ICO Analysis: Quantstamp

The core ethos of blockchain technology revolves around the idea of trustlessness. Transfer of value does not need the supervision of centralized authorities, making the technology trustless. When Ethereum introduced the revolutionary concept of smart contracts, it enabled the implementation of business logic on top of blockchain. Blockchain networks are secure but smart contracts are not. Smart contracts bring in the aspect of human trust in these trustless networks. Millions of dollars worth of Ethereum can be stolen even with a small bug present in the smart contract code. The DAO attack is perhaps the best known exploit of a vulnerability in smart contract code where around $55 million worth of Ether was stolen. Once smart contracts are deployed, there is no turning back.

So why don’t companies hire 3rd party services to test smart contract code?

They do! But security consulting companies rely on humans to check smart contract code and with millions of dollars worth of Ethereum underlying a smart contract, it really comes down to trusting that no bad actor exists in the consulting company. The process is also time consuming and expensive. The number of smart contracts are expected to grow to from 2 million in October to 10 million by end of the year. This situation is going to result in an acute shortage of smart contract auditors, while putting the entire Ethereum network at a much greater risk.

Understanding Quantstamp

The Quantstamp protocol solves the smart contract security problem by creating a scalable and cost-effective system to audit all smart contracts on the Ethereum network.

Quantstamp is ‘the first decentralized smart contract security-audit platform’.

At the heart of Quantstamp is an automated and upgradeable software verification system that checks solidity programs submitted by the developers.
Quantstamp works similar to proof of work mining, wherein the miners in Quantstamp are called validators. The verification software is executed by all the validator nodes on the Quantstamp network. Validator node that certifies a smart contract produces a proof of audit hash and in turn, is awarded a token fee. Proof of audit is the proof that the smart contract has been audited. Using the proof of audit hash, it is easy for other nodes to verify whether the audit was performed correctly. The verification process goes through every single line of code and testing every possible scenario, hence requires a large computing power.

Since many validator nodes work simultaneously on verifying multiple smart contracts, the network can achieve scale and complexity that no other centralized system can. The verified smart contract is added to the Ethereum blockchain making it immutable and tamper proof. When requesting an audit, the developer can choose a public or private security report. Quantstamp also incentivizes skilled black and white hat hackers to manually review smart contracts through bounty rewards to find bugs that automation hasn’t detected. The software for verifying smart contracts gets continuously updated, rewarding development contributors.

The Token

The QSP tokens are used for paying, receiving or improving the Quantstamp verification services. The verification code contributors and bug finders receive QSP tokens for their services on the network. The nodes are rewarded for running the Quantstamp validation node. The contract creators pay QSP tokens to get their smart contract verified. Quantstamp also has an inbuilt governance system, where the QSP token holders vote for policy matters like code changes or selection of code contributors.

A hardcap of $30 million has been set for the crowdraise with total supply of 1billion QSP tokens. Of the total $30 million, $11 million have been reserved for the presale and $19 million for the crowdsale. The presale which began on 9th October, allows participation on a unique concept called proof of care. Investors are allowed to participate in the presale only on sharing or promoting Quantstamp. Please go through the official proof of care document here.
The token is valued at 1 ETH = 6,000 QSP for investors submitting their proof of care before 30th October. The crowdsale will take place in November. There is no need of proof of care to participate in the crowdsale, but participation in the Telegram channel in mandatory. 65% of the tokens are available to the public, while 20% are allocated to the team and advisors.

The proof of care concept has been so widely discussed that more people relate Quantstamp with proof of care rather than proof of audit. The marketing ploy is definitely unique and has generated significant interest in the project. There are already 10k + members on the Telegram channel, one of the highest that I have seen.

Team

Quantstamp has an impressive team mostly made up of current and former PhD students from the Canadian university of Waterloo. The team members bring in experience of working on code testing projects in organizations like Microsoft and Google. Cofounder Richard Ma worked as algorithmic Portfolio Manager at Bitcoin HFT Fund. His HFT trading systems had zero notable incidents in nearly a decade of reliably handling millions of dollars of investor capital. The advisors are the best part about the team. Rather than bringing in a group of advisors just for the sake of the crowdsale, Quantstamp is actually working with experienced domain experts. There are 8 advisors on board with specializations in security, blockchain, engineering, legal etc.

The Verdict

When we discussed Raiden Network, I remarked that project is something which Ethereum network needs. Quantstamp is creating a product which the Ethereum network needs urgently! The risk of bugs in smart contracts is so taken for granted that we don’t even discuss it in the risk factors for ICOs. Quantstamp has done the smart contract security audit for Request Network token sale. You can check the summary here.
Although a single audit is not enough to demonstrate the quality of the product, the team seems credible enough to manage this project. A real usecase, proof of concept, credible management, and a good hype; Quantstamp seems to tick all the boxes.

Risks:

  • The project is relevant as long as Ethereum network remains the prominent blockchain for deploying smart contracts. Newer improved blockchains might include inbuilt code verification systems or might not even include smart contracts. -3
  • The validation process is still not thoroughly tested. A hack of Quantstamp validated smart contract might result in complete loss of credibility. -2

Growth Potential:

  • As the number of smart contracts grow at an exponential rate, an automated smart contract verification software is urgently needed. +4
  • The team and advisors score well on credibility. The verification code is as good as the team, hence credibility of the team is quite important in this usecase. +2
  • Quantstamp demonstrated the concept in their review of Request Network. +1.7
  • Many projects will line up to validate their smart contracts with Quantstamp. The Quantstamp protocol is better than centralized verification processes in almost all the aspects be it cost, time period or risk. Quantstamp also has the first mover advantage. +3
  • Ethereum blockchain is still the preferred way to raise money with new ICOs launched almost daily. +1.5

Disposition

We arrive at a score of +7.2 out of 10 for Quantstamp. The high score seems justified for a project which is working towards tying one of the loose ends of the Ethereum network.

Investment Details

The presale is open. Please refer the link provided above to know more about proof of care. If submitting the proof of care is too much hassle, you can participate in the crowdsale in November. You can participate in the presale whitelist here.

Author:
Aakash Kawale is a financial analyst based out of Mumbai, India. He is the lead analyst at a Singapore based organization and has extensive experience of analyzing US and Indian equities. Aakash is a strong advocate of the Blockchain technology and has been analyzing cryptocurrencies since 2015.