Quantstamp Audits Layer 1 Blockchains

Quantstamp Labs
September 1, 2020

Quantstamp has secured over 5 billion USD in digital assets and provided security services for over 130 organizations including startups, foundations, and enterprises. Apart from securing the applications that run on blockchain platforms, we also offer security services for base layer protocols. Our experience with base layer protocols includes ETH2, Avalanche, and Cardano. For ETH2, we audited the Prysm client by Prysmatic Labs and we are currently auditing the Teku client by ConsenSys.

In this post, we describe what goes into a Layer 1 audit and highlight some of the unique mechanisms we have worked with.

ETH2 uses proof-of-stake as its consensus mechanism. ETH2 eventually aims to utilize proof-of-stake to validate data across 64 shards.

The Consensus Layer

Quantstamp searches for bugs that may prevent Layer 1 networks from reaching consensus. For a network to be in consensus, nodes of a specific network need to be in agreement about the latest state of that network. For a distributed network to be successful, consensus disruptions must be rare because they can make the network unusable for a time.

ETH2, Cardano, and Avalanche each have a unique protocol for producing consensus. ETH2 and Cardano both use proof-of-stake (PoS): however, ETH2 has a PoS model that incentivizes good behavior through slashing, while Cardano uses a delegated proof-of-stake model without slashing. Cardano’s consensus model is referred to as “delegated proof-of-stake” because users delegate their right to validate transactions to a stake pool operator in exchange for a portion of that pool’s rewards.

Avalanche includes a directed acyclic graph (DAG) component. DAG nodes have a unique internal mechanism for determining which transactions will ultimately be included in the DAG. image source

Quantstamp looks for vulnerabilities that interfere with consensus and leave networks susceptible to attacks including, but not limited to:

Not all distributed networks are blockchains; some are directed acyclic graphs (DAGs).

The Ledgers

The Layer 1 protocols we have secured do not only differ in how they achieve consensus, they also differ in how they store their data. Avalanche’s ledger is actually not a blockchain but a directed acyclic graph. Cardano and ETH2 use blockchains. Quantstamp audited ETH2’s Beacon Chain, the blockchain at the heart of ETH2’s future sharded ledger system. Quantstamp ensures that the data stored in these ledgers is immutable, honest, and free of vulnerabilities.

Quantstamp audits wallets to secure user funds.

User-Facing Applications

Organizations seeking a Layer 1 audit also need security for the user-facing applications that help non-technical users interact with the blockchain. For Cardano, Quantstamp also audited the Daedalus wallet in order to secure user private keys and funds.

Quantstamp Labs
September 1, 2020

Quantstamp has secured over 5 billion USD in digital assets and provided security services for over 130 organizations including startups, foundations, and enterprises. Apart from securing the applications that run on blockchain platforms, we also offer security services for base layer protocols. Our experience with base layer protocols includes ETH2, Avalanche, and Cardano. For ETH2, we audited the Prysm client by Prysmatic Labs and we are currently auditing the Teku client by ConsenSys.

In this post, we describe what goes into a Layer 1 audit and highlight some of the unique mechanisms we have worked with.

ETH2 uses proof-of-stake as its consensus mechanism. ETH2 eventually aims to utilize proof-of-stake to validate data across 64 shards.

The Consensus Layer

Quantstamp searches for bugs that may prevent Layer 1 networks from reaching consensus. For a network to be in consensus, nodes of a specific network need to be in agreement about the latest state of that network. For a distributed network to be successful, consensus disruptions must be rare because they can make the network unusable for a time.

ETH2, Cardano, and Avalanche each have a unique protocol for producing consensus. ETH2 and Cardano both use proof-of-stake (PoS): however, ETH2 has a PoS model that incentivizes good behavior through slashing, while Cardano uses a delegated proof-of-stake model without slashing. Cardano’s consensus model is referred to as “delegated proof-of-stake” because users delegate their right to validate transactions to a stake pool operator in exchange for a portion of that pool’s rewards.

Avalanche includes a directed acyclic graph (DAG) component. DAG nodes have a unique internal mechanism for determining which transactions will ultimately be included in the DAG. image source

Quantstamp looks for vulnerabilities that interfere with consensus and leave networks susceptible to attacks including, but not limited to:

Not all distributed networks are blockchains; some are directed acyclic graphs (DAGs).

The Ledgers

The Layer 1 protocols we have secured do not only differ in how they achieve consensus, they also differ in how they store their data. Avalanche’s ledger is actually not a blockchain but a directed acyclic graph. Cardano and ETH2 use blockchains. Quantstamp audited ETH2’s Beacon Chain, the blockchain at the heart of ETH2’s future sharded ledger system. Quantstamp ensures that the data stored in these ledgers is immutable, honest, and free of vulnerabilities.

Quantstamp audits wallets to secure user funds.

User-Facing Applications

Organizations seeking a Layer 1 audit also need security for the user-facing applications that help non-technical users interact with the blockchain. For Cardano, Quantstamp also audited the Daedalus wallet in order to secure user private keys and funds.

Interested in learning about the latest developments in DeFi?
Learn more
October 19, 2023

DeFi Protection: Compensating Users For DeFi Losses

September 29, 2023

Partnering with Toku to Enhance Web3 Security & Payroll Practices

Quantstamp is thrilled to announce a strategic partnership with Toku, marking a significant milestone in our commitment to web3 security and compliance.

July 3, 2023

Towards SATisfactory Web3 Software Engineering

In web3, traditional methods of bug detection and code verification fall short. Learn how lightweight formal methods can offer a practical approach to identifying and fixing bugs in dApp code.

June 5, 2023

Quantstamp x Hypernative Partner to Enhance Web3 Security

Quantstamp and Hypernative are excited to announce a partnership that marks a major milestone in bolstering security within the fast-moving web3 ecosystem.

Quantstamp Logo
The Leader in Web3 Security and Solutions
Smart Contract Audits
Information
Company
Stay Informed
DisclosureTerms and ConditionsPrivacy Policy
© 2017-2023 Quantstamp, Inc.
CloseQuantstamp logo

Contact Us

Let us know how you would like to collaborate with us.

Security Audit
Success
We received your request successfully

Thank you for expressing your interest in Quantstamp. We will contact you as soon as we review your message.

Status
Full name
-
Email
-
Your message
-
Oops! Something went wrong while submitting the form.
CloseQuantstamp logo

Request a Smart Contract Security Audit

Thank you for your interest in working with Quantstamp!

We look forward to connecting with you.

Security Audit
We received your request successfully

Thank you for expressing your interest in a smart contract audit. You will receive a confirmation email from us and our team will be in touch with you within the next few days.

In the meantime, please consider getting your code and documentation ready in accordance with the Audit Readiness Checklist.

Full name
-
Email
-
Project Name / URL
-
Oops! Something went wrong while submitting the form.
CloseQuantstamp logo

Contact Our Press Team

Are you interested in writing about Quantstamp or learning more about us? 

Fill out the form and we will contact you shortly. We look forward to meeting you.

Security Audit
We received your request successfully

Thank you for contacting our press team. We will get in touch with you in the next few days.

Oops! Something went wrong while submitting the form.