Quantstamp Community Update Nov. 29, 2018

Quantstamp Announcements
November 20, 2018

Quantstamp Assurance

Quantstamp is tackling the problem of scalable smart contract security both pre and post-deployment. As part of this goal, we’re working on the Quantstamp Assurance Protocol. The Assurance Protocol complements the existing Quantstamp Protocol by providing a marketplace that will allow participants to stake a collateral in QSP tokens to assure that a contract will behave “well”(as expected).

While the Quantstamp Protocol performs automated security scans, there may be issues such as false positives or game-theoretic vulnerabilities that it may not catch. Manual audits may find these issues, but manual audits don’t scale. The Assurance Protocol aims to address these issues in a scalable manner and complement the Quantstamp Protocol.

With some similarities to insurance, the Assurance Protocol allows users and other stakeholders to pay for the assurance that the smart contract they depend on is safe to use and will behave as expected. If the contract does misbehave, stakeholders are compensated.

The Assurance Protocol is currently under development. A more detailed announcement on the architecture and workings of the protocol is forthcoming.

Quantstamp Protocol

Securify Integration

We are making good progress on integrating another analyzer, Securify, into the upcoming version of the Quantstamp Protocol. Securify is an automated smart contract security scanner made by ChainSecurity based on research developed at ETH Zurich. It has been used to scan over 22,000 smart contracts.

Along with our existing integrations of the Mythril and Oyente analyzers, Securify expands the analysis capabilities accessible through the Quantstamp protocol by offering a more comprehensive look at the security of a smart contract. Besides covering a wider variety of vulnerabilities, it also helps reduce the occurrence of false positives, improving the accuracy of the protocol.

As an open-source analyzer, Securify is open to development not only by ChainSecurity but also community members. This allows it to easily be updated to address new vulnerabilities as they arise.

Decentralizing our Protocol

As explained in the October Community Update, we’re working to further decentralize our protocol. This includes storing scan reports directly on the Ethereum blockchain(rather than on AWS), as well as developing decentralized ways to detect and deter malicious actors on the protocol rather than relying on whitelisted nodes.

We are making progress on this initiative on all fronts and are on track with our goals for the current code sprint.

Enterprise Monitoring

Quantstamp is expanding its offerings for enterprise customers with the Quantstamp Enterprise Monitoring Dashboard.

At Quantstamp, we understand that smart contract security doesn’t stop when the contract gets deployed. That’s part of the motivation for the Assurance Protocol and also why we’ve developed a monitoring service to track irregularities after a contract is published on the blockchain. We call this the “post-deployment stage” in the lifespan of a contract.

During the post-deployment stage, new vulnerabilities and exploits that were previously undetectable may endanger the contract. The result could be missing funds, frozen tokens, or counterfeiting. Our monitoring service checks for these kinds of security incidents as they happen, and to alert the smart contract owner, allowing them to take action immediately.

Our monitoring service extends our enterprise security services beyond white-glove audits to cover the continuing life cycle of a smart contract from pre- to post-deployment. For customers, it can help to provide peace of mind. If you’re an exchange or token issuer interested in this service, please reach out to us.

New Team Members

Helena Flack is a community manager and communications professional. She will be heading up our communications efforts in Europe.

Prior to Quantstamp, she worked at Parity Technologies, where she worked directly with Gavin Wood, Co-founder of Ethereum. She is also a co-organiser of ETHBerlin and helps out on the communications strategies for ETHGlobal events too. An experienced PR professional, she is skilled in both crisis and reactive PR as well as proactive PR efforts, media relations, social media, public affairs, and event organization.

Website Redesign

We recently revamped our website design. We believe the new design provides a better user experience as well as better insight into the Quantstamp Protocol, our roadmap and progress, and our enterprise services. Check it out here.

Fundamentals of Smart Contract Security Book

Illustration of a smart contract vulnerability which will appear in Fundamentals of Smart Contract Security

The Quantstamp team has finished drafting Fundamentals of Smart Contract Security, expected to release this winter. This book will provide an in-depth look at both the issues involved in smart contract security, and practical examples of vulnerabilities in the wild.

