Quantstamp is a blockchain security company developing automated security tools such as the Quantstamp protocol and also conducts manual smart contract audits. Powered by QSP, the Quantstamp protocol aims to enhance smart contract security and the reputation of projects that create smart contracts by producing openly accessible security reports.
Users pay QSP tokens to scan smart contracts with off-chain computation from scanning nodes. Nodes then bid to audit the contract. In return, users get a line-by-line breakdown of the code’s potential vulnerabilities, along with recommended fixes.
Auditor nodes run the Quantstamp protocol to check smart contract code for all known vulnerabilities. The protocol currently uses Oyente and Mythril analyzers, and Quantstamp is also exploring other analyzers to add to the protocol in the future.
The protocol consists of two parts:
An automated and upgradeable software verification system that checks smart contract code such as Solidity programs.
An automated payout system that rewards human participants in QSP tokens for finding errors in smart contracts. The purpose of this system is to bridge the gap while moving towards the goal of full automation.
The Quantstamp smart contract security validation product is a beta testing version that is under continuing development and subject to unknown risks, dependencies and potential changes. Scan results may not be complete nor inclusive of all possible vulnerabilities. Cryptographic tokens are emergent technologies and carry with them high levels of technical risk and uncertainty. The Solidity language itself and other smart contract languages remain under development and are subject to unknown risks and flaws. The scan of a smart contract does not extend to the compiler layer, or any other areas beyond Solidity or other programming aspects that could present security risks. Scan
reports should be considered as one element in a more complete security analysis. A warning in a contract report indicates a potential vulnerability, not that a vulnerability is proven to exist. You may risk loss of QSP tokens or other loss. Features, functionality, schedules, or design architectures are subject to continuing update, modification, cancellation, delay, external dependencies, evolving regulatory frameworks, and/or factors beyond our control and you are cautioned not to place undue reliance on this information. A scan report is not an endorsement or indictment of any particular project or team, and the report does not guarantee the security of any particular project. A scan report does not consider, and should not be interpreted as considering or having any bearing on, the potential economics of a token, token sale or any other product, service or other asset. No third party should rely on the scan reports in any way, including for the purpose of making any decisions to buy or sell any token, product, service or other asset.
For avoidance of doubt, the product and access and/or usage thereof, including any associated services or materials, shall not be considered or relied upon as any form of financial, investment, tax, legal, regulatory, or other advice.
Our reports offer a comprehensive look into the health of a Smart Contract. Audits that pass our standards can then be given a public facing Security Certificate.
Security audits are mission critical. We’ve secured over $500M+ through audits. Quantstamp offers industry leading auditing services.
Our most popular audit reports:Learn About Our Auditing Services