Quantstamp is Making Smart Contracts Smart Again
Cryptocurrencies experienced a massive influx of activity this year, reaching new all-time highs. The crypto market is only growing, and with it grow the number of smart contracts that run on the Ethereum network. In the span of just five months that number grew to 2M smart contracts that collectively lock up over 11 million ETH, and is expected to reach 10M within a year.
Blockchains are Secure but Smart Contracts are Not
The explosive growth of blockchain interest and smart contracts has left a critical problem left yet unsolved. The 2016 DAO hack comes to mind, wherein a hacker exploited a bug in the smart contract and managed to make ATM-like withdrawals, stealing $55M in ETH. The next year, over $30M in ETH were stolen due to a one word bug in the smart contract code in the Parity multi-sig wallet. These two incidents were a massive blow to the Ethereum network as a whole, with many speculators losing faith.
The current methods of auditing smart contracts are prone to human error and often expensive, and as the demand for auditing grows, the potential for another DAO or Parity multi-sig incident grows. In fact, a recent study found that 44% of Ethereum smart contracts have "semantic gap" vulnerabilities (difference in how a developer thinks code will execute versus how it actually does), meaning that over 12 million ETH are currently potentially at risk of being stolen.
Hello, Quantstamp!
Quantstamp solves the whole smart contract security issue through its scalable and trustless two-step process called the Quantstamp protocol. This process beings once a developer submits code to be audited via the Quantstamp Ethereum smart contract. The developer sends QSP tokens with the source code in the data field, and decides on a bounty.
The first step of the auditing process involves the use of nodes run by "miners"- called "verifiers" in the Quantstamp protocol- that "mine" contracts by running validation node software which runs similarly to Proof-of-Work mining. In return for certifying a contract, a verifier receives a proof-of-audit hash that rewards them a token fee.
The second step rewards both black and white hat hacker participants for manually finding errors in smart contracts. This is to done to bridge the gap between human discrepancy and automation's potential shortcomings, such as being unable to differentiate between a "bug" and a "feature" in a smart contract. The end goal is to move towards full automation of the entire process, but until then the automated bounty payout system incentivizes the mitigation of the effect potential bad actors.
Once a smart contracted is fully audited, the developer has access to the report that identifies issues on a 1-10 severity scale, with 1 being a minor warning and 10 being a major issue. Going through this two-fold automated and crowdsourcing process provides a much higher degree of security, and with the security library receiving regular updates and improvements, the process will only get smarter.
The Road to Wider Adoption
Quantstamp aims to become a critical extension of the Ethereum network, providing quality and cost-efficient smart contract auditing that will set a standard for all future smart contracts to come. If they are successful in their endeavor, the landscape of smart contracts will forever be changed, and incidents like the DAO hack will merely be bad memories. Only then will crypto speculators and investors feel safe, able to put their trust in the blockchain and the smart contracts that run on it, pushing towards wider adoption and a brighter, more secure future for us all.
More Quantstamp: