It isn’t an exaggeration to state that smart contracts are going to be essential in building our future.
How do you define a smart contract?
According to Wikipedia, a smart contract is a “a computer protocol intended to facilitate, verify, or enforce the negotiation or performance of a contract”. While it was first proposed by American cryptographer Nick Szabo in 1996, Ethereum is often credited with popularizing the concept and making it mainstream.
However, as amazing as smart contracts are, there are some notable flaws that cannot be overlooked.
The Problem With Smart Contracts
While the blockchain network in itself is cryptographically secure, the smart contracts that run on top of them can be prone to vulnerabilities. Smart contracts tend to have bugs in them some and they can lead to truly catastrophic results.
What makes smart contract bugs problematic is that smart contracts are immutable — once deployed to the blockchain, a smart contract cannot be edited and none of the bugs found out can be fixed. While this design choices makes a lot of sense, the side effects have to be negated.
There have been two high profile incidents that have happened directly as a result of faulty smart contract coding.
The DAO aka the Decentralized Autonomous Organization was a complex smart contract which was going to revolutionize Ethereum forever. It was going to be a decentralized venture capital fund which was going to fund all future dAPPS made in the eco-system.
Unfortunately, there was a bug in the code itself which got exploited on 17th June 2016. The hacker siphoned away 1/3rd of the DAO’s funds which was, back then, worth $60 Million.
In July 2017, a hacker stole $30 Million worth of ether due to a one-word bug in the smart contract code.
Try to wrap your head around this, a one-word bug resulted in a $30 Million theft!
The parity wallet faced another issue recently where in $160 million worth of Ether was frozen. You can read about the details here.
As you can imagine, repeated security issues like these are severely hampering the public’s trust in cryptocurrency. In order to make mainstream adoption of cryptocurrency a reality, certain steps need to be taken to ensure the security of smart contracts.
What we need, is a system of properly and securely auditing smart contracts, to make sure that they can’t be exploited.
Why Is Auditing Smart Contracts Difficult?
When it comes to the current contract auditing procedures, there are two problems that make the process very difficult:
· The process is dependent on the honesty of the auditors.
· The process can’t keep up with the sheer amount of smart contracts coming up.
· The smart contract has to literally be bug free — which means a level of thoroughness in testing that we are not used to in the past.
The Quantstamp Solution
Quantstamp aims to solve this issue by creating a scalable yet cost-effective smart contract auditing protocol on top of the Ethereum Blockchain.
The idea is to create a distributed network of participants who will provide the computational power and governance required for the auditing process.
Since it is consensus dependent, it is inherently a Byzantine Fault Tolerant system meaning it can function even if some of the participants turn out to be malicious.
The Quantstamp protocol consists of the following:
· They have a software verification system which is automated and upgradeable. It will check solidity programs using computational power taken from the participants.
· If a human participant finds some errors in the system, then the automated bounty payout system will reward them for their efforts.
How Does The Auditing Work?
This is how the process works:
· The developer submits their code for auditing via the Quantstamp smart contract and allocates some bounty.
· Once the request is received, the next Ethereum block onwards a set of security checks are performed to validate the smart contract.
· Once proper consensus has been reached regarding the validity of the contract, the proof-of-audit and the report data are sent along with the appropriate token payout.
· If no threats have been detected till the given time limit, the bounty assigned is returned to the developer.
· The developer can request for a public or private audit report.
The following is a pictorial representation of the entire process:
Why Quantstamp Is Needed
Quantstamp offers an elegant and scalable solution to a very real problem.
If blockchain and smart contracts are going to be our future, then we need a system which can help tighten smart contract security.
With the amount of money that is being invested into these contracts, we can’t have any bugs in the system, however minor it maybe, which can be potentially exploited for millions of dollars.
With Quantstamp we have a system which will help audit these smart contracts to make sure that we have a safer and more secure system going into the future.
Quantstamp’s ultimate goal is to be integrated within the Ethereum system and be used as a default smart contract auditor.
SpringRole and Quantstamp
One thing that can compliment Quantstamp is a feedback mechanism for their participants or “bug finders” to keep on searching for bugs in various contracts.
This is where SpringRole steps in.
SpringRole is the first online reputation network powered by artificial intelligence and the blockchain technology. We believe that we can work in synergy with Quantstamp to create a very fruitful partnership.
One of the many ways that this can manifest is through attestations.
Suppose someone successfully identifies a bug during the auditing process, that person can be attested on SpringRole’s thereby building this reputation in the domain of smart contract auditing.
As SpringRole enables people to have a verified professional profile on the blockchain, an attestation is permanent and is there for everyone to see. As people continue to contribute to the Quantstamp network, their reputation for that skill increases. They could leverage this reputation to get jobs or freelancing opportunities and will have a tangible way to show their skill to the external world.
It also lets people evaluate the bug findings against the skill or reputation of the person who reports it.
The way we see it, this partnership can bring immense values to both sides and the users as well. We can have a system which continually rewards people for doing good and honest work.
Quantstamp Website: https://quantstamp.com/
Quantstamp Whitepaper: https://docsend.com/view/shcsmhe
Draft Whitepaper: here.