ICO Alert does not endorse or recommend participating in any initial coin offerings. ICO Alert receives a promotional fee for the production of this ICO Alert Report. Please click here for additional important information.
ICO Alert Quick Facts
- An ERC-20 token that audits smart contracts
- Must complete KYC registration before November 17, 2017 in order to participate in the ICO
- For every one Ether contributed participants will receive 5000 Quantstamp tokens (QSP)
- 65% of 1 billion QSP tokens are available for sale (across the pre-ICO and ICO). All proceeds go towards platform development.
- The Quantstamp project was just accepted into Y Combinator.
What is Quanstamp?
Quantstamp is developing a protocol on the Ethereum network that audits smart contracts using automation and a manual bounty system in order to find bugs before contracts are published to the blockchain. This auditing system is decentralized and trustless. All audits are secured and verified by a distributed network of nodes, much like an Ethereum node secures and validates a transaction. This model makes Quantstamp a scalable and cost-effective solution to the smart contract crisis that has seen nearly $200 million locked or lost in the past few months alone.
— Richard Ma, CEO
ICO Alert: How does the Quantstamp token (QSP) function within the platform and why is it needed?
Quantstamp: The QSP token is necessary because it motivates actors to run Quantstamp’s distributed network that both audits smart contracts and mitigates the effects of bad actors. Verifiers (node operators) are incentivized to run augmented Ethereum nodes that audit smart contracts because they receive QSP tokens as compensation. Quantstamp also has a manual auditing component. If a white hat hacker discovers a bug in a smart contract that automation was unable to pick up, they are compensated in QSP tokens. Developers creating smart contracts use the QSP tokens to get their contracts audited.
ICO Alert: The whitepaper discusses a set standard of security that all smart contracts will conform to once run through the Quantstamp process. Can you explain what this standard is/includes and who is setting it?
Quantstamp: Quantstamp aims to be the go-to protocol for smart contract verification. The standard Quantstamp is aiming towards is to ensure that every single smart contract is audited by the Quantstamp protocol before it is published on the blockchain, and that these smart contracts are resubmitted for audits once updates to the Quantstamp security library are released.
ICO Alert: Do the third parties verifying code have access to change it, or are they simply viewing and verifying that it reaches certain benchmarks for security?
Quantstamp: Quantstamp node operators will not make changes to smart contract code. They are viewing the code, running it through automation and then publishing a report that contains counterexamples that illustrate why there is a bug in the code. After this report is published, developers that submitted their code for audit will have the opportunity to correct it.
ICO Alert: Is Quantstamp auditing those who are verifying smart contract code, or can anyone view the code and verify it? If anyone is able to participate, how is the value of decentralized verification maintained within the platform?
Quantstamp: Anyone is allowed to run a Quantstamp node and verify smart contracts. This is actually essential to maintaining trustlessness and authentic audits on the Quantstamp Network.
The Quantstamp Network ensures that verifiers operate as intended by requiring them to “stake” tokens as collateral before they can audit contracts. If nodes behave maliciously by attempting to forge an audit or failing to report a bug, their deposits are “slashed” or deleted. In return for staking tokens and successfully auditing contracts, validators receive audit fees. This is a solution for the nothing-at-stake problem.
To disincentivize collusion among bad actors running verification nodes, the Quantstamp Network requires two-thirds consensus among nodes. If a two-thirds consensus is not reached, tokens are not paid out and audits are not verified.
ICO Alert: Why are third parties incentivized to verify code? What’s the process that someone would go through in order to participate in verifying smart contract code?
Quantstamp: They are incentivized to verify code because they will be paid in QSP tokens, which they can then exchange for ETH or BTC, and then cash out for fiat currency. In order to participate in verifying smart contract code, potential verifiers will need to download additional software augments an Ethereum node. After that, verifiers just keep the node running and they will receive QSP in return. No developer expertise is necessary to run a Quantstamp node.
ICO Alert: How do the automated smart contract verification processes work within Quantstamp? Are these more/less effective than human verification, or unrelated?
Quantstamp: The Quantstamp protocol takes an unverified smart contract as input, performs the automated security and vulnerability checks, and then produces a report. Verifying nodes distribute the computation of the smart contract amongst each other. Once the computation is complete, they publish a report on the next Ethereum block that contains a proof-of-audit hash and report data. The developer can then view their public or private report on qsscan.io.
This is more effective than human verification because humans are subject to error. However, the automated portion of the Quantstamp protocol is not perfect. The automation is only as good as the Quantstamp security library. When new bugs are discovered, updates will be made to the security library.
In order to compensate for the limitations of the security library, there is a bounty system available that incentivizes white hat hackers to report bugs they found that automation could not detect.
