Analysis of Quantstamp – Protocol for Securing Smart Contracts - Crush Crypto

Analysis of Quantstamp – Protocol for Securing Smart Contracts

This article was originally published on 2017-10-24.

Updates on 2017-11-09: Crowdsale dates have been revised based on Quantstamp's recent blog post. The presale has been extended from November 7 to November 15. The crowdsale will take place from November 17 to December 16 or once the hard cap is reached.


  • Project name: Quantstamp
  • Token symbol: QSP
  • Website:
  • White paper:
  • Hard cap: US$30 million (public crowdsale ICO contributors own 65% of total token supply if hard cap is reached)
  • Conversion rate: 1 ETH = 5,000 QSP
  • Maximum market cap at ICO on a fully diluted basis: US$46 million
  • Bonus structure: There are 3 tiers for proof-of-caring bonus: $3 million receives 100% bonus / $4 million receives 40% bonus / $4 million receives 20% bonus
  • Presale or white list: Presale is based on proof-of-caring / Whitelist ongoing
  • ERC20 token: Yes
  • Crowdsale date: Presale from October 4 to November 15, 2017 / crowdsale from November 17 to December 16 or once the US$30 million hard cap is reached (please refer to Quantstamp’s website for the most up-to-date information)
  • Token distribution date: 7 days after the end of ICO
Video summary (video is 9:20 long):

Project Overview

What does the company/project do?

Quantstamp is a security verification protocol for smart contracts that improves the security of Ethereum. The advantages of the security protocol include automation, trust, governance, and ability to compute hard problems over a distributed network.

Currently, smart contract auditing cost starts from $5,000 and takes at least a week to complete. Quantstamp’s goal is to lower the cost to as low as $10 per audit, delivered within minutes after submitting the smart contract for audit.

The protocol consists of two parts:

  • An automated and upgradeable software verification system that checks Solidity programs.
  • An automated bounty payout system that rewards human participants for finding errors in smart contracts.

The Quantstamp team will be developing the following:

  1. Quantstamp validation node (a heavily modified Ethereum client).
  2. The security library, containing code that performs automated checks.
  3. Validation smart contracts that handle bounty payment, voting mechanism and governance.

A security library may also be developed to support languages other than Solidity.

Here is an example of how Quantstamp works:

After finishing the contract, the developer submits the code for a security audit via the Quantstamp Ethereum smart contract with the source code in the data field. Depending on the security needs of the program, the developer can decide how much bounty to send.

Then, the smart contract receives the request, and on the next Ethereum block validation nodes perform a set of security checks to validate the smart contract. Upon consensus, the proof-of-audit and the report data are added to the next Ethereum block along with the appropriate token payout.

The report classifies issues based on a severity system from 1–10; a 1 is a minor warning, a 10 is a major vulnerability. By aggregating the power of developers with a bounty, the project can surpass the coverage of a standard code review.

Here is a presentation on Quantstamp by CEO Richard Ma (video is 25:07 long):

How advanced is the project?

Quantstamp was founded in June 2017. In October 2017, the team completed the audit for the Request Network ICO.

Below are some of the future milestones of the project:

December 2017 – complete 4 audits by year end
February 2018 – complete an audit using analysis software v1
April 2018 – Deploy to test network after testing and validating system
August 2018 – Release mainnet v1
October 2018 – Add smart contract insurance alpha product on mainnet smart contracts

What are the tokens used for and how can token value appreciate?

QSP tokens are used to pay for, receive, or improve upon verification services. Below are the participants and how they interact with QSP tokens:

  • Contributors receive QSP tokens as an invoice for contributing software for verifying Solidity programs. Most Contributors will be security experts. Contributions are voted in via the governance mechanism.
  • Validators receive QSP tokens for running the Quantstamp validation node in the Ethereum network. Validators only need to contribute computing resources and do not need security expertise.
  • Bug Finders receive QSP tokens as a bounty for submitting bugs which break smart contracts.
  • Contract Creators pay QSP tokens to get their smart contract verified. 
  • Contract Users will have access to results of the smart contract security audits.

