You are Invited to the Quantstamp Security Assurance Protocol Beta Test

Quantstamp Labs
October 7, 2019

Thank you for participating in the beta-testing phase of the Quantstamp Assurance Protocol.

The Assurance Protocol is a new protocol we're developing at Quantstamp designed to help users receive compensation in the event that the smart contract they are using is hacked or behaves unexpectedly. Solidity experts and others are also compensated for staking tokens on smart contracts they believe are secure.

The purpose of this phase is to collect feedback from the community in order to make improvements. 

As beta-testers, you have two main goals:

The beta-test will take place from : October 7th - Oct 21th

Pool owner (assurance seeker):

Example: Charlie's business depends on smart contracts, which must be protected against attacks like: coin burning/minting, changes in ownership, theft of funds, etc. He uses the Quantstamp Assurance Protocol to create pools with policies that cover these situations.  

Prerequisites: 

Assurance provider (security expert): 

Example: Alice is a security expert who carefully looks at all contracts before placing a stake. She is interested in receiving payments for her services, but does not want to go through the hassle of chasing customers.

Prerequisites:

The prerequisite for this role is familiarity with Ethereum smart contract security best practices.

Assurance provider (non-expert): 

Example: Bob is not a security expert, but would like to put his funds to use. He trusts that the registry of security experts used by the Quantstamp Assurance Protocol contains the top experts in this field and he mimics what they do in order to minimize his risk when using the Assurance Protocol.

Prerequisites:

The only prerequisite is to know how to use MetaMask. No security or development skills are needed.

NOTE: Feel free to try any of the roles even if you don't satisfy all of the prerequisites. You can use the same address for multiple roles.

Additional Details

If you need additional information on how the protocol works, please read these blog posts:

           Introducing the Quantstamp Security Assurance Protocol

           A Technical Intro to the Quantstamp Security Assurance Protocol

Test funds: SAFE is the ERC20 token used for this beta-test. All participants can obtain Ropsten SAFE for free from this faucet https://safe-faucet.quantstamp.com/.

Reporting requirements:

Report a bug, an issue or request a new feature using the help button. You can find the help button on the bottom-left corner of assurance.quantstamp.com.

Set Up Steps

  1. Log into MetaMask and switch to the Ropsten network.
  1. (Only needed once) Add the SAFE token to MetaMask by clicking "ADD TOKEN" > Custom Token > copy the address of the SAFE token 0x8333E6AA49DeD6EAcaa00a9C24ead6b673934f65 and click "NEXT" > click "Add Token" and you are done.
  1. If you do not have Ropsten ETH, get free Ropsten ETH here at this faucet. Ropsten ETH will be used to pay for gas.
  1. You also need SAFE tokens to test our protocol. Get SAFE tokens here at this faucet. 
  1. Navigate to the Assurance Protocol interface using your favorite browser.
  1. Preauthorize the Assurance contract to transfer SAFE from your wallet/account by entering an amount of SAFE and clicking the "Preauthorize" button.


In order to add the SAFE token, switch to the Ropsten Network, click on the fox icon, and then click add token.

Testing Instructions

Now you are ready to participate in our test. Your testing instructions are below and will vary based on the role you choose. 

Pool owners (FAQ):

Simple pool creation:

  1. Deploy a candidate contract that you want to protect onto the Ropsten test network. Store the newly created contract address in a safe location. You will need it later. 
  1. Navigate to assurance.quantstamp.com
  1. When you finish the “Getting Started” tutorial, preauthorize your SAFE tokens.
  1. Click “Create New Pool” button and submit the following information: 
  1. Address of smart contract to cover section: add the smart contract you created on Ropsten. 
  1. Cover amount section: enter the amount of SAFE Tokens that you, as the pool owner, will receive if the default policy is violated.
  1. Time section: enter the length of time, measured in blocks, you want your assurance pool to be covered under the default policy.
  1. Quote: the price you pay to cover the cost of the default policy until it expires.

Default policies and simple pools

When you create a simple pool, your coverage will be governed by the default policy. Under the default policy, security experts will vote to decide when a policy violation occurs. At the moment, 4 Quantstamp engineers are listed as security experts; however, we plan to extend this list and eventually switch to a TCR.