ICO Alert: How does Quantstamp plan to keep up with the speed of innovation in the cryptocurrency community currently? Does Quantstamp only focus on Ethereum based smart contracts, or does the team plan to have a wider reach in the community?
Quantstamp: Quantstamp plans to be blockchain agnostic, meaning that it will cater to protocols beyond the Ethereum network. There will be several variations of the security library that will cater to the different smart contract languages on different platforms. Quantstamp will focus on the Ethereum Network during its early development stages.
ICO Alert: Why is the security library important and when do you expect that it will be functioning effectively on the platform?
Quantstamp: The security library is important because it will be the list that verification nodes refer to in order to find bugs in smart contracts. This will not be a static document, as the security library will evolve and as new vulnerabilities are discovered in smart contract code.
The whitepaper makes no mention of when the security library goes live, but the mainnet is scheduled to go live in August of 2018.
ICO Alert: What does the roadmap look like today? When can developers and users expect to participate in the Quantstamp platform?
Feb 2018 ➔ 5th semi-automated smart contract audit scheduled
April 2018 ➔ deploy test network
August 2018 ➔ mainnet version 1 released
October 2018 ➔ add smart contract insurance alpha
ICO Alert: As a non-Quantstamp question, we like to ask the team for unique predictions on the ICO/cryptocurrency market. Where do you see the industry in 3–5 years?
Quantstamp: In 3–5 years we believe smart contracts will be powering all enterprise solutions.
The pre-ICO began on October 10, 2017 at 4 p.m. UTC and ended on November 7, 2017 at 4 p.m. UTC. There was a hard cap of $3,000,000, and just like the ICO, in order to participate, contributors must sign-up on the Quantstamp website.
The ICO will begin on November 17, 2017 and a registration process must be completed prior to the 17th in order to participate. For every one Ether, contributors will receive 5,000 QSP. Ether is the only accepted type of contribution and there is a minimum contribution amount of 0.1 Ether.
There is a minimum goal of $3,000,000 and a hard cap of $30,000,000. If the hard cap is reached, the sale will end immediately and if the minimum goal is not reached, funds will be returned to contributors. There will be caps on the amount each individual can contribute and a KYC (know your customer) process will need to be completed before November 17, 2017 in order to contribute.
Token Distribution Information
The Quantstamp token is an ERC-20 token. There are 1,000,000,000 QSP being created, with no growth rate. Any tokens that are not sold during the presale or crowdsale will be burned. Of the total one billion QSP being created, 650 million will be sold across the presale and crowdsale.
Within seven days of the end of the crowdsale, and after a security audit has been completed, the tokens will be distributed to contributors.
65%: Token sale
20%: Team and advisors (three year vesting schedule)
10%: Core activities and reserve
5%: Community development
Use of Crowdsale Proceeds
The team has stated that 100% of funds will go towards the development of the Quantstamp protocol. The breakdown for specific activities is as follows:
50%: Product development
30%: Marketing and community
15%: Administrative and general
Richard Ma, Co-founder and CEO
Richard focuses on strategy and business operations. He is a former algorithmic trader at Tower Research. He has handled millions of dollars of trading using extreme software testing methods and has his bachelor’s degree in electrical computer engineering at Cornell University. Before Quantstamp, he held various portfolio management and trading positions, both within and outside of the cryptocurrency space.
Steven Stewart, Co-founder and CTO
Steven focuses on smart contract development. He previously founded Many Trees Inc., a company that built GPU in-memory databases. He has held various software development roles and has his master’s degree in computer science.
Edward Zulkoski, Senior Security Engineer
Edward focuses on smart contract development. He was an intern for Microsoft’s research division and has done extensive research work in SAT and SMT solvers. Ed was awarded a PhD fellowship from IBM Canada’s Centers for Advanced Studies Research.
Vajih Montaghami, Senior Security Engineer
Vajih focuses on software verification. He has his PhD in electrical contract engineering from the University of Waterloo for his work on verifying formal models. He has held positions at both Google and Amazon and is an expert in security infrastructure and scalable systems.
Prit Sheth, Lead Backend Engineer
Prit is a full-stack engineer with strong experience in distributed systems. He is a former Barclays senior engineer, has worked for Samsung, and is the winner of the Global Think Tank Innovation program at Barclaycard US. He also has his master’s degree in computer science.
Anna Kao, Graphics and UX Designer
Anna is a graphics and UI designer with over 14 years of experience working with leading firms in Asia, the U.S., and Canada. She has her bachelor’s degree in fine arts/visual communication design from Dayeh University.
Krishna Sriram, Community Manager and PR
Krishna is the organizer of the Vancouver Ethereum meet-up. He is passionate about building both physical and online crypto communities, as well as the advocacy of fair ICOs that benefit the blockchain ecosystem. He has experience as a designer and director of digital media.