Meet the Authors: Ed Zulkoski

Quantstamp Announcements
May 29, 2019

Fundamentals of Smart Contract Security covers how blockchains function, design choices for smart contract development, common vulnerabilities, and best practices for writing smart contracts. This interview is one of a five-part series where we go behind the scenes and learn a bit more about the authors.

Ed holds a Ph.D in Computer Science from the University of Waterloo. His research there was primarily in SAT/SMT solvers and formal verification technologies, with a focus on understanding what makes SAT formulas hard or easy for solvers. Before joining Quantstamp, he worked at Microsoft Research.

Can you share a bit about your background? What drew you to Quantstamp and how did you get involved?

I met some of the other team members who were also Ph.D. students at the University of Waterloo. From there, I met Quantstamp’s Co-founder, Steven Stewart, and we ended up doing some work together. I was focused on SAT/SMT solvers, so the work at Quantstamp was a great fit given my expertise in this area. Smart contract analysis seemed like a great application of our work, as any vulnerabilities can have significant financial impact, while at the same time, the programs are [usually] small enough to be automatically analyzed in meaningful ways.

(SAT and SMT solvers form the backbone for many automated bug-finding tools such as those used by Quantstamp)

What advice would you give to aspiring software engineers that want to build a career in this industry?

My biggest piece of advice would be to research and understand the fundamental problems blockchain aims to solve, and investigate what challenges companies on the cutting-edge need to solve in order to achieve this vision. Make sure it's a field you’re actually interested in, and further try to understand why you're interested. It's easy to get sucked up in the hype of blockchain, but hype is an unsustainable platform for success. Blockchain is not a swiss-army knife to solve all the world's "centralization problems," but it does have the potential to revolutionize how we think about commerce and other decentralized applications.

What’s your favourite part of the book? Why was this something you wanted to be part of, and how do you think it will contribute to the space?

Probably Chapter 2, because I feel like it gives a really good overview of the fundamentals. It covers all the cryptoeconomics that revolve around the chain, and what can go wrong if you design your blockchain or dApp in an insufficient way.

The book is ideal for a novice person, as it would let them learn more about blockchain and hopefully develop some interesting applications on top of it. It’s also got something for people who have an existing understanding and just want to deepen their knowledge.

In your opinion, what are some of the biggest challenges right now in smart contract security?

I’d say developing automated tools that are practical and useful for real world contracts. Existing tools try to look for very standard issues that can go wrong - stuff like re-entrancy, overflow and those kind of things. Tools that are both easy to use and contract-specific are probably the most useful right now. On top of that, since manual "white glove" audits are currently one of the best ways to have confidence in a smart contract's correctness, any tools that aid an auditor's ability to understand and reason through the code are highly valuable.

Are there certain projects you're working on right now that you're really excited about?

Yes, I’m excited about the monitoring service that we’re working on. Basically, a smart contract analyzer tries to figure out statically whether there’s something correct or incorrect about a contract. It provides sophisticated analysis while the contract is being deployed, meaning an added layer of security. This would be really difficult to have with typical analyzers.

Fundamentals of Smart Contract Security is now available on Amazon
January 10, 2020

The New Rockstars Building the Future of DeFi

Maker set the foundation for the DeFi ecosystem by creating DAI, but their impact does not end there. They facilitating the success of future DeFi rockstars and Quantstamp is providing the security.

January 9, 2020

2019 Year in Review

2019 was a great year for Quantstamp. We released a book on smart contract security, helped push forward the DeFi movement through some key audits, launched our Bounty Protocol, expanded our presence into new markets, and more.

December 16, 2019

Quantstamp Enhances Security of New Nuo Contracts

Quantstamp recently enhanced the security of Nuo’s xSplit smart contracts, which serve to provide Nuo customers with the best prices possible by splitting customer orders across various exchanges. Nuo is a repeat customer of Quantstamp: their first audit was completed this April. 

December 13, 2019

The Benefit of Functional Test Suites

A comprehensive test suite can prevent developers from accidentally merging functionality bugs into the master branch.