Quantstamp Community Update Nov. 29, 2018

Quantstamp Announcements
July 23, 2019

Quantstamp Assurance

Quantstamp is tackling the problem of scalable smart contract security both pre and post-deployment. As part of this goal, we’re working on the Quantstamp Assurance Protocol. The Assurance Protocol complements the existing Quantstamp Protocol by providing a marketplace that will allow participants to stake a collateral in QSP tokens to assure that a contract will behave “well”(as expected).

While the Quantstamp Protocol performs automated security scans, there may be issues such as false positives or game-theoretic vulnerabilities that it may not catch. Manual audits may find these issues, but manual audits don’t scale. The Assurance Protocol aims to address these issues in a scalable manner and complement the Quantstamp Protocol.

With some similarities to insurance, the Assurance Protocol allows users and other stakeholders to pay for the assurance that the smart contract they depend on is safe to use and will behave as expected. If the contract does misbehave, stakeholders are compensated.

The Assurance Protocol is currently under development. A more detailed announcement on the architecture and workings of the protocol is forthcoming.

Quantstamp Protocol

Securify Integration

We are making good progress on integrating another analyzer, Securify, into the upcoming version of the Quantstamp Protocol. Securify is an automated smart contract security scanner made by ChainSecurity based on research developed at ETH Zurich. It has been used to scan over 22,000 smart contracts.

Along with our existing integrations of the Mythril and Oyente analyzers, Securify expands the analysis capabilities accessible through the Quantstamp protocol by offering a more comprehensive look at the security of a smart contract. Besides covering a wider variety of vulnerabilities, it also helps reduce the occurrence of false positives, improving the accuracy of the protocol.

As an open-source analyzer, Securify is open to development not only by ChainSecurity but also community members. This allows it to easily be updated to address new vulnerabilities as they arise.

Decentralizing our Protocol

As explained in the October Community Update, we’re working to further decentralize our protocol. This includes storing scan reports directly on the Ethereum blockchain(rather than on AWS), as well as developing decentralized ways to detect and deter malicious actors on the protocol rather than relying on whitelisted nodes.

We are making progress on this initiative on all fronts and are on track with our goals for the current code sprint.

Enterprise Monitoring

Quantstamp is expanding its offerings for enterprise customers with the Quantstamp Enterprise Monitoring Dashboard.

At Quantstamp, we understand that smart contract security doesn’t stop when the contract gets deployed. That’s part of the motivation for the Assurance Protocol and also why we’ve developed a monitoring service to track irregularities after a contract is published on the blockchain. We call this the “post-deployment stage” in the lifespan of a contract.

During the post-deployment stage, new vulnerabilities and exploits that were previously undetectable may endanger the contract. The result could be missing funds, frozen tokens, or counterfeiting. Our monitoring service checks for these kinds of security incidents as they happen, and to alert the smart contract owner, allowing them to take action immediately.

Our monitoring service extends our enterprise security services beyond white-glove audits to cover the continuing life cycle of a smart contract from pre- to post-deployment. For customers, it can help to provide peace of mind. If you’re an exchange or token issuer interested in this service, please reach out to us.

New Team Members

Helena Flack is a community manager and communications professional. She will be heading up our communications efforts in Europe.

Prior to Quantstamp, she worked at Parity Technologies, where she worked directly with Gavin Wood, Co-founder of Ethereum. She is also a co-organiser of ETHBerlin and helps out on the communications strategies for ETHGlobal events too. An experienced PR professional, she is skilled in both crisis and reactive PR as well as proactive PR efforts, media relations, social media, public affairs, and event organization.

Website Redesign

We recently revamped our website design. We believe the new design provides a better user experience as well as better insight into the Quantstamp Protocol, our roadmap and progress, and our enterprise services. Check it out here.

