Meet the Authors: Ed Zulkoski

Quantstamp Announcements
July 23, 2019

Fundamentals of Smart Contract Security covers how blockchains function, design choices for smart contract development, common vulnerabilities, and best practices for writing smart contracts. This interview is one of a five-part series where we go behind the scenes and learn a bit more about the authors.

Ed holds a Ph.D in Computer Science from the University of Waterloo. His research there was primarily in SAT/SMT solvers and formal verification technologies, with a focus on understanding what makes SAT formulas hard or easy for solvers. Before joining Quantstamp, he worked at Microsoft Research.

Can you share a bit about your background? What drew you to Quantstamp and how did you get involved?

I met some of the other team members who were also Ph.D. students at the University of Waterloo. From there, I met Quantstamp’s Co-founder, Steven Stewart, and we ended up doing some work together. I was focused on SAT/SMT solvers, so the work at Quantstamp was a great fit given my expertise in this area. Smart contract analysis seemed like a great application of our work, as any vulnerabilities can have significant financial impact, while at the same time, the programs are [usually] small enough to be automatically analyzed in meaningful ways.

(SAT and SMT solvers form the backbone for many automated bug-finding tools such as those used by Quantstamp)

What advice would you give to aspiring software engineers that want to build a career in this industry?

My biggest piece of advice would be to research and understand the fundamental problems blockchain aims to solve, and investigate what challenges companies on the cutting-edge need to solve in order to achieve this vision. Make sure it's a field you’re actually interested in, and further try to understand why you're interested. It's easy to get sucked up in the hype of blockchain, but hype is an unsustainable platform for success. Blockchain is not a swiss-army knife to solve all the world's "centralization problems," but it does have the potential to revolutionize how we think about commerce and other decentralized applications.

What’s your favourite part of the book? Why was this something you wanted to be part of, and how do you think it will contribute to the space?

Probably Chapter 2, because I feel like it gives a really good overview of the fundamentals. It covers all the cryptoeconomics that revolve around the chain, and what can go wrong if you design your blockchain or dApp in an insufficient way.

The book is ideal for a novice person, as it would let them learn more about blockchain and hopefully develop some interesting applications on top of it. It’s also got something for people who have an existing understanding and just want to deepen their knowledge.

In your opinion, what are some of the biggest challenges right now in smart contract security?

I’d say developing automated tools that are practical and useful for real world contracts. Existing tools try to look for very standard issues that can go wrong - stuff like re-entrancy, overflow and those kind of things. Tools that are both easy to use and contract-specific are probably the most useful right now. On top of that, since manual "white glove" audits are currently one of the best ways to have confidence in a smart contract's correctness, any tools that aid an auditor's ability to understand and reason through the code are highly valuable.

Are there certain projects you're working on right now that you're really excited about?

Yes, I’m excited about the monitoring service that we’re working on. Basically, a smart contract analyzer tries to figure out statically whether there’s something correct or incorrect about a contract. It provides sophisticated analysis while the contract is being deployed, meaning an added layer of security. This would be really difficult to have with typical analyzers.

Fundamentals of Smart Contract Security is now available on Amazon
August 21, 2019

EthBerlin Security HelpDesk Details, Security Award & Hosted Points Bonus from Quantstamp + MythX

Quantstamp and MythX are very excited to support EthBerlin this year. If you're participating, come find us at the HelpDesk, your one-stop resource for any security-related inquiries. Need suggestions on more secure code implementations or advice on mitigating certain vulnerabilities? The HelpDesk is available round the clock to offer guidance and assistance throughout the hackathon.

August 13, 2019

Open Sourcing Our Bounty Protocol

We are open sourcing the code for our Bounty Protocol. A bounty protocol is a marketplace for developers to identify bugs in smart contracts that automation cannot detect. The Bounty Protocol has the potential to leverage software engineering talent from around the world to add an essential layer of infrastructure for blockchain security.

July 31, 2019

Join Our Meme Competition

On August 1st, Quantstamp will begin our Meme Competition. Subject to eligibility, the winner of the Meme Competition will receive a Nintendo Switch Console, Mario Kart 8 (game for the Nintendo Switch), a Ledger Nano X, and a copy of our book, Fundamentals of Smart Contract Security!

July 30, 2019

Quantstamp Community Update July 2019

Quantstamp Security Network growth, securing Binance’s first stablecoin, auditing Klaytn, Congressional Blockchain Education Day - it’s been an exciting month at Quantstamp. Here's what's been going on: