Quantstamp is a blockchain security company developing automated security tools such as the Quantstamp protocol and also conducts manual smart contract audits. Powered by QSP, the Quantstamp protocol aims to enhance smart contract security and the reputation of projects that create smart contracts by producing openly accessible security reports.
.svg)
.svg)
The Quantstamp smart contract security validation product is a beta testing version that is under continuing development and subject to unknown risks, dependencies and potential changes. Access and/or usage is provided on an as-is, where-is, and as-available basis. You agree that your access and/or use, including but not limited to any associated services, products, protocols, platforms, content, and materials, will be at your sole risk. Cryptographic tokens are emergent technologies and carry with them high levels of technical risk and uncertainty. The Solidity language itself and other smart contract languages remain under development and are subject to unknown risks and flaws. The scan of a smart contract does not extend to the compiler layer, or any other areas beyond Solidity or other programming aspects that could present security risks. To the fullest extent permitted by law, we disclaim all warranties, express or implied, in connection with this product and your use thereof, including, without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. We do not warrant, endorse, guarantee, or assume responsibility for any product or service advertised or offered by a third party through the product, any open source or third party software, code, libraries, materials, or information linked to, called by, referenced by or accessible through the product, any hyperlinked website, or any website or mobile application featured in any banner or other advertising, and we will not be a party to or in any way be responsible for monitoring any transaction between you and any third-party providers of products or services. As with the purchase or use of a product or service through any medium or in any environment, you should use your best judgment and exercise caution where appropriate. You may risk loss of QSP tokens or other loss. Features, functionality, schedules, or design architectures are subject to continuing update, modification, cancellation, delay, external dependencies, evolving regulatory frameworks, and/or factors beyond our control and you are cautioned not to place undue reliance on this information. For avoidance of doubt, the product and access and/or usage thereof, including any associated services or materials, shall not be considered or relied upon as any form of financial, investment, tax, legal, regulatory, or other advice.
Users pay QSP tokens to scan smart contracts with off-chain computation from scanning nodes. Nodes then bid to audit the contract. In return, users get a line-by-line breakdown of the code’s potential vulnerabilities, along with recommended fixes.
Auditor nodes run the Quantstamp protocol to check smart contract code for all known vulnerabilities. The protocol currently uses Oyente and Mythril analyzers, and Quantstamp is also exploring other analyzers to add to the protocol in the future.
The protocol consists of two parts:
An automated and upgradeable software verification system that checks smart contract code such as Solidity programs.
An automated payout system that rewards human participants in QSP tokens for finding errors in smart contracts. The purpose of this system is to bridge the gap while moving towards the goal of full automation.
The Quantstamp smart contract security validation product is a beta testing version that is under continuing development and subject to unknown risks, dependencies and potential changes. Scan results may not be complete nor inclusive of all possible vulnerabilities. Cryptographic tokens are emergent technologies and carry with them high levels of technical risk and uncertainty. The Solidity language itself and other smart contract languages remain under development and are subject to unknown risks and flaws. The scan of a smart contract does not extend to the compiler layer, or any other areas beyond Solidity or other programming aspects that could present security risks. Scan
reports should be considered as one element in a more complete security analysis. A warning in a contract report indicates a potential vulnerability, not that a vulnerability is proven to exist. You may risk loss of QSP tokens or other loss. Features, functionality, schedules, or design architectures are subject to continuing update, modification, cancellation, delay, external dependencies, evolving regulatory frameworks, and/or factors beyond our control and you are cautioned not to place undue reliance on this information. A scan report is not an endorsement or indictment of any particular project or team, and the report does not guarantee the security of any particular project. A scan report does not consider, and should not be interpreted as considering or having any bearing on, the potential economics of a token, token sale or any other product, service or other asset. No third party should rely on the scan reports in any way, including for the purpose of making any decisions to buy or sell any token, product, service or other asset.
For avoidance of doubt, the product and access and/or usage thereof, including any associated services or materials, shall not be considered or relied upon as any form of financial, investment, tax, legal, regulatory, or other advice.
Our reports offer a comprehensive look into the health of a Smart Contract. Audits that pass our standards can then be given a public facing Security Certificate.
Security audits are mission critical. We’ve secured over $500M+ through audits. Quantstamp offers industry leading auditing services.
Our most popular audit reports:
Learn About Our Auditing Services
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
