Quantstamp (QSP) is the first security verification and security-auditing protocol for smart contracts that improves the security of Ethereum. The advantages of the security protocol include automation, trust, governance, and ability to compute hard problems over a distributed network.
THE DEMAND / THE MARKET
The past year has seen an impressive growth in the blockchain community which has resulted in emergence of various crypto-companies. Although, there has been a lot of progress made in the past few years there is still a lot concern from investors regarding security measures taken to protect their investments. The general understanding that most have is that anything to do with blockchain is secure, which is false. The blockchain network itself is a secure entity, however, there can be significant security flaws within the smart contracts. There have been multiple incidences where hackers have stolen millions of dollars from crypto companies by exploiting missed coding errors [i],[ii]. To date there have been over $250M worth of investments have been either stolen or lost in smart contracts because of poor coding. Such incidences raise serious concerns from investors, thus hindering wider adoption of Ethereum network. Additionally, SEC chairman Jay Clayton has stressed concern regarding the validity of the cybersecurity audits[iii]. Currently, auditing is done by humans at various consulting companies which still increases concern regarding the validity of the code and its security.
The impressive growth of blockchain companies has been highlighted by the exponential growth of smart contract adoption (Figure1). To put this in perspective, the number of contracts grew from 520k on June 2016 [iv]to 25M at the time of writing this article (February 2018).It is clear that the demand for an auditing is present and growing exponentially. Additionally, with this increase in number of smart contracts there will also be increased amount of ETH locked within these contracts. As of October 2017, there were 11M ETH (~$3.2B at the time) locked into smart contracts. Thus, there is no question that the risk for contract failures and exploitation will grow with time.
Quantstamp’s protocol solves the smart contract security problem by creating a scalable and cost-effective system to audit all smart contracts on the Ethereum network. The protocol consists of two parts:
- Automated and upgradeable software verification system that checks Solidity programs. This is a conflict driven distributed SAT solver which will require significant computing power, will be able to catch increasingly sophisticated attacks.
- Automated bounty payout system that will reward human participants for finding errors in smart contracts. This aims to help facilitate the process of full automation.
To achieve the goals stated above by relying on a distributed network of participants in hope to help diminish the effects of errors, provide the needed computing power and also to provide governance. These participants are then awarded with various amounts of Quantstamp tokens, QSP.
- Contributors: Awarded QSP as an invoice for contributing software for verifying Solidity programs. All contributed code will be public in order to increase community confidence.
- Validators: Awarded QSP for running the Quantstamp validation node. Similar concept to mining.
- Bug finders: Awarded QSP as a bounty for submitting bugs which can essentially be used to exploit smart contracts.
- Contract creators: Pay QSP to have their contracts verified.
- Voters: voters can time-lock tokens in order to have voting rights within the governance system, which will be necessary for protocol upgrades. This is a positive step towards keeping the system as a decentralized system.
- Quantstamp is a specialized network that connects developers, investors and users around a transparent and scalable proof-of-audit.
- The network acts as a critical peice of transparency by enabling automated checks on smart contract vulnerabilities and automatically rewarding verifiers who identify bugs.
- Quantstamp tokens allow the platform to operate in a scalable and fully decentralized fashion, delivering computation fees to verifier nodes, and bounties for locating vulnerabilities.
Quantstamp is in very early stages of its existence. It was co-founded in June 2017 by Richard Ma and Steven Stewart. They then built the Solidity Static Analyzer prototype days after the Parity Wallet hack in July 2017. By October, they completed the Request Network semi-automated audit, built an automated truffle test generator and completed a second semi-automated audit with another company. In November, they began university partnership with University of Waterloo, completed their third semi-automated audit with another company, and launched the QSP tokens. By December 2017, they had built the Quantstamp validation / payment smart contract on Ethereum and had completed their fourth semi-automated audit. In 2018, their roadmap is as follows:
- January: Build the Quantstamp validation node (an augmented Ethereum node).