Fundamentals of Smart Contract Security Book

Illustration of a smart contract vulnerability which will appear in Fundamentals of Smart Contract Security

The Quantstamp team has finished drafting Fundamentals of Smart Contract Security, expected to release this winter. This book will provide an in-depth look at both the issues involved in smart contract security, and practical examples of vulnerabilities in the wild.

With Fundamentals of Smart Contract Security, we aim to help spread knowledge and awareness of smart contract security.

Chamber of Digital Commerce

Our CEO Richard Ma recently joined the Chamber of Digital Commerce as co-chair of the Smart Contracts Alliance. The Chamber of Digital Commerce is the world’s first and largest trade association representing the digital asset and blockchain industry. It meets with legislators and industry leaders in order to promote the real-world application of smart contracts and blockchain technology.

As CEO of Quantstamp, Richard has helped lead initiatives to improve the secure mainstream adoption of blockchain technology, and he aims to further that cause as co-chair of the Smart Contracts Alliance.


We continue to be active in blockchain events and conferences both regionally and internationally. Here are some of the more notable events we attended in November:

Devcon 4

Quantstamp leadership and core team members at Devcon 4

We had a strong presence at Devcon 4, with leadership and many core team members in attendance. Devcon 4 is one of the largest Ethereum conferences in the world. Attended by Vitalik Buterin and core members of the Ethereum Foundation, it has a strong focus on designing, developing and building out decentralized applications.

Quantstamp Head of Business Development Don Ho talks to Crypt0 about Quantstamp at Devcon 4

At Devcon4, our Senior Research Engineer, Martin Derka, presented a workshop on preparing for a security review/audit. In addition, our CEO Richard Ma also demonstrated Plasma Dog, a game which runs on the OMG Plasma MVP which we audited earlier this month.

Blockchain Advocacy Coalition

In November, we hosted the Blockchain Advocacy Coalition along with California’s next treasurer Fiona Ma, and Blockchain for Social Justice at our San Francisco offices. We believe that blockchain will have an impact on all our lives, and working to shape legislation in positive ways will benefit everyone.

Node Tokyo

Quantstamp Engineer Yohei Oka speaks on smart contract vulnerabilities at Node Tokyo

We sponsored and spoke at Node Tokyo. This large-scale event featured speakers from the Ethereum Foundation, Origin Protocol, Metamask, and more, connecting the world’s top blockchain projects with Japan.

Stay Tuned

Something’s always happening at Quantstamp. Stay tuned by subscribing to our newsletter, following us on Twitter, or joining our Telegram. And of course, don’t forget our AMA/Q&A every Friday at noon PST on our Telegram channel.

Note: This update includes information and forward-looking statements about upcoming events and concepts under continuing development. Schedules, features, and functionality are subject to change or cancellation at any time and you are not to place undue reliance on this information or any forward-looking statements.

October 7, 2019

You are Invited to the Quantstamp Security Assurance Protocol Beta Test

Thank you for participating in the beta-testing phase of the Quantstamp Assurance Protocol. Help us collect feedback in order to make improvements.

October 4, 2019

How to Use DeFi Safely

With eye popping interest rates on lending platforms, it’s never been more tempting to put assets into some of the promising new #DeFi applications out there today. But is security an issue? Dr. Poming Lee, Security Engineer with Quantstamp, explains how to keep your funds safe when using DeFi.

October 1, 2019

Quantstamp Community Update - September 2019

Quantstamp Blue Paper upcoming, securing #DeFi, the latest Forbes Tech Council article, and more.Here’s what’s been going on at Quantstamp in September:

September 25, 2019

Quantstamp Enhances Security of Blockchain Certified Sports Memorabilia

On Monday, September 9th, BlockStar, a company authenticating real-world goods using blockchain technology, and DeMarchi, the iconic cycling apparel brand established in 1946, sold the world’s first blockchain certified replica of Fausto Coppi’s 1953 De Marchi Jersey for $10,500. Quantstamp facilitated the success of this sale by enhancing the security of the blockchain components and the website used to conduct the auction.