This article was first published on quantstamp - Medium
Protocol progress, bug bounties, supporting efforts to improve governance in Colombia and more. Here’s what’s been going on at Quantstamp recently:
Quantstamp Protocol Progress
This month, we continued to move towards our next iteration of the Quantstamp Protocol. Besides making progress on our assurance protocol research (mentioned last month), we are also removing the whitelisting of nodes and are researching a bug bounty protocol.
Removing Whitelisting of Nodes
In the present version of the Quantstamp Protocol, auditing nodes are whitelisted by Quantstamp — only enrolled actors can participate. While the nodes are currently run by different organizations and individuals around the world, we still aim to enhance decentralization in upcoming iterations. this is still not as decentralized as our design goals for upcoming iterations.
The next iteration of the protocol will remove this whitelisting process. In its place, we plan to add to prevent malicious node behaviorwe aim to implement We will accomplish this through the implementation of augmented review nodes that check scan reports before reports are published. This mechanism is meant to prevent a bad actor (node) from publishing a false report.
Exploring a Bug Bounty System
Apart from our assurance protocol research, we are also experimenting with a bug bounty system. This system aims to provide bounties to bug finders in case they find vulnerabilities published in smart contracts.
The initial design of the bounty system includes bounty providers, bug hunters, and judges. The bounty providers are stakeholders in the smart contract’s security, such as the smart contract’s owner. They provide a bug bounty which incentivizes bug hunters to try to find vulnerabilities in the smart contract. These bug hunters will submit bug reports. Security experts, identified by a Token-Curated Registry (TCR), will examine the bug reports and determine whether a vulnerability found is a true vulnerability or false positive. Bug hunters ...
To keep reading, please go to the original article at:
quantstamp - Medium