- February: Add analysis software v1 to the validation node that returns the proof-of-audit hash and raw output and complete the 5th semi-automated audit using analysis software v1.
- March: Begin testing phase and improvement of crypto-economic incentives and implement token holder governance system for the upgradeable protocol.
- April: Deploy to test network after testing and validating system and begin academic review of the system.
- May: Hold first Quantstamp hackathon.
- June: Begin work on smart contract insurance with partners.
- July: Hold token holder vote for Mainnet after months of testing/incentive adjustment.
- August: Release Mainnet v1.
- September: Begin work on distributed SAT consensus with BFT for Mainnet v2.
- October: Add smart contract insurance alpha product on Mainnet smart contracts.
Quantstamp’s team is made up of 14 members which includes a group of software testing experts with PhDs that claim to have collectively over 500 Google Scholar citations. The team has worked for companies such as Google, Microsoft, Samsung, Barclays and even on the Canadian National Defense. Founders and founding team members include:
- Richard Ma: Co-founder and CEO
- Cornell ECE, Algorithmic Portfolio Manager
- Steven Steward: Co-founder and CTO
- MCS, BA PhD, U. Waterloo Software verification, Database implementation
Quantstamp has also a very impressive group of advisors on board as well. This list includes two prominent names, Evan Cheng and David Park. Evan Cheng was a director of engineering at Facebook and Apple. While, David Park was a project manager at Facebook.The team is very active, attending various meetings and styling active on social media with their updates. Additionally, they are very actives with partnerships which will be highlighted in the next page.
TOKENS and SUPPLY
Quantstamp’s QSP tokens are ERC20 Tokens with an initial total supply of 1B Tokens. The pre-sale consisted of three different levels of which the goal was to raise $3M USD, $4M USD and $4M USD at each level, respectively. The token price was fixed at the time to the price of ETH which was also fixed as $300USD. During the initial three stages of pre-sale, participants received 10K QSP/ ETH ($0.03 USD/QSP), 7K QSP/ ETH ($0.04 USD/QSP), and 6K QSP/ ETH ($0.05 USD/QSP), respectively. A pre-sale hard cap of $11M USD was set. During the crowd sale, a hard cap of $19M USD was set, for which participants received 5K QSP/ ETH ($0.06 USD/QSP). Quantstamp was able to reach its goal of $31M USD. Quantstamp’s token distribution is as follows:
- Token Sale: 65%
- Team and Advisors: 20%
- Core Activities Reserve: 10%
- Community Development: 5% The breakdown of proceeds from the Token sale is as follows:
- Product Development: 50%
- Marketing and Community: 30%
- Administrative and General: 15%
- Security: 5% As previously stated, Quantstamp will require a minimum of 200K QSP per audit. They hope to decrease this as they begin to scale and demand increases.
PROS and CONS
Let us discuss some of the pros and cons of Quantstamp as an investment. Some of the pros have already been discussed but we will touch on them once again:
- Competition: Quantstamp is currently one of the first to the market. This provides them with the clear advantage of establishing themselves as the industry standard. Current competitors include OpenZeppelin and BlackCat. BlackCat could actually sell Quantstamp-audited security add-ons to their customers. However, the two competitors will always be a step behind and cannot offer the industry standard level of auditing that will be offered by Quantstamp.
- Demand: We discussed above the growing demand for such product. This product will help remove doubt regarding the security of smart contracts. This would function as a stamp of confidence.
- Community: Quantstamp’s community is every growing as well. Their Telegram group currently has 23K users which has grown 23-fold in just four months.
- Network: Quantstamp is a part of YCombinator which is home to success stories such as Airbnb, Reddit and Coinbase. There is no doubt that this will help foster some sort of partnership to occur as YCombinator is known to help facilitate partnerships between their start-ups. Although, difficult to speculate as to what those may be, one could speculate a potential partnership between Coinbase and Quantstamp, where any newly added ERC20 Coins to Coinbase would need to be audited by Quantstamp. This can help facilitate Quantstamp’s position as the industry’s standard.
The challenges that Quantstamp faces are also significant in nature. Some of these include:
- Trust: the main concern here would be if one of Quantstamp’s audited smart contracts is hacked. This could create some doubt in the eyes of users.
- Incentive for Auditors: It may become harder over time for auditors to find errors in smart contracts which in turn will result in decreased incentive for manual audits.
Quantstamp has had some impressive recent partnerships:
- On December 24th , 2017, Quantstamp announced that they have completed the initial audit of the Listia Inc.’s INK Platform smart contracts (5). INK is creating a decentralized reputation and payment system for P2P marketplace based on the Ethereum blockchain. Listia inc. has over 10M users and is also a member of YCombinator company.
- On January 22nd, 2018, Quantstamp announced that they will audit Insights Network’s crowd sale smart contract and also plans to audit Insights Network’s blockchain data exchange smart contract in the near future, which will be released on EOS. The Insights Network is developing a protocol that combines the EOS blockchain with proprietary secure multi party computation software that functions as an operating system for privacy-preserving data exchange between consumers and organizations (6). This move made Quantstamp a blockchain-agnostic company.
- On January 31 st , 2018, Quantstamp announced that they have successfully completed the audit of the first dApp on the WeTrust Platform (7). WeTrust is an inclusive, decentralized platform that enables fair and equitable financial services (e.g. savings, lending, insurance products) to be built on the blockchain without the need for a traditional trusted third party.
- On February 7 th , 2018, Quantstamp announced that they have partnered with Japanese cryptocurrency exchange QUOINE, where they will act as security advisors providing recommendations for select smart contract projects (8).
Let us discuss some of Quantstamp’s highlights which I believe make the long-term potential of this company very promising.
- The first semi-automatic security verification and security-auditing protocol for smart contracts.
- Using their technology, they plan to increase processing speeds of smart contract auditing and decrease costs of auditing.
- Auditing protocol is created in a manner that malicious participants will not be able to manipulate the audit results.
- First to the market, with almost no competition at this time.
- The demand for such product is exceptionally high, and once this product becomes the industry standard, then a majority of the ~10-20K new smart contracts that are created daily will require Quantstamp’s services.
- The general consensus in the community is that Quantstamp will become the industry standard for smart contract auditing and will eventually become a requirement by investors.
- Part of the YCombinator which gives them newly developing blockchain companies. This places them in an environment for future potential partnerships, i.e. with Coinbase.
- The total supply of QSP is 100B.
- QSP is currently trading at $0.31 USD with a market cap of $191M USD.
- Recent partnerships with Insight Network, which uses EOS blockchain, makes Quantstamp a blockchain agnostic company.
- Quantstamp has partnered with QUOINE, which is a Japanese cryptocurrency exchange, acting as QUOINE’s smart contract security advisor.
- Quantstamp hopes to begin testing their crypto-economic incentive and implement their token holder governance system for the upgrade protocol in March 2018, which may potentially aid in appreciation of QSP token value.
The writer truly believes that Quantstamp will soon be recognized as one of the most prominent blockchain companies in the world. Quantstamp may not be a “sexy” blockchain company that may get the average investor excited, however, they are a necessity and they provide a much-needed service. Quantstamp’s name can be seen as a stamp of approval and a vote of confidence to investors. While providing a value or price target for QSP is nearly impossible, the writer believes that QSP could reach the $1.00 USD (322% or 3.22-fold) within the next three months and $5.00 USD (1600% or 16-fold) by the end of 2018. The writer’s thesis for such price appreciation is demand driven. Due to reasons mentioned in this report, prospects for outpaced demand should occur if and when Quantstamp is established as the industry standard for security verification and security-auditing protocol for smart contracts.