The Quantstamp ICO whitepaper leaves us impressed from the outset. While great ideas are a dime a dozen, as we proceed during this review we’re of the firm belief that you will also gain a sense of a blockchain offering that has genuine utility, as well as imagination and the potential for strong execution.
CEO Richard Ma is a self-described “strategic thinker who cares for the wellbeing of those around him.” Ma is considered an Algorithmic Portfolio Manager. This is an important distinction among fund managers. It means decisions are based more on proven formulas than they are trader’s intuition, in essence a preferable method for modern traders.
The Quantstamp ICO team, in a scientific manner, assert that “blockchain networks are secure but smart contracts are not.” Clear arguments can be made for this assertion: the Ethereum Decentralized Autonomous Organization itself suffered massive losses during its stand-up (ICO) phase.
Security issues like these are a serious impediment to wider adoption of the Ethereum network because they erode trust in smart contracts.
Quantstamp’s street marketing campaign seems to have coined the term “proof of care”, but overall what they are utilizing is a newish concept called “proof of audit,” or proof that the thing in question has been audited. We discuss this in the next section.
Quantstamp ICO Proof-of-Audit
We particularly want to provide adequate explanation for the nascent concept “Proof-of-Audit,” in reviewing the Quantstamp ICO offering. The reason for this is that “proof” concepts are native to applied cryptography and they, like many terms with legitimate meanings, can be perverted by the course of commerce to mean all sorts of things, in similar fashion that “open source” and “free and open source” have come to take on their own meanings while working in very similar circles.
The necessary involvement of human actors is identified as the chief problem with the existing infrastructure auditing smart contracts. The authors correctly point out that this must be done on the rolling assumption that there are no bad actors within the firms being entrusted with smart contract auditing and review. The installment of such bad actors is, potentially, well within the reach of those motivated by self-interest to design corrupt offerings. Notwithstanding the equally negative potential of inherently flawed smart contracts that ultimately steal from the public.
The essential mission of Quantstamp is to automate the verification of smart contracts on the Ethereum network, removing human actors in the trusted sense but allowing them to continue participating as members of the network utilizing QSP tokens to influence events. By automating the verification of smart contracts and building such verifications into the basic implementation of Ethereum software, one of the most obvious and largest benefits achieved is a lack of lost of funds to low-quality or poorly written smart contracts. Smart contracts would be burdened with an additional feature: their proof-of-audit (or not).
Proof-of-audit is a concept used in other ICOs as well, but in a slightly different respect. Many schemes which require one party to maintain a certain situation as part of the agreement (such as decentralized storage solutions) have mandatory, automated proof-of-audit schemes wherein the network simply runs checks to ensure that the data paid for is still accessible and matches the data stored on the contract. Clearly the Quantstamp ICO team is presenting us with a different meaning of the term.
Quantstamp Network Actors
QSP tokens are used between various types of network participants, all of whom serve different roles within the Quantstamp network, which functions either independently, or alongside, the Ethereum network.
Contributors – The Human Element
Contributors will be security researchers and people working in closely-aligned fields who write software intended to audit smart contracts written for the Ethereum network. This network element would seem to encompass both elements of security research – those who are breaking it and those who are building it (who are equally important). They are to be compensated in Quantstamp ICO tokens (QSPs).
Validators – An Answer to Mining
Validators are another important part of the network. Like all decentralized networks, governance and consensus will matter a great deal in the Quantstamp network. As such, validators play the role of validating transactions on the chain as well as contracts previously verified by the network. This is, in essence, a way of “mining” the Quantstamp network.
Bug Bounty First Responders (Bug Reporters)
Bug reporters are perhaps the most crucial but least described part of the network. They will be the actual people who discover problems with smart contracts and submit them to the contributor network, who will (we are assured) find workable solutions.
The Smart Contract Crowd
Bringing value into the system are the Contract Creators – these are your ICOs. At first glance this might seem like a limited market, but let’s consider first the sheer volume of ICOs… and secondly let’s consider the primary function of many of them: they will generate more smart contracts. The value of having secure smart contracts is plain by itself, but the value to the contract creator of having a stamp of approval is ultimately going to play an important role in this token’s lifespan.
The Quantstamp ICO whitepaper says that “contract users” will be able to view the results of the audits but does not mention them needing any tokens to do this. This is probably a good design decision – although one wonders what sort of situation will come to fruition as a result. For instance, does a potential investor need to already be holding the token to get the results, or will they be publicly available? If they are publicly available, then is it useful to consider random people looking at specific data as “part of this network”?
