Quantstamp Audits Layer 1 Blockchains

March 1, 2024
Quantstamp Labs

Quantstamp has secured over 5 billion USD in digital assets and provided security services for over 130 organizations including startups, foundations, and enterprises. Apart from securing the applications that run on blockchain platforms, we also offer security services for base layer protocols. Our experience with base layer protocols includes ETH2, Avalanche, and Cardano. For ETH2, we audited the Prysm client by Prysmatic Labs and we are currently auditing the Teku client by ConsenSys.

In this post, we describe what goes into a Layer 1 audit and highlight some of the unique mechanisms we have worked with.

ETH2 uses proof-of-stake as its consensus mechanism. ETH2 eventually aims to utilize proof-of-stake to validate data across 64 shards.

The Consensus Layer

Quantstamp searches for bugs that may prevent Layer 1 networks from reaching consensus. For a network to be in consensus, nodes of a specific network need to be in agreement about the latest state of that network. For a distributed network to be successful, consensus disruptions must be rare because they can make the network unusable for a time.

ETH2, Cardano, and Avalanche each have a unique protocol for producing consensus. ETH2 and Cardano both use proof-of-stake (PoS): however, ETH2 has a PoS model that incentivizes good behavior through slashing, while Cardano uses a delegated proof-of-stake model without slashing. Cardano’s consensus model is referred to as “delegated proof-of-stake” because users delegate their right to validate transactions to a stake pool operator in exchange for a portion of that pool’s rewards.

Avalanche includes a directed acyclic graph (DAG) component. DAG nodes have a unique internal mechanism for determining which transactions will ultimately be included in the DAG. image source

Quantstamp looks for vulnerabilities that interfere with consensus and leave networks susceptible to attacks including, but not limited to:

Not all distributed networks are blockchains; some are directed acyclic graphs (DAGs).

The Ledgers

The Layer 1 protocols we have secured do not only differ in how they achieve consensus, they also differ in how they store their data. Avalanche’s ledger is actually not a blockchain but a directed acyclic graph. Cardano and ETH2 use blockchains. Quantstamp audited ETH2’s Beacon Chain, the blockchain at the heart of ETH2’s future sharded ledger system. Quantstamp ensures that the data stored in these ledgers is immutable, honest, and free of vulnerabilities.

Quantstamp audits wallets to secure user funds.

User-Facing Applications

Organizations seeking a Layer 1 audit also need security for the user-facing applications that help non-technical users interact with the blockchain. For Cardano, Quantstamp also audited the Daedalus wallet in order to secure user private keys and funds.

Quantstamp Labs
September 1, 2020

Quantstamp has secured over 5 billion USD in digital assets and provided security services for over 130 organizations including startups, foundations, and enterprises. Apart from securing the applications that run on blockchain platforms, we also offer security services for base layer protocols. Our experience with base layer protocols includes ETH2, Avalanche, and Cardano. For ETH2, we audited the Prysm client by Prysmatic Labs and we are currently auditing the Teku client by ConsenSys.

In this post, we describe what goes into a Layer 1 audit and highlight some of the unique mechanisms we have worked with.

ETH2 uses proof-of-stake as its consensus mechanism. ETH2 eventually aims to utilize proof-of-stake to validate data across 64 shards.

The Consensus Layer

Quantstamp searches for bugs that may prevent Layer 1 networks from reaching consensus. For a network to be in consensus, nodes of a specific network need to be in agreement about the latest state of that network. For a distributed network to be successful, consensus disruptions must be rare because they can make the network unusable for a time.

ETH2, Cardano, and Avalanche each have a unique protocol for producing consensus. ETH2 and Cardano both use proof-of-stake (PoS): however, ETH2 has a PoS model that incentivizes good behavior through slashing, while Cardano uses a delegated proof-of-stake model without slashing. Cardano’s consensus model is referred to as “delegated proof-of-stake” because users delegate their right to validate transactions to a stake pool operator in exchange for a portion of that pool’s rewards.

Avalanche includes a directed acyclic graph (DAG) component. DAG nodes have a unique internal mechanism for determining which transactions will ultimately be included in the DAG. image source

Quantstamp looks for vulnerabilities that interfere with consensus and leave networks susceptible to attacks including, but not limited to:

Not all distributed networks are blockchains; some are directed acyclic graphs (DAGs).

The Ledgers

The Layer 1 protocols we have secured do not only differ in how they achieve consensus, they also differ in how they store their data. Avalanche’s ledger is actually not a blockchain but a directed acyclic graph. Cardano and ETH2 use blockchains. Quantstamp audited ETH2’s Beacon Chain, the blockchain at the heart of ETH2’s future sharded ledger system. Quantstamp ensures that the data stored in these ledgers is immutable, honest, and free of vulnerabilities.

Quantstamp audits wallets to secure user funds.

User-Facing Applications

Organizations seeking a Layer 1 audit also need security for the user-facing applications that help non-technical users interact with the blockchain. For Cardano, Quantstamp also audited the Daedalus wallet in order to secure user private keys and funds.

Interested in learning about the latest developments in DeFi?
Learn more
Interested in learning about the latest developments in DeFi?
Learn more
Quantstamp Announcements

Modular Account: How Audits Can Help Shape Standards And Catalyze Mass Adoption

Quantstamp recently conducted a smart contract audit for Alchemy’s Modular Account, a wallet implementation designed from the ground up for ERC-4337 and ERC-6900 compatibility including two plugins

Read more
Quantstamp Announcements

Quantstamp 2023 Web3 Security Year In Review

As the year comes to a close, we wanted to take a moment to reflect on this year’s biggest hacks, root causes, and noteworthy trends.

Read more