With Fundamentals of Smart Contract Security, we aim to help spread knowledge and awareness of smart contract security.

Chamber of Digital Commerce

Our CEO Richard Ma recently joined the Chamber of Digital Commerce as co-chair of the Smart Contracts Alliance. The Chamber of Digital Commerce is the world’s first and largest trade association representing the digital asset and blockchain industry. It meets with legislators and industry leaders in order to promote the real-world application of smart contracts and blockchain technology.

As CEO of Quantstamp, Richard has helped lead initiatives to improve the secure mainstream adoption of blockchain technology, and he aims to further that cause as co-chair of the Smart Contracts Alliance.

Events

We continue to be active in blockchain events and conferences both regionally and internationally. Here are some of the more notable events we attended in November:

Devcon 4

Quantstamp leadership and core team members at Devcon 4

We had a strong presence at Devcon 4, with leadership and many core team members in attendance. Devcon 4 is one of the largest Ethereum conferences in the world. Attended by Vitalik Buterin and core members of the Ethereum Foundation, it has a strong focus on designing, developing and building out decentralized applications.


Quantstamp Head of Business Development Don Ho talks to Crypt0 about Quantstamp at Devcon 4

At Devcon4, our Senior Research Engineer, Martin Derka, presented a workshop on preparing for a security review/audit. In addition, our CEO Richard Ma also demonstrated Plasma Dog, a game which runs on the OMG Plasma MVP which we audited earlier this month.

Blockchain Advocacy Coalition

In November, we hosted the Blockchain Advocacy Coalition along with California’s next treasurer Fiona Ma, and Blockchain for Social Justice at our San Francisco offices. We believe that blockchain will have an impact on all our lives, and working to shape legislation in positive ways will benefit everyone.

Node Tokyo

Quantstamp Engineer Yohei Oka speaks on smart contract vulnerabilities at Node Tokyo

We sponsored and spoke at Node Tokyo. This large-scale event featured speakers from the Ethereum Foundation, Origin Protocol, Metamask, and more, connecting the world’s top blockchain projects with Japan.

Stay Tuned

Something’s always happening at Quantstamp. Stay tuned by subscribing to our newsletter, following us on Twitter, or joining our Telegram. And of course, don’t forget our AMA/Q&A every Friday at noon PST on our Telegram channel.

Note: This update includes information and forward-looking statements about upcoming events and concepts under continuing development. Schedules, features, and functionality are subject to change or cancellation at any time and you are not to place undue reliance on this information or any forward-looking statements.

Ready for a consultation? Get started verifying your code today:
Request a Security Audit
April 22, 2019

A Technical Introduction to the Quantstamp Security Assurance Protocol

Providing a sense of assurance for contracts that have been deployed on the mainnet fills a gap in the current smart contract security ecosystem. Assurance of deployed contract correctness has been a goal of Quantstamp since we began on our mission, including as described in the whitepaper. To this end, we’re proud to present the Quantstamp Security Assurance Protocol.

April 17, 2019

Quantstamp Audits Nuo Network

Quantstamp recently audited Nuo Network, a debt marketplace that connects lenders and borrowers from around the world using smart contracts.

April 15, 2019

Introducing the Quantstamp Security Assurance Protocol

Over the last eight months, Quantstamp has been developing and completed an alpha test of the Quantstamp Security Assurance Protocol (QSAP). The goals of this project include helping to increase confidence in the security of deployed smart contracts and mitigating the risk of losses due to security vulnerabilities. This effort is motivated by the inexorable reality that smart contracts may be exposed to unforeseeable attacks during the post-deployment stage, when the code is immutable.

April 10, 2019

Presenting Quantstamp’s ETHDenver Beacon Chain Simulator

This year, members of the Quantstamp team and some of our friends participated in the ETHDenver Hackathon. Our CEO Richard Ma, Poming Lee (myself), Nathan Frenette and Derek Alia entered the hackathon as “Beacon Thugs and Harmony” and hacked away at an implementation of the ETH 2.0 Beacon Chain.