Hey guys I did a little summary about Quantstamp hope you like it
Quantstamp is a very interesting project, because it’ll try to fix security bugs in smart contracts.
Security issues can be terrible if we aiming for major adoption in future especially in monetary systems
like Ether Quantstamp is now offering some kind of Bug-Bounty-Programm. The idea to incentivise
people for Bug reports is genious in my opinion. The majority of people that find Bugs are not going to
report them to Devs because theres no big motivation to do so.
Bounties in QSP tokens are submitted when the source code is sent to the Quantstamp validator
smart contract and then held in escrow. Bug finders can use any means at their disposal to break
the code, and if a smart contract is found to have major vulnerabilities, then the verifier is
awarded the bug bounty that was held in escrow. Validator nodes have run validation software
that can verify the submitted bug.
Source: Quantstamp Whitepaper
Now you might say hackers could also use the Bug reports as a source to find vulnerabilitis and use them
As starting point for attacks. At first that could be avoided if they were pre-audited by Quantstamp. So
they implement a staging period during the library release process, during which they will generate
encrypted security reports smart contract owners can access.
For me that sounds like a big project, hope you can get some value out of my little summary