Quantstamp Community Update August 2019

Quantstamp Announcements
September 5, 2019

Quantstamp Security Network update, releasing our Bounty Protocol, speaking at DEFCON- it’s been an exciting month at Quantstamp. 

Here’s what’s been going on:

Quantstamp Security Network V2 Update


We have upgraded the Quantstamp Security Network to v2.0.4. This latest release updates the version of Solidity supported to 5.11, and also has a number of optimizations. We’ve reduced infura usage, keeping it within the limit for free usage, and also reduced docker image size, saving disk space for node operators. If you’re a node operator, please visit the release page to download the latest version. 

Assurance Protocol Beta Test


We will soon be soliciting beta testers for our Assurance Protocol. This is a protocol we have developed which creates a marketplace where users can either stake on the safety of a smart contract, or be compensated in case that smart contract is hacked. Stay tuned for more. 

Open Sourcing our Bounty Protocol

We are open sourcing the code for our Bounty Protocol. A bounty protocol is a marketplace for developers to identify bugs in smart contracts that automation cannot detect. The Bounty Protocol has the potential to leverage software engineering talent from around the world to add an essential layer of infrastructure for blockchain security.  

In the Bounty Protocol, Bounty providers submit their smart contract to the protocol and offer a bounty. Bug hunters can then review the smart contract code and report vulnerabilities if they find them. Judges, selected via a TCR, then vote to decide if the bug hunter reported a valid vulnerability. If the judges vote in favor of the bug hunter, they receive the bounty.

Along with the Quantstamp Security Network and Assurance Protocol, the Bounty Protocol aims to add another facet of crypto-economic driven security to help scale security to the needs of the blockchain industry. Find out more about the details of the Bounty Protocol in the blog post or check out the Github page

What is a Re-Entrancy Attack?

Recently, we published a blog post on re-entrancy vulnerabilities. One of the first types of smart contract vulnerabilities to be exploited, a re-entrancy vulnerability was responsible for the DAO hack in 2016. 
This blog post, based on an excerpt from our book “Fundamentals of Smart Contract Security”, explains what re-entrancy vulnerabilities are, and how to prevent them. Read more

Jan Gorzny Speaks at DEFCON 


Blockchain Researcher Jan Gorzny spoke recently in Las Vegas at DEFCON. DEFCON is the premier cybersecurity conference and he presented some of his learnings about smart contract security while working at Quantstamp. 

MOBI VID Standard

Recently, MOBI, the mobility open blockchain initiative​ which we are a part of, released the Vehicle IDentification standard which we co-authored along with companies such as Renault, BMW, GM, IBM and Accenture. The VID standard incorporates blockchain technology into a company-agnostic digital vehicle identification system. 

Similar to a VIN(Vehicle Identification Number), the first phase of the VID system focuses on uniquely identifying vehicles. Subsequent VID phases will go beyond what current VINs are capable of - adding additional product definition, ownership history, and a log of key-events in the vehicle's lifecycle. The result will be a trusted and immutable master record of the vehicle's history and data usage.
By co-authoring this paper, we are proud to be helping to lay the groundwork for next generation technology for the automotive industry

Dubai RTA

In Dubai, we are working with the Road Transport Authority to provide a unified fine system, using blockchain. Fines currently come from 5 sources - Parking, licensing Salik(tolls), Public Transportation and Traffic. Fine information often needs to be shared with various agencies or external agencies.  

Providing a Unified Fine System using blockchain simplifies fine administration and information sharing. All departments can work off a single record, simplifying recording, auditing and sharing of fine information. By using blockchain, synchronization is simplified while resiliency, transparency, and accountability are improved.

Enabling Trust-Minimized BTC-DAI Payments

Switch from Kava Labs allows for non-custodial payments across blockchains

We recently audited the smart contracts underlying Trust-Minimized BTC to DAI payments with Kava Lab’s Switch app.

Kava Labs recently released a new plugin for Interledger which integrates ERC-20 assets into the Interledger Protocol. This allows for trust-minimized payments of ERC-20 tokens like DAI or MKR between other blockchains, such as Bitcoin. Find out more about this cool project in this Medium post by Kava’s Kincaid O’Neil.

Kava Labs is creating cross-ledger payment tools as well as a cross-ledger DeFi platform which aims to support multiple blockchains. Find out more about them at Kava.io

DeMarchi Jersey Auction

In August, we worked with BlockStar to help them power a blockchain-driven auction of an exclusive DeMarchi jersey. In honor of Fausto “Il Campionissimo” Coppi, the jersey was the only authorized replica of the jersey worn by the Italian cycling champion. 

Using blockchain, the auction allows the winner to ensure that the jersey they receive is authentic, and also is used to provide them with a digital representation of the jersey. Blockchain-powered auctions directly address the issue of counterfeit goods - a big issue in the collectibles and art space. 
Read more about the auction here

Market Disruptors Podcast

Recently, our very own Head of Strategy Olga Mack appeared on Market Disruptors, a leading podcast which interviews builders, investors, and leaders in the crypto and blockchain space. Olga sat down with Mark and explained the basics of smart contracts, how they compare to legal contracts, as well as the risks of blockchain technology and how to prevent them. 

Listen to the episode here

Waterloo Blockchain+Security Workshop

This Fall, we’ll be speaking as part of the Waterloo Blockchain+Security Workshop. Speakers include CEO Richard Ma, Co-Founder Steven Stewart, and Waterloo professors such as Vijay Ganesh and Raouf Boutaba. Register here, spaces are limited. 

Recent News from Quantstamp

Don’t miss out on the latest from Quantstamp. Follow us on Facebook, check us out on Twitterjoin the conversation on Reddit, Subscribe to our Youtube, Subscribe to our Newsletter, or find us on LinkedIn

Note: This update includes information and forward-looking statements about upcoming events and concepts under continuing development. Schedules, features, and functionality are subject to change or cancellation at any time and you are not to place undue reliance on this information or any forward-looking statements.








September 5, 2019

Securing DeFi with PoolTogether

Quantstamp is facilitating the future of DeFi by enhancing the security of leading open finance projects like PoolTogether, a no-loss lottery and innovative savings account application.

August 21, 2019

EthBerlin Security HelpDesk Details, Security Award & Hosted Points Bonus from Quantstamp + MythX

Quantstamp and MythX are very excited to support EthBerlin this year. If you're participating, come find us at the HelpDesk, your one-stop resource for any security-related inquiries. Need suggestions on more secure code implementations or advice on mitigating certain vulnerabilities? The HelpDesk is available round the clock to offer guidance and assistance throughout the hackathon.

August 19, 2019

What is a Re-Entrancy Attack?

Computer scientists say that a procedure is re-entrant if its execution can be interrupted in the middle, initiated over (re-entered), and both runs can complete without any errors in execution. In the context of Ethereum smart contracts, re-entrancy can lead to serious vulnerabilities.

August 13, 2019

Open Sourcing Our Bounty Protocol

We are open sourcing the code for our Bounty Protocol. A bounty protocol is a marketplace for developers to identify bugs in smart contracts that automation cannot detect. The Bounty Protocol has the potential to leverage software engineering talent from around the world to add an essential layer of infrastructure for blockchain security.