics and machine learning. Ma built production-grade integration and validation testing software on the Bitcoin HFT Fund. Throughout his time there, his trading systems had no notable issues and handled millions of dollars in investment capital.