Advanced pool creation

Follow steps 1 - 3 in the Simple Pool Creation section. For advanced pool creation, you will also need to select and deploy a policy contract: 

Deploying a policy contract:

  1. Before selecting a policy contract, think about what you would like to protect in your candidate contract. For example, is your goal to defend against contract ownership changes?
  1. Sample policy contracts are available in the bottom left of this page. Pick one that you want to use to protect your contract. 
  1. Copy its code into Remix and make edits. These examples serve as a reference and will not work directly.
  1. Deploy the policy contract and store its address in a safe location: you will need it when creating a pool. Policies are contract specific and need to be tailored and deployed for a particular candidate contract. Alternatively, if you feel comfortable with writing and deploying your own policy contract, we encourage you to do that. 
  1. Submit enough SAFE tokens in the initial deposit section to cover all payments to assurance providers.
  1. Submit information for all fields and create your pool. 


Manage your pool: 

  1. If the pool expires after the amount of time you specified, you can withdraw your deposit.
  1. If your pool is violated, you can withdraw a claim and get all the funds in the pool. 
  1. If the deposit in your pool becomes too low, then it will not be able to offer payouts and the pool will become inactive/cancelled. Therefore, you can deposit additional funds in order to be sure that payouts can be awarded to the assurance providers. 


Assurance providers - Security Experts (FAQ): 

  1. Search for an attractive pool to stake in based on the pool details. Look at the audit report (if available), candidate contract, and protection policy. Make sure that the contract is secure with respect to the associated policy contract. NOTE: If there is no Solidity source code available you can decompile a contract using this tool.
  1. Stake funds in pools that you deem secure.
  1. After the pool(s) you stake in are active and at least one pay period has passed, withdraw interest (payouts) from those pools.
  1. Withdraw your stakes if the pool expires or is cancelled.


Assurance providers - Non-experts (FAQ): 

  1. Look at existing pools and make an informed decision concerning which pool you choose to stake in. For example, look at how many experts and non-experts have staked in which pools.
  1. Stake funds in the pools you believe are secure.
  1. After the pool(s) you stake in are active and at least one pay period has passed, withdraw your interest (payouts) from those pools.

How to Provide Feedback and Ask Further Questions

  1. If you find a bug, if you would like to report an issue or request a new feature, please do so by creating a ZenDesk ticket using the "Help" widget at assurance.quantstamp.com.
  1. If you have questions during the beta-test, please ask them in this Reddit Thread.
  1. At the end of the beta-test we kindly ask you to fill out this feedback form.


IMPORTANT NOTICE

The Quantstamp Assurance Protocol, the beta-testing construct, concepts, smart contract(s), documentation, and implementation are under continuing development in a test environment and made available through multiple platforms operated independently.  Features, functionality, schedules, and details may not yet work as envisioned and are subject to change or cancellation at any time. Results, payouts, withdrawals, and transmissions are not guaranteed and you may risk loss of QSP, Ether, Ropsten QSP, Ropsten Ether, and/or other amounts.  You are responsible for pooled amounts, policy terms, contracts, and submissions.

You are Invited to Our Beta Test
Start Testing
November 1, 2019

Quantstamp Community Update - October 2019

Devcon Osaka, working with MetaCartel, UWaterloo Blockchain+Security Workshop, SF Blockchain Week - it’s been a busy month at Quantstamp!

October 4, 2019

How to Use DeFi Safely

With eye popping interest rates on lending platforms, it’s never been more tempting to put assets into some of the promising new #DeFi applications out there today. But is security an issue? Dr. Poming Lee, Security Engineer with Quantstamp, explains how to keep your funds safe when using DeFi.

October 1, 2019

Quantstamp Community Update - September 2019

Quantstamp Blue Paper upcoming, securing #DeFi, the latest Forbes Tech Council article, and more.Here’s what’s been going on at Quantstamp in September:

September 25, 2019

Quantstamp Enhances Security of Blockchain Certified Sports Memorabilia

On Monday, September 9th, BlockStar, a company authenticating real-world goods using blockchain technology, and DeMarchi, the iconic cycling apparel brand established in 1946, sold the world’s first blockchain certified replica of Fausto Coppi’s 1953 De Marchi Jersey for $10,500. Quantstamp facilitated the success of this sale by enhancing the security of the blockchain components and the website used to conduct the auction.