Quantstamp Community Update - June 2020

Quantstamp Announcements
July 6, 2020

Security Incidents

Multiple security incidents happened in June, affecting various DeFi projects. The most recent incident involved decentralized exchange Balancer. The mechanics of a deflationary token - STA - were taken advantage of to empty a Balancer pool containing that token. This attack resulted in over $500,000 stolen. You can read more about the incident here

Other pools were not affected. This incident was similar to the imBTC attack on Uniswap where a non-ERC20-compliant token resulted in a pool being drained for $300,000. There too, a specific pool was drained, but pools not containing the vulnerable token were not affected.

Argent is a popular smart contract wallet. A bug was found that affected 61 wallets running an older version of the wallet, and which had not added “Guardians”. It should be noted that all newer versions of Argent require users to add Guardians.

Argent quickly addressed the issue. It patched the bug(found by OpenZeppelin), updated the wallet, contacted affected users, and initiated precautionary measures on the affected wallets.

We applaud Argent’s quick and prudent response on this issue to protect their users.

A security vulnerability was found in Bancor’s v0.6 contracts which were pushed to mainnet on June 16, 2020. This vulnerability would have allowed funds to be drained. Bancor learned about the vulnerability on June 18 and executed it themselves in a white hat attack to protect user funds. A new contract was then published so new users would not be vulnerable.

If you interacted with Bancor from June 16-18, you should check your wallet for approvals from the Bancor contract and revoke them. You can learn how to do so in this article from Bancor.

A vulnerability was in DeFiSaver’s Exchange. The team immediately performed a white hat attack to protect user funds and disabled the Exchange. The rest of DeFiSaver’s functionality such as MakerDAO and Compound Dashboards, and Automation, were unaffected. 

If you interacted with DeFiSaver’s Exchange, you should check your wallet for approvals from their contract and revoke them. Find out details here.

DeFi is a new space. Whether you’re using a decentralized exchange, borrowing funds, or yield farming, make sure you understand and manage your risk. Only using audited projects is a good starting point. Also try to look for teams that take security seriously, using measures such as strong bug bounty programs, multiple audits, or smart contract coverage.

World Economic Forum Anti-Corruption Initiative


We’ve been advising the World Economic Forum on blockchain solutions for anti-corruption. Government procurement around the world. The WEF has partnered with the Office of the Inspector General of Colombia and the Inter-American Development Bank to create a public, permissionless Ethereum-based blockchain procurement system. We provided technical advice to engineers at the National University of Columbias as they implemented this solution. 

Read more in this CoinTelegraph article about the project.

Ethereum 2.0



Our audit of Ethereum 2.0 as implemented by Prysmatic Lab’s Prysm client is nearing completion. If you missed it, we’ve been sharing insights about Ethereum 2.0’s progress, roadmap, and staking.

Media Coverage

We are currently auditing Ethereum 2.0. Lead auditor, Senior Research Engineer Kacper Bak, went on The MikoBits Show recently to talk about Ethereum 2.0. Miko asks great questions about the Ethereum 2.0 roadmap, staking, scalability, and more, while Kacper gives valuable insights he’s come across while looking at the code.

DeFi is in the spotlight right now, but security is a concern. In this Forbes article, CEO Richard Ma explains the importance of security for this emerging application. 

Central Bank Digital Currencies

Central Banks around the world are developing and preparing digital currencies. While they are inspired by cryptocurrencies, Central Bank Digital Currencies(CBDCs) have different goals and use cases in mind. Our CEO Richard Ma explains what CBDCs will look like in this Forbes Tech Council post

Hack Money Finalist

Our research engineer Martinet Lee was a Finalist at the Hack Money hackathon. His project, GodModeForTest, allows developers to do ANYTHING on their local blockchain. This is made possible through a modified Ganache. 

Check out him pitch the project here, and take a look at his code in the github repo here.

Blockstack Hackathon - Judging 

We’re helping judge Blockstack’s Clarity hackathon. Blockstack's Clarity Hackathon is a two-pronged virtual hackathon. Developers work on both applications and tooling for Clarity.

Clarity is Blockstack's smart contract language designed from the ground up to reduce bugs and behave predictably. It provides native functions that make it easy for developers to create complex smart contracts while protecting users at every step. Clarity provides precise tools for enabling on-chain logic while reducing unintentional errors.

Upcoming

We’re excited to be speaking at Unitize! Featuring Vitalik Buterin, CZ, SEC Commisioner Hester Pierce, and more, it’s organized by San Francisco Blockchain Week and Blockshow. Unitize is happening July 6-10 and you can register here: https://bit.ly/2Z8A7Tp

Keep up with Quantstamp

Follow us on LinkedIn, like us on Facebook, check out our Github, follow us out on Twitter, join the conversation on Reddit, subscribe to our Youtube Channel, or sign up for our newsletter

Note: This update includes information and forward-looking statements about upcoming events and concepts under continuing development. Schedules, features, and functionality are subject to change or cancellation at any time and you are not to place undue reliance on this information or any forward-looking statements.

Quantstamp Announcements
July 6, 2020

Security Incidents

Multiple security incidents happened in June, affecting various DeFi projects. The most recent incident involved decentralized exchange Balancer. The mechanics of a deflationary token - STA - were taken advantage of to empty a Balancer pool containing that token. This attack resulted in over $500,000 stolen. You can read more about the incident here

Other pools were not affected. This incident was similar to the imBTC attack on Uniswap where a non-ERC20-compliant token resulted in a pool being drained for $300,000. There too, a specific pool was drained, but pools not containing the vulnerable token were not affected.