Voters / Voting System
Through the validation network, voters will be able to time-lock tokens in order to have voting rights in the governance system, which will be required for protocol upgrades and other important moves within the system. This is an important feature of any decentralized network, one which gives token holders a lot of power in the system – a definite plus for both the token holder and the speculator who simply wants to charge a higher fee to the former.
Quantstamp ICO Team Assessment
We opened this review with a note on Richard Ma, who we believe to be competent and capable of delivering interesting results. We trust generally the mission of the team to help secure the Ethereum network with improved smart contracts, and find no reason to fault them on the altruistic nature of the thing.
After all, notaries of any type provide some value to other participants in the economy, often at no charge as a result of only needing to be commissioned once. This is the case with the Quantstamp Network – smart contracts are charged one time for an assessment, and the network provides accurate results that the whole economy can pin its hopes upon. So long as the network functions as transparently as intended, the potential of bad actors within the larger Ethereum ecosystem to effect major losses will be diminished.
Aside from Richard Ma, CTO Steven Stewart has notably legitimate engineering experience, coming from a previous career in GPU (a crucial technology in cryptocurrency, particularly Ethereum, mining) memory development, and having spent half a decade working for the Canadian Department of National Defence. His propensity for high-level security operations and software development put him in a good position to hire an optimal team to finish the job.
We note a sizable and competent team aside from the above-mentioned head roles.
Concept Already Used on Request Network
An audit has already been completed using the Quantstamp technology on the Request Network. The output of the review is human-readable, and easy enough to digest. Here is what would stand out to an investor making use of the findings:
We did not find any examples of the above issues, apart from one example of an addition involving timestamps that did not use the SafeMath library (line 67, RequestTokenSale.sol). Although we are not concerned about timestamps approaching the max value of a 256-bit integer, we do recommend using the SafeMath library functions as a best-practice.
One thing we would further like to note is that there does not appear to be a provision that smart contract creators themselves have to commission the reviews. Interested parties would of course be free, in a decentralized system like this, to commission their own bug bounties and reviews. Nothing in the system design appears to prohibit this from happening, so we can foresee even more than standardized uses of the transparency and crowdsourcing elements coming to fore.
Quantstamp ICO Token Utility & Distribution
A supply of one billion QSPs is scheduled to be generated in an upcoming token sale, for which it appears a KYC-oriented whitelist is being generated. The distribution of these tokens favors the company themselves a little heavily (although with a three-year vesting schedule), especially when combined with the legalese included in the token sale agreement which give token holders no control over the firm itself:
(c) Purchase, ownership, receipt or possession of Tokens carries no rights, express or implied, other than the right to use Tokens as a means to enable usage of and interaction with Services enabled by the Ecosystem, if successfully completed and deployed. In particular, you understand and accept that the Tokens (i) do not represent or confer any ownership right or stake, share, security, or equivalent rights, or any right to receive future revenue shares, intellectual property rights or any other form of participation in or relating to the Ecosystem and/or the Company and/or any of its corporate affiliates, and (ii) only carry rights relating to the provision and receipt of Services in the Ecosystem, subject to limitations and conditions in these Terms. The Tokens are not and are not intended to be a digital currency, security, commodity or any kind of financial instrument.
(d) Company’s Use of Token Sale Proceeds. The use of the proceeds from the Token Sale will be at the Company’s sole discretion.
We note a full 35% of the tokens will be held back from public sale. We are curious how well this actually meshes with the contention of developing a decentralized system for the sake of security.
While it’s true that in Satoshi Nakamoto’s Bitcoin system, the anonymous first participant in the Bitcoin network permanently held a great deal of tokens, the potential impact of his tokens has been mitigated over time by inflation through mining. The number of QSPs generated is fixed and instantly created, so the potential of these tokens to be used in centralizing decision making processes is there.
All the same, this is probably not of concern to token investors, speculators, and those wishing to use the network to verify and audit smart contracts. It only matters in the event of serious contentions.
Passes The Howey Test
The SEC’s Howey Test determines whether or not something is a security. According to a separate document published by the Quantstamp ICO leadership, they only score a 10 on the Howey Test, and therefore should not be misconstrued as a security. In terms of general trustworthiness and transparency in process, along with regulatory awareness, we lend them a lot of credibility in their approach to this matter.
Learn more about Quantstamp in our TELEGRAM CHAT (https://t.me/CryptoBriefingSupporters)
ICO Review Disclaimer
The team at Crypto Briefing analyzes an initial coin offering (ICO) against ten criteria, as shown above. These criteria are not, however, weighted evenly – our proprietary rating system attributes different degrees of importance to each of the criteria, based on our experience of how directly they can lead to the success of the ICO in question, and its investors.
