Introducing Richard Ma, Co-founder of Quantstamp, the first scalable security-audit protocol designed to find vulnerabilities in Ethereum smart contracts
Was it necessary to have a token? The way that people validate the code is via a proof-of-audit protocol. The protocol is running via modified Ethereum nodes, so we needed a different type of token so that the value of the audit is based on value. Over time as we develop the protocol, the dollar value of the token might change, but the value of one audit stays the same.
What is the Science behind Proof of Caring? We take into consideration when people joined because our early supporters were here when we first started. We actually track a lot of metrics including how long someone reads the white paper. This is exclusive information! When someone reads the whitepaper, they are sent to docsend. The reason why is because that allows us to track the emails and how long it took to read the white paper and how many pages were read. All that data goes through to the proof of caring.
What was the need for Proof of Caring? Decentralisation is supposed to give value to the end user. It is supposed to be fair. So, having this existing world concept of having more money, hence more discount seems really unfair to me. That’s why I designed proof of care. I thought that it doesn’t really matter how much money you have or information, because whales get more information, if you care more, we want you in. If you don’t care and you’re just throwing money at the project, we really don’t value that because I really care about the community.
Have other companies contacted you about implementing Proof of Care? Yes. I have about 15 different projects that contacted me. For me, I want to help great projects use it. It’s important to me that the concept is not abused in any way.
Who else are you auditing next? We are currently in the process of auditing WeTrust, a peer to peer lending platform. There are about 25 other projects that have wanted to get audits done. I’m choosing which ones I think are good projects.
How is Game Theory used? When there is a reward, and you can get a bigger reward if you wait, how do you make people not wait? The reward we give may be a $10k bounty but if they wait, it could be worth $30m at ICO. So, the gamification is to make them not wait and how do we do that? We open the competition to everyone. The really smart people know that other smart people are looking at it. So, they will take the $10k instead of waiting.
Are you considering other platforms as well As Ethereum? We’ve been talking to a couple of projects like Wanchain. However, I think we will focus our energy on Ethereum at the start because it’s more important to me to have something that works well for its own platform than to have multiple platforms that don’t work.
Automation vs Humans aspect? There are only so many ways you can lock up a smart contract and only so many ways to secure funds. From a security perspective, that is what we are checking for. That is auditing. The manual part is when sometimes there is not a straightforward way that the funds are stolen. It’s more an error in the design and the intention.
What vision do you have for Quantstamp in 2 years? In 2 years, we can raise the level of security of Ethereum so that there is a standard. We can help a lot of projects and also do insurance on smart contracts.
How can developers get involved? Developers can contribute in 3 ways. They can contribute to open source projects and get paid, they can run validator nodes and get paid and they can also look for bounties and get paid. I think it would be quite easy for a good developer to earn a full-time income and help other projects.
On a personal note, how do you schedule your time? I work 24/7. I try to hire good people as it is not possible to do everything so, I’m always hiring good people. There’s so much to do.