Argent is a popular smart contract wallet. A bug was found that affected 61 wallets running an older version of the wallet, and which had not added “Guardians”. It should be noted that all newer versions of Argent require users to add Guardians.

Argent quickly addressed the issue. It patched the bug(found by OpenZeppelin), updated the wallet, contacted affected users, and initiated precautionary measures on the affected wallets.

We applaud Argent’s quick and prudent response on this issue to protect their users.

A security vulnerability was found in Bancor’s v0.6 contracts which were pushed to mainnet on June 16, 2020. This vulnerability would have allowed funds to be drained. Bancor learned about the vulnerability on June 18 and executed it themselves in a white hat attack to protect user funds. A new contract was then published so new users would not be vulnerable.

If you interacted with Bancor from June 16-18, you should check your wallet for approvals from the Bancor contract and revoke them. You can learn how to do so in this article from Bancor.

A vulnerability was in DeFiSaver’s Exchange. The team immediately performed a white hat attack to protect user funds and disabled the Exchange. The rest of DeFiSaver’s functionality such as MakerDAO and Compound Dashboards, and Automation, were unaffected. 

If you interacted with DeFiSaver’s Exchange, you should check your wallet for approvals from their contract and revoke them. Find out details here.

DeFi is a new space. Whether you’re using a decentralized exchange, borrowing funds, or yield farming, make sure you understand and manage your risk. Only using audited projects is a good starting point. Also try to look for teams that take security seriously, using measures such as strong bug bounty programs, multiple audits, or smart contract coverage.

World Economic Forum Anti-Corruption Initiative


We’ve been advising the World Economic Forum on blockchain solutions for anti-corruption. Government procurement around the world. The WEF has partnered with the Office of the Inspector General of Colombia and the Inter-American Development Bank to create a public, permissionless Ethereum-based blockchain procurement system. We provided technical advice to engineers at the National University of Columbias as they implemented this solution. 

Read more in this CoinTelegraph article about the project.

Ethereum 2.0



Our audit of Ethereum 2.0 as implemented by Prysmatic Lab’s Prysm client is nearing completion. If you missed it, we’ve been sharing insights about Ethereum 2.0’s progress, roadmap, and staking.

Media Coverage

We are currently auditing Ethereum 2.0. Lead auditor, Senior Research Engineer Kacper Bak, went on The MikoBits Show recently to talk about Ethereum 2.0. Miko asks great questions about the Ethereum 2.0 roadmap, staking, scalability, and more, while Kacper gives valuable insights he’s come across while looking at the code.

DeFi is in the spotlight right now, but security is a concern. In this Forbes article, CEO Richard Ma explains the importance of security for this emerging application. 

Central Bank Digital Currencies

Central Banks around the world are developing and preparing digital currencies. While they are inspired by cryptocurrencies, Central Bank Digital Currencies(CBDCs) have different goals and use cases in mind. Our CEO Richard Ma explains what CBDCs will look like in this Forbes Tech Council post

Hack Money Finalist

Our research engineer Martinet Lee was a Finalist at the Hack Money hackathon. His project, GodModeForTest, allows developers to do ANYTHING on their local blockchain. This is made possible through a modified Ganache. 

Check out him pitch the project here, and take a look at his code in the github repo here.

Blockstack Hackathon - Judging 

We’re helping judge Blockstack’s Clarity hackathon. Blockstack's Clarity Hackathon is a two-pronged virtual hackathon. Developers work on both applications and tooling for Clarity.

Clarity is Blockstack's smart contract language designed from the ground up to reduce bugs and behave predictably. It provides native functions that make it easy for developers to create complex smart contracts while protecting users at every step. Clarity provides precise tools for enabling on-chain logic while reducing unintentional errors.

Upcoming

We’re excited to be speaking at Unitize! Featuring Vitalik Buterin, CZ, SEC Commisioner Hester Pierce, and more, it’s organized by San Francisco Blockchain Week and Blockshow. Unitize is happening July 6-10 and you can register here: https://bit.ly/2Z8A7Tp

Keep up with Quantstamp

Follow us on LinkedIn, like us on Facebook, check out our Github, follow us out on Twitter, join the conversation on Reddit, subscribe to our Youtube Channel, or sign up for our newsletter

Note: This update includes information and forward-looking statements about upcoming events and concepts under continuing development. Schedules, features, and functionality are subject to change or cancellation at any time and you are not to place undue reliance on this information or any forward-looking statements.

September 2, 2020

Quantstamp Community Update - August 2020

DeFi hacks, Layer 1 audits, and more media coverage. Here’s what happened at Quantstamp in August.

September 1, 2020

Quantstamp Audits Layer 1 Blockchains

Apart from securing the applications that run on blockchain platforms, we also offer security services for base layer protocols. Our experience with base layer protocols includes ETH2, Avalanche, and Cardano.

August 28, 2020

Quantstamp Helps Secure IDEX 2.0

Quantstamp, a leading blockchain security company, has finished its audit of IDEX 2.0, a new, higher performance update to popular decentralized exchange IDEX. Security is one of the main issues holding back Decentralized Finance, so we’re happy to be helping IDEX scale to the next stage of their growth by auditing their latest platform.

August 27, 2020

The Stablecoins Driving Blockchain Adoption

2020 has been a milestone year for stablecoins. Learn more about some of the stablecoins Quantstamp has secured that are changing the future of our financial system.