Quantstamp Audits Layer 1 Blockchains

Quantstamp Labs
September 1, 2020

Quantstamp has secured over 5 billion USD in digital assets and provided security services for over 130 organizations including startups, foundations, and enterprises. Apart from securing the applications that run on blockchain platforms, we also offer security services for base layer protocols. Our experience with base layer protocols includes ETH2, Avalanche, and Cardano. For ETH2, we audited the Prysm client by Prysmatic Labs and we are currently auditing the Teku client by ConsenSys.

In this post, we describe what goes into a Layer 1 audit and highlight some of the unique mechanisms we have worked with.

ETH2 uses proof-of-stake as its consensus mechanism. ETH2 eventually aims to utilize proof-of-stake to validate data across 64 shards.

The Consensus Layer

Quantstamp searches for bugs that may prevent Layer 1 networks from reaching consensus. For a network to be in consensus, nodes of a specific network need to be in agreement about the latest state of that network. For a distributed network to be successful, consensus disruptions must be rare because they can make the network unusable for a time.

ETH2, Cardano, and Avalanche each have a unique protocol for producing consensus. ETH2 and Cardano both use proof-of-stake (PoS): however, ETH2 has a PoS model that incentivizes good behavior through slashing, while Cardano uses a delegated proof-of-stake model without slashing. Cardano’s consensus model is referred to as “delegated proof-of-stake” because users delegate their right to validate transactions to a stake pool operator in exchange for a portion of that pool’s rewards.

Avalanche includes a directed acyclic graph (DAG) component. DAG nodes have a unique internal mechanism for determining which transactions will ultimately be included in the DAG. image source

Quantstamp looks for vulnerabilities that interfere with consensus and leave networks susceptible to attacks including, but not limited to:

Not all distributed networks are blockchains; some are directed acyclic graphs (DAGs).

The Ledgers

The Layer 1 protocols we have secured do not only differ in how they achieve consensus, they also differ in how they store their data. Avalanche’s ledger is actually not a blockchain but a directed acyclic graph. Cardano and ETH2 use blockchains. Quantstamp audited ETH2’s Beacon Chain, the blockchain at the heart of ETH2’s future sharded ledger system. Quantstamp ensures that the data stored in these ledgers is immutable, honest, and free of vulnerabilities.

Quantstamp audits wallets to secure user funds.

User-Facing Applications

Organizations seeking a Layer 1 audit also need security for the user-facing applications that help non-technical users interact with the blockchain. For Cardano, Quantstamp also audited the Daedalus wallet in order to secure user private keys and funds.

Quantstamp Labs
September 1, 2020

Quantstamp has secured over 5 billion USD in digital assets and provided security services for over 130 organizations including startups, foundations, and enterprises. Apart from securing the applications that run on blockchain platforms, we also offer security services for base layer protocols. Our experience with base layer protocols includes ETH2, Avalanche, and Cardano. For ETH2, we audited the Prysm client by Prysmatic Labs and we are currently auditing the Teku client by ConsenSys.

In this post, we describe what goes into a Layer 1 audit and highlight some of the unique mechanisms we have worked with.

ETH2 uses proof-of-stake as its consensus mechanism. ETH2 eventually aims to utilize proof-of-stake to validate data across 64 shards.

The Consensus Layer

Quantstamp searches for bugs that may prevent Layer 1 networks from reaching consensus. For a network to be in consensus, nodes of a specific network need to be in agreement about the latest state of that network. For a distributed network to be successful, consensus disruptions must be rare because they can make the network unusable for a time.

ETH2, Cardano, and Avalanche each have a unique protocol for producing consensus. ETH2 and Cardano both use proof-of-stake (PoS): however, ETH2 has a PoS model that incentivizes good behavior through slashing, while Cardano uses a delegated proof-of-stake model without slashing. Cardano’s consensus model is referred to as “delegated proof-of-stake” because users delegate their right to validate transactions to a stake pool operator in exchange for a portion of that pool’s rewards.

Avalanche includes a directed acyclic graph (DAG) component. DAG nodes have a unique internal mechanism for determining which transactions will ultimately be included in the DAG. image source

Quantstamp looks for vulnerabilities that interfere with consensus and leave networks susceptible to attacks including, but not limited to:

Not all distributed networks are blockchains; some are directed acyclic graphs (DAGs).

The Ledgers

The Layer 1 protocols we have secured do not only differ in how they achieve consensus, they also differ in how they store their data. Avalanche’s ledger is actually not a blockchain but a directed acyclic graph. Cardano and ETH2 use blockchains. Quantstamp audited ETH2’s Beacon Chain, the blockchain at the heart of ETH2’s future sharded ledger system. Quantstamp ensures that the data stored in these ledgers is immutable, honest, and free of vulnerabilities.

Quantstamp audits wallets to secure user funds.

User-Facing Applications

Organizations seeking a Layer 1 audit also need security for the user-facing applications that help non-technical users interact with the blockchain. For Cardano, Quantstamp also audited the Daedalus wallet in order to secure user private keys and funds.

Interested in learning about the latest developments in DeFi?
Learn more
March 28, 2023

The Regens Building a More Sustainable Future

From infrastructure to gamification, meet some of the movers and shakers of ReFi that are making things happen behind the scenes.

March 27, 2023

Quantstamp Receives Multiple Layer 2 Community Grants from Ethereum Foundation

Learn more about the grants Quantstamp has received from the Ethereum Foundation in the Cybersecurity, Data Analysis, and Data Visualization categories.

February 7, 2023

Refi: An Intro

If you’ve been around the web3 space for a while, you’ve probably heard the term “ReFi,” thrown around, but what does it mean?