@crypto_bobby Comprehensiveness in this space is a bit tricky to define. In terms of smart contract auditing, most audits (from ourselves and competitors) consist of manual code review coupled with automated tooling (of which there are numerous open-source options).

One of our core strengths is our ability to mitigate the effect of bad actors -- with our distributed network of participants providing both the computing power and distributed governance we're looking for.

Pricing in this space is still largely undefined -- as there is no real standard of what pricing in this space looks like. There's no real one-size-fits-all answer to this question, given the differing smart contracts we look at. A smart contract utilizing tons of moving parts and establishing a protocol may be far more time (and resource) intensive than a token sale, for instance.

@Jon_A_Haas I noticed on your website that you need to hold at least 200,000 QSP to request an audit. Is that QSP taken as payment upon on audit, or just required to hold during the audit and then can be transferred or sold later on?

@crypto_bobby It’s an upfront payment for the audit. The full audit price is negotiated based on complexity and we work with the companies on that.

@Jon_A_Haas thanks for the follow up, appreciate it!

@soonaorlater I personally find the crypto space to be rather insular, once people come into the space it is very embracing, but I haven't seen much inroads for blockchain organizations reaching out to non blockchain spaces and events. I think there is sort of a "build it and they will come" mentality, (which I also believe to be true in the long term). I am constantly surprised by the amount of people with deep technical ability outright ignoring crypto. I feel this is mostly due to the lack of outreach on our part into other spaces. Perfect example, Quantstamp was only one of two crypto organizations at BsidesSF, an event packed full of deep expertise in InfoSec.

@SovCryptoBlog Qualstamp is more in the machine stamping and fabrication space. They have made little to no inroads into the blockchain space.
Quantstamp on the other hand has recently signed on as one of the organizations helping the Ethereum Community Fund.
In 90 days we shipped a test net and a web analyzer. I believe that makes us far more ambitious for sure.

@SovCryptoBlog While Richard can answer this in depth, I'd honestly say our biggest win over the last year has been securing an absolutely stellar team. We've managed to hire a number of incredibly skilled individuals from industry and academia to best allow us to grow as a company. By doing so, we've managed to release a product ahead of schedule, perform a number of audits, and truly make an impact upon the field.

@dstuecken While our whitepaper discusses this in much further detail (https://docsend.com/view/shcsmhe), we use quite a variety of methods.

We utilize static analysis, concolic testing and symbolic execution, along with automated reasoning tools such as SAT and SMT. We've got a number of domain specific experts in these spaces, and often give back -- for instance, members of our team have contributed to MapleSAT, which is an award-winning SAT solver.

@Kartik-Talwar Not entirely sure I understand your question, but I'll take a swing at it.

Most of the chains you're seeing with similar smart contract platforms that have better guarantees / verification are typically quite a bit more restrictive in the actions they allow developers to perform. One of the great strengths of ethereum is the extensibility -- you're capable of really making it "what you want". This is largely why I think we've seen the rise of so many companies based upon ethereum and relevant constructs.

We like to think of security as a key ingredient, in the nature that it is essential to the dish. We don't want to sprinkle it on as if it were MSG. We saw this with the early web -- product building came first, with security coming second. As we've seen adoption already kick off, we can avoid repeating the same mistakes early web 2.0 found itself in. By baking in security into the DNA of the community, hopefully we can continue to have a place that is not only easy to get started, but designed with security in mind.

@Mike-Nortski We'd like to see something of the sort be released! We're definitely in a product sprint right now to help define what the next 90 and 180 days looks like. Once we've fully established what this looks like, we'll be sharing details where appropriate with our community. We're ensuring we truly gain an understanding of the ecosystem, which has consisted of quite a bit of research on our side. If you are a member of our various media channels, you may have seen a number of individuals on our team running surveys and asking questions -- both in our technical and non-technical chats.

@percussivetouch Fantastic question! Quite a common patterns have emerged over time -- largely those pertaining to reentrancy, integer over/under-flow, timestamp dependence, and transaction ordering dependence.

A number of these can best be seen in our platform (https://app.quantstamp.com), as well as within the "Making Smart Contracts Smarter" paper -- https://eprint.iacr.org/2016/633.pdf

@soonaorlater We want to secure adoption for the first billion people. That starts with the public's inherent trust of smart contract.

@dberkiv For now we really are just focused on solidity smart contracts on Ethereum. That said, our analyzer and expertise mostly looks at the bytecode so going forward we are looking to be blockchain agnostic. Which protocols do we hit first? We haven't yet decided our path yet, first we are more focused on building out the protocol and tackling hard problems.

@dberkiv While we're focusing right now on Ethereum, we're looking to be blockchain agnostic as we grow the company, our auditing solutions, and our presence in the community.

@Abdel-Berry Demand for the product continues to grow -- individuals and enterprises alike see a large value in utilizing smart contracts, and our niche expertise in this area has proven invaluable to entities looking to gain their footing in this space. Our individual auditing tool is live as well -- and people definitely are excited about how our product continues to involve!

@alex_plitt Thanks, Alexander! Really appreciate it :-)

@alex_plitt Hey! Happy to see you here!

@alex_plitt Thank you so much

@alex_plitt We definitely see pace picking up as we hire additional individuals -- and we're certainly looking to hire. Between our careers page (https://quantstamp.com/careers) and various recruiting events we've attended (BSides SF, RSA, Blockchain @ Berkeley) -- we're looking to scale, and to do so in a manner that can best benefit the company and the space as a whole.

Our number of projects in the manual audit queue is continuing to grow -- that number is a bit higher, but it fluctuates over time (such as when we complete an audit :-) )

@alex_plitt @Jon_A_Haas To grant some further clarity on that, this number typically grows anywhere between 5-10 a month, with our completion time depending upon the difficulty of the audit. Higher impact projects we tend to focus on, but as a result, these tend to be more time consuming (largely due to their immense technical complexity).

@Dems79 Not exactly -- the automated audit function provides guidance as to potential areas of vulnerability in the code -- it itself is an audit!

More involved manual audits are for contracts where an extra level of sensitivity is required -- largely by enterprises and individuals planning to undergo a large throughput on their smart contract.