Many of you have probably heard of Quantstamp and what Quantstamp is: a smart contract security-auditing protocol that is designed to produce an ecosystem of secure smart contracts in a scalable and cost-effective manner ( Source and further explanation).

In layman’s terms: Quantstamp checks other project’s smart contracts for faults and errors. I will not go into more details here, there are other sources that can explain how it work better than me (for example Quantstamp itself or The Merkle). My goal is simply to show you what results from audits look like and who some of Quantstamp’s customers/partners are.

Audit? Sounds boring

Well, it may not sound as sexy as many other buzzwords in the cryptosphere but it is nonetheless extremely crucial work. It strengthens the trust you can have into the blockchain environment by ensuring that smart contracts actually do what their developers want them to do (and that no one can exploit faults). Let’s take a look at the latest audit result from Ink Protocol, a decentralized reputation and payments for peer-to-peer marketplaces (speaking of sexy buzzwords):

1. There were a few places where extra require statements and explicit modifiers could make the code safer and more readable. For example, the _max parameter for addContributions() limits the amount a user can contribute to the sale. However, if the _max parameter were set to lower than the global minimum contribution of 0.1 Ether, then the user would never be able to contribute. A require statement was added to ensure that _max is always set to at least the global minimum. As another best-practice, state variables should all have explicit modifiers. This was not the case for “etherContributed” and “xnkPurchased”.

2. We ran automated analysis tools on their contracts, but only found minor warnings due to “call.value()” invocations in onlyOwner functions, which we do not believe are problematic.

3. There were a few path conditionals that are not exercised for their false values in the tests (e.g. the if-conditionals in “updateContributor” and “removeContributor”), but since there are no else-branches this is also minor.

4. The functionality of the standard Pausable contract had been effectively re-implemented in InkPublicPresale.sol. While there does not appear to be any issues concerning these functions, we recommend using the standard implementation from Zeppelin.

Among other things, Quantstamp prevented Ink Protocoll to run into a situation where a user would never be able to make a contribution. Think about the negative repercussions a young project can face when new users cannot make a contribution! Since there are many projects out there, a single negative experience like that can turn away a user for good.

I want more (results)!

Of course, Quantstamp will not lay open every single audit find and the depth to which they are published will be in accordance with the respective customer. Here are some recent projects that have been/will be audited by Quantstamp or have formed a partnership:

Request Network

The published results are detailed and easily accessible. Quantstamp reviewed the existing Solidity code and gave a number of recommendations to improve the code.

Insights Network

Quantstamp audited Insights Network’s crowdsale smart contract and also plans to audit Insights Network’s blockchain data exchange smart contract. I could not find published results.

Edit: Shame on me, results are easy to find here: https://github.com/quantstamp/InsightsNetwork_Review

WeTrust

Quantstamp audited WeTrust’s first decentralized application, Trusted Lending Circles. I could not find published results.

Edit: Shame on me, results are easy to find here: https://github.com/quantstamp/WeTrust_Review

Quoine

This goes even further than a single audit, Quino signed an MOU with Quantstamp in order to improve the smart contract security of projects conducting their ICO on QUOINE’s QRYPTOS platform.

Rumors are that the next audit to be announced is Hexel, a project that enables people to easily create their own ERC token (coincidentally backed by Y-Combinator, which already backs Quantstamp).

What will the future bring?

If only one could tell right? First, something tangible: Y-Combinator will have their demo day on March 19th, where Quantstamp is expected to shine bright. Apart from that, there are mostly rumors at the moment regarding audits and audit results.

Personally, I believe that we will see a lot more from Quantstamp this year. As the blockchain environment matures, a process that is only at the beginning, the security of many projects will come under more scrutiny. Many of the cryptos that promise to change their respective fields do not have working products yet and cannot afford to have a buggy start into such a volatile market.

As the demand and attention for blockchain solutions increases, so will the demand for security and reliability increase. Quantstamp has identified a big need in the blockchain environment and already used their expertise and working product to help others improve their projects.