Quantstamp is the first smart contract security-auditing protocol. The Quantstamp protocol solves the smart contract security problem by creating a scalable and cost-effective system to audit all smart contracts on the Ethereum network. Over time, we expect every Ethereum smart contract to use the Quantstamp protocol to perform a security audit because security is essential.
The protocol consists of two parts:
● An automated and upgradeable software verification system that checks Solidity programs. The conflict-driven distributed SAT solver requires a large amount of computing power, but will be able to catch increasingly sophisticated attacks over time.
● An automated bounty payout system that rewards human participants for finding errors in smart contracts. The purpose of this system is to bridge the gap while moving towards the goal of full automation.
The Quantstamp protocol relies on a distributed network of participants to mitigate the effects of bad actors, provide the required computing power and provide governance. Each participant uses Quantstamp Protocol (QSP) tokens to pay for, receive, or improve upon verification services. Below are the different types of participants.
● Contributors receive QSP tokens as an invoice for contributing software for verifying Solidity programs. All contributed code will be open source so that the community can have confidence in its efficacy. Most Contributors will be security experts. Contributions are voted in via the governance mechanism.
● Validators receive QSP tokens for running the Quantstamp validation node, a specialized node in the Ethereum network. Verifiers only need to contribute computing resources and do not need security expertise.
● Bug Finders receive QSP tokens as a bounty for submitting bugs which break smart contracts.
● Contract Creators pay QSP tokens to get their smart contract verified. As the number of smart contracts grows exponentially, we expect demand from Contract Creators to grow commensurately.
● Contract Users will have access to results of the smart contract security audits.
● Voters : The governance system is a core feature of the protocol. The validation smart contract is designed to be modular and upgradeable based on token holder voting (time-locked multi-sig). This governance mechanism reduces the chance of upgrade forks and decentralizes influence of the founding team over time.