Securing the Flow Ecosystem

Quantstamp Labs
March 17, 2021

Quantstamp recently conducted several security engagements with the Flow blockchain ecosystem. We have completed audits of Flow’s core smart contracts, as well as Ethereum smart contracts involved in teleporting USDT back and forth between Ethereum and BloctoSwap, a decentralized exchange running on Flow. In addition, Quantstamp is currently reviewing Cadence, Flow’s new smart contract language and intends to conduct a full audit in the near future.

The Flow blockchain was originally created by Dapper Labs, the creators of CryptoKitties and NBA Top Shot, and is designed to optimize the user experience for entertainment, social, and gaming applications. In order to optimize for these applications, Dapper Labs is taking a different approach to scaling compared to Ethereum. While Ethereum and Ethereum applications are seeking to scale via sharding and layer 2 solutions, the Flow blockchain separates the validator / miner role into 4 separate roles in an effort to scale directly on Layer 1 without sharding.  

Flow has a unique consensus process. image source

Cadence, Flow’s Resource-Oriented Programming Language

Dapper Labs is also the original creator of Cadence, the resource-oriented programming language for smart contract development on Flow. Cadence is designed to be intuitive for developers, optimizes for the protection of digital assets, and is similar in many ways to Move, Libra's programming language.  

“Resource-oriented programming, a new paradigm that pairs linear types with object capabilities to create a secure and declarative model for digital ownership by ensuring that resources (and their associated assets) can only exist in one location at a time, cannot be copied, and cannot be accidentally lost or deleted” - Cadence documentation

In addition