The governance system is a core feature of the protocol. The validation smart contract is designed to be modular and upgradeable based on token holder voting via time-locked multi-sig.

As QSP tokens are being used and rewarded within the Quantstamp ecosystem, the more usage the protocol has, the more valuable QSP tokens should be. 

Download the Free Checklist for Crushing ICOs!

This is the guide that help me find the most profitable ICOs!


Quantstamp has a team of 7. Most of the key team members have/are studying at the University of Waterloo in Ontario, Canada.

Below are the bios of the key members of Quantstamp:

Richard Ma, CEO – Retired before starting Quantstamp. Former Algorithmic Trader at Tower Research, Quant derivatives Trader at Archelon Group.

Steven Stewart, CTO – Former Software Developer at Magnet Forensics, Computer Systems Analyst at the Department of National Defense of Canada. Co-founder of Many Trees, Inc.

Advisors of Quantstamp include Evan Cheng, Director of Engineering at Facebook, Dr. Vijay Ganesh, Computer Engineering Professor at the University of Waterloo, and Min Kim, Chief of Staff at Civic.


  • Quantstamp had a successful audit with Request, which was a smoothly-run ICO. This speaks to the team’s capability in blockchain development/audit.
  • This is one of the projects that can help drive blockchain adoption and the potential is huge. Right now, smart contracts are unsecured by default. Smart contracts need to go through expensive and prolonged audit process, which is hindering the adoption and usage of smart contracts. This needs to change and Quantstamp is a good candidate to tackle the problem.
  • Even if the software only has limited functionalities in the beginning, it can be a good first step in a manual audit because it can potentially save a lot of time for the auditor.
  • In the Telegram, Quantstamp has indicated that they will buyback if token prices drop below ICO price (tokens will be put into a reserve which the team can release in the future), indicating that the team is confident in the project.


  • The project is still at an early stage. According to the white paper, mainnet release won’t be until August 2018, which is 9 months after the end of ICO and pretty far away.
  • Presale participants receive up to 100% bonus, which leaves a bad taste in some potential participants’ mouth. People are now more concerned about ICOs with large presale discount/bonus because those participants are willing to sell their tokens at a much lower price than crowdsale participants. For example, even if QSP tokens drop to 25% below ICO price, those who received 100% bonus can still generate a 50% return.
  • We believe that smart contract audits cannot be fully automated because human judgment is required to understand the logic and intent of the smart contract. Software can spot bugs that cause the contract to not function, but it cannot detect errors that cause coins/tokens to be sent to the wrong person, or wrong formula being used to calculate payoff in a smart contract, etc.
  • Since the problem that Quantstamp is trying to solve is large, there are other competitors – Etherparty, BlockCat, ZeeplinOS, and Agrello. All of these projects aim to lower the cost of smart contract development. Quantstamp may not be the winner in this space.


Overall, we are neutral about this ICO’s short-term potential but like its long-term potential. Our thoughts of the tokens for short term and long term are as follows:

For short-term holding

Neutral. Even though crowdsale are contributing 63% of the hard cap ($19 million out of $30 million), they are only receiving 54% out of all the tokens allocated to ICO participants. We believe that unless you get in the presale, it is not attractive for short-term holders to contribute into the ICO.

Note that this is based on the current market environment. The ICO market can change dramatically by the time crowdsale begins.

For long-term holding

Good. There are lots of potential for this project, and if successful, it can really lower the cost of using smart contracts. With the team showing their competency by successfully auditing the Request ICO, we believe the project has a good chance to gain traction when the protocol rolls out.

For more information about the ICO, please visit the following links:





Facebook AMA:

Download the Free Checklist for Crushing ICOs!

This is the guide that help me find the most profitable ICOs!

  • 23
  • 2

Click Here to Leave a Comment Below