Quantstamp, a protocol for securing smart contracts announced that its betanet is now live on the Ethereum mainnet. Users will now be able to submit audit requests directly to the betanet version of the Quantstamp Protocol through an online portal. Completed audits will generate a publically viewable audit report along with a unique hash that provides a publicly verifiable record of the audit.
“At Quantstamp, we believe blockchain isn’t just the technology of the distant future — it’s something that can drive real value today. Less than a year since our crowdsale completed, we’re happy to release our betanet protocol onto the Ethereum mainnet. By providing publicly verifiable, third-party audits with betanet, we’re delivering on the promises of blockchain technology and helping to drive forward the adoption of smart contract technology. ”
The Innovation Achieved by the Quantstamp Protocol
A Quantstamp audit is not only valuable because it can enhance the security of a smart contract; a publicly verifiable record that an audit took place is innovative and unprecedented. This builds trust and confidence in the smart contract, helps all stakeholders have faith and make educated decisions, and generally helps to proliferate smart contracts.
In the past, the public had to trust that smart contract developers took all of the necessary security precautions and made no mistakes. Although giving their word, users could never independently verify this information. This lack of smart contract security transparency made it more difficult to build trust across all stakeholders of the smart contract and generally scale smart contracts technology.
Smart contract platforms like Ethereum presented new security challenges for developers. A poorly written smart contract can lead to users having funds stolen or locked up. In 2016, the infamous DAO hack led to 3.6 million Ether — $50 million US dollars at the time — being stolen from the DAO smart contact. Since then, smart contract vulnerabilities appear regularly and have led to millions more dollars worth of Ether being lost.
The challenge currently facing smart contract technology is achieving mainstream adoption safely. Now, for the first time, users will be able to deploy the Quantstamp betanet protocol to independently verify that the smart contracts they are interacting with were audited for security vulnerabilities and review the results. Users no longer need to blindly trust that developers did their due diligence. Using the Quantstamp betanet protocol, they can now independently validate that a security audit took place and review the results by comparing the hash of the audit report with the hash permanently stored on the Ethereum mainnet.
Requesting a Quantstamp Audit on the Ethereum Mainnet
The betanet protocol portal on the Quantstamp website will relay audit requests to the Quantstamp smart contracts on the Ethereum mainnet.
In order to start an audit, users can go to betanet.quantstamp.com and authorize a transfer of QSP using Metamask. The Quantstamp protocol will hold this QSP as an allowance until an audit has successfully completed. After the transfer is authorized, users will submit their smart contract code on the Quantstamp portal. Subsequently, Quantstamp will make sure that your code compiles correctly and is in the correct format. Then Quantstamp will publish this code to a unique URL.
Once the URL has successfully published, users will then need to make another transaction using Metamask. This transaction will send the URL containing the Solidity code the user wishes to audit to the Quantstamp smart contract on Ethereum. Quantstamp permissioned nodes will then become aware of the audit request and one of these nodes will complete the audit.
Once the auditing node has completed your audit, it will submit a transaction to Ethereum. This transaction will record two things on the Ethereum mainnet: the hash of your audit report and the URL of where your audit report is located. Quantstamp will then publish the new URL containing your publicly viewable audit report.
Using Whitelisted Nodes to Improve the Quantstamp Betanet Protocol
For the betanet release, Quantstamp will only allow whitelisted organizations to run Quantstamp auditing nodes. The team is seeking to whitelist trusted and reputable research institutions and industrial partners who share the vision of proliferating smart contracts. Node operators will help monitor the performance of nodes and of the Quantstamp protocol itself. The team chose to whitelist nodes in this development phase because they want to continue to test and perfect the node software and protocol before allowing the public to participate as node operators.
Although node operators will be whitelisted, anyone is allowed to purchase a publicly verifiable audit of the Quantstamp protocol.
Whitelisted node operators will work closely with Quantstamp in order to:
- Debug the node software,
- Improve the smart contracts,
- Learn more about audit price discovery, and
- Research incentive structures that would motivate node operators to be nonmalicious.
Quantstamp will begin onboarding whitelisted nodes this month.
The Quantstamp team said:
“The betanet is a transitional state of our protocol. We are developing the Quantstamp protocol using an iterative process, and we will continue to launch, test and improve new versions of the protocol in order to create a great product that is an excellent fit for our users and that facilitates the proliferation of smart contracts. With our betanet release, Quantstamp is now one step closer to enhancing the standards of smart contract security and helping make blockchain technology fit for mainstream use.”