Meet the Authors: Ed Zulkoski

May 29, 2019
Quantstamp Announcements

Fundamentals of Smart Contract Security covers how blockchains function, design choices for smart contract development, common vulnerabilities, and best practices for writing smart contracts. This interview is one of a five-part series where we go behind the scenes and learn a bit more about the authors.

Ed holds a Ph.D in Computer Science from the University of Waterloo. His research there was primarily in SAT/SMT solvers and formal verification technologies, with a focus on understanding what makes SAT formulas hard or easy for solvers. Before joining Quantstamp, he worked at Microsoft Research.

Can you share a bit about your background? What drew you to Quantstamp and how did you get involved?

I met some of the other team members who were also Ph.D. students at the University of Waterloo. From there, I met Quantstamp’s Co-founder, Steven Stewart, and we ended up doing some work together. I was focused on SAT/SMT solvers, so the work at Quantstamp was a great fit given my expertise in this area. Smart contract analysis seemed like a great application of our work, as any vulnerabilities can have significant financial impact, while at the same time, the programs are [usually] small enough to be automatically analyzed in meaningful ways.

(SAT and SMT solvers form the backbone for many automated bug-finding tools such as those used by Quantstamp)


What advice would you give to aspiring software engineers that want to build a career in this industry?

My biggest piece of advice would be to research and understand the fundamental problems blockchain aims to solve, and investigate what challenges companies on the cutting-edge need to solve in order to achieve this vision. Make sure it's a field you’re actually interested in, and further try to understand why you're interested. It's easy to get sucked up in the hype of blockchain, but hype is an unsustainable platform for success. Blockchain is not a swiss-army knife to solve all the world's "centralization problems," but it does have the potential to revolutionize how we think about commerce and other decentralized applications.

What’s your favourite part of the book? Why was this something you wanted to be part of, and how do you think it will contribute to the space?

Probably Chapter 2, because I feel like it gives a really good overview of the fundamentals. It covers all the cryptoeconomics that revolve around the chain, and what can go wrong if you design your blockchain or dApp in an insufficient way.

The book is ideal for a novice person, as it would let them learn more about blockchain and hopefully develop some interesting applications on top of it. It’s also got something for people who have an existing understanding and just want to deepen their knowledge.


In your opinion, what are some of the biggest challenges right now in smart contract security?

I’d say developing automated tools that are practical and useful for real world contracts. Existing tools try to look for very standard issues that can go wrong - stuff like re-entrancy, overflow and those kind of things. Tools that are both easy to use and contract-specific are probably the most useful right now. On top of that, since manual "white glove" audits are currently one of the best ways to have confidence in a smart contract's correctness, any tools that aid an auditor's ability to understand and reason through the code are highly valuable.


Are there certain projects you're working on right now that you're really excited about?

Yes, I’m excited about the monitoring service that we’re working on. Basically, a smart contract analyzer tries to figure out statically whether there’s something correct or incorrect about a contract. It provides sophisticated analysis while the contract is being deployed, meaning an added layer of security. This would be really difficult to have with typical analyzers.


Quantstamp Announcements
May 29, 2019

Fundamentals of Smart Contract Security covers how blockchains function, design choices for smart contract development, common vulnerabilities, and best practices for writing smart contracts. This interview is one of a five-part series where we go behind the scenes and learn a bit more about the authors.

Ed holds a Ph.D in Computer Science from the University of Waterloo. His research there was primarily in SAT/SMT solvers and formal verification technologies, with a focus on understanding what makes SAT formulas hard or easy for solvers. Before joining Quantstamp, he worked at Microsoft Research.

Can you share a bit about your background? What drew you to Quantstamp and how did you get involved?

I met some of the other team members who were also Ph.D. students at the University of Waterloo. From there, I met Quantstamp’s Co-founder, Steven Stewart, and we ended up doing some work together. I was focused on SAT/SMT solvers, so the work at Quantstamp was a great fit given my expertise in this area. Smart contract analysis seemed like a great application of our work, as any vulnerabilities can have significant financial impact, while at the same time, the programs are [usually] small enough to be automatically analyzed in meaningful ways.

(SAT and SMT solvers form the backbone for many automated bug-finding tools such as those used by Quantstamp)


What advice would you give to aspiring software engineers that want to build a career in this industry?

My biggest piece of advice would be to research and understand the fundamental problems blockchain aims to solve, and investigate what challenges companies on the cutting-edge need to solve in order to achieve this vision. Make sure it's a field you’re actually interested in, and further try to understand why you're interested. It's easy to get sucked up in the hype of blockchain, but hype is an unsustainable platform for success. Blockchain is not a swiss-army knife to solve all the world's "centralization problems," but it does have the potential to revolutionize how we think about commerce and other decentralized applications.

What’s your favourite part of the book? Why was this something you wanted to be part of, and how do you think it will contribute to the space?

Probably Chapter 2, because I feel like it gives a really good overview of the fundamentals. It covers all the cryptoeconomics that revolve around the chain, and what can go wrong if you design your blockchain or dApp in an insufficient way.

The book is ideal for a novice person, as it would let them learn more about blockchain and hopefully develop some interesting applications on top of it. It’s also got something for people who have an existing understanding and just want to deepen their knowledge.


In your opinion, what are some of the biggest challenges right now in smart contract security?

I’d say developing automated tools that are practical and useful for real world contracts. Existing tools try to look for very standard issues that can go wrong - stuff like re-entrancy, overflow and those kind of things. Tools that are both easy to use and contract-specific are probably the most useful right now. On top of that, since manual "white glove" audits are currently one of the best ways to have confidence in a smart contract's correctness, any tools that aid an auditor's ability to understand and reason through the code are highly valuable.


Are there certain projects you're working on right now that you're really excited about?

Yes, I’m excited about the monitoring service that we’re working on. Basically, a smart contract analyzer tries to figure out statically whether there’s something correct or incorrect about a contract. It provides sophisticated analysis while the contract is being deployed, meaning an added layer of security. This would be really difficult to have with typical analyzers.


Fundamentals of Smart Contract Security is now available on Amazon
GET YOUR COPY
Fundamentals of Smart Contract Security is now available on Amazon
GET YOUR COPY
Quantstamp Announcements

Monthly Hacks Roundup: April 2024

April was a hectic month for the web3 security landscape, including significant rug pulls and security hacks totaling over $103 million in losses. Read on as we dive into three major security incidents and some of the trends from last month.

Read more
Quantstamp Announcements

Monthly Hacks Roundup: March 2024

March was a volatile month for the web3 security landscape, with significant security breaches totalling over $152 million in losses. Read on as we dive into four major security incidents and the trends from last month 👇

Read more
Quantstamp Announcements

Modular Account: How Audits Can Help Shape Standards And Catalyze Mass Adoption

Quantstamp recently conducted a smart contract audit for Alchemy’s Modular Account, a wallet implementation designed from the ground up for ERC-4337 and ERC-6900 compatibility including two plugins

Read more