Crypto Briefing provides general information about cryptocurrency news, ICOs, and blockchain technology. The information on this website (including any websites or files that may be linked or otherwise accessed through this website) is provided solely as general information to the public. We do not give personalized investment advice or other financial advice.
Decentral Media LLC, the publisher of Crypto Briefing, is not an investment advisor and does not offer or provide investment advice or other financial advice. Accordingly, nothing on this website constitutes, or should be relied on as, investment advice or financial advice of any kind. Specifically, none of the information on this website constitutes, or should be relied on as, a suggestion, offer, or other solicitation to engage in, or refrain from engaging in, any purchase, sale, or any other any investment-related activity with respect to any ICO or other transaction.
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media LLC makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media LLC expressly disclaims any and all responsibility from any loss or damage of any kind whatsoever arising directly or indirectly from reliance on any information on or accessed through this website, any error, omission, or inaccuracy in any such information, or any action or inaction resulting therefrom.
Cryptocurrencies and blockchain are emerging technologies that carry inherent risks of high volatility, and ICOs can be highly speculative and offer few – if any – guarantees. You should never make an investment decision on an ICO or other investment based solely on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional of your choosing if you are seeking investment advice on an ICO or other investment.
See full terms and conditions for more.
This category accounts for the leaders, developers, and advisors.
Poor quality, weak, or inexperienced leadership can doom a project from the outset. Advisors who serve only to pad their own resumes and who have ill-defined roles can be concerning. But great leadership, with relevant industry experience and contacts, can make the difference between a successful and profitable ICO, and a flub.
If you don’t have a team willing and able to build the thing, it won’t matter who is at the helm. Good talent is hard to find. Developer profiles should be scrutinized to ensure that they have a proven history of working in a field where they should be able to succeed.
What is the technology behind this ICO, what product are they creating, and is it new, innovative, different – and needed?
The IOTA project is a spectacular example of engineers run amok. The technology described or in use must be maintainable, achievable, and realistic, otherwise the risk of it never coming into existence is incredibly high.
Tokens which have no actual use case are probably the worst off, although speculation can still make them have some form of value.
The best tokens we review are the ones that have a forced use case – you must have this token to play in some game that you will probably desire to play in. The very best utility tokens are the ones which put the token holder in the position of supplying tokens to businesses who would be able to effectively make use of the platforms in question.
There doesn’t have to be a market in order for an ICO to score well in this category – but if it intends to create one, the argument has to be extremely compelling.
If there is an existing market, questions here involve whether it is ripe for disruption, whether the technology enables something better, cheaper, or faster (for example) than existing solutions, and whether the market is historically amenable to new ideas.
Most ideas have several implementations. If there are others in the same field, the analyst needs to ensure that the others don’t have obvious advantages over the company in question.
Moreover, this is the place where the analyst should identify any potential weaknesses in the company’s position moving forward. For instance, a fundamental weakness in the STORJ system is that the token is not required for purchasing storage.
With many ICO ideas, the timing may be too late or too early. It’s important for the analyst to consider how much demand there is for the product in question. While the IPO boom funded a lot of great ideas that eventually did come to fruition, a good analyst would recognize when an idea is too early, too late, or just right.
Progress To Date
Some of the least compelling ICO propositions are those that claim their founders will achieve some far-off goal, sometime in the future, just so long as they have your cash with which to do it.
More interesting (usually) is the ICO that seeks to further some progress along the path to success, and which has a clearly-identified roadmap with achievable and reasonable milestones along the way. Founders who are already partially-invested in their products are generally more invested in their futures.
Community Support & Hype
Having a strong community is one of the fundamental building blocks of any strong blockchain project. It is important that the project demonstrates early on that it is able to generate and build a strong and empowered support base.
The ICO marketplace is becoming more crowded and more competitive. While in the past it was enough to merely announce an offering, today’s successful ICO’s work hard to build awareness and excitement around their offering.
Price & Token Distribution
One of the biggest factors weighing any analysis is price. The lower the price the more there is to gain. But too low of a price may result in an under capitalized project. It is therefore important to evaluate price relative to the individual project, its maturity and the market it is going after.
The total supply of tokens should also be justified by the needs of the project. Issuing a billion tokens for no reason will do nobody any good.
Communication is key. The success of a project is strongly tied to the project leaders’ ability to communicate their goals and achievements.
Things don’t always go as planned but addressing issues and keeping the community and investors in the loop can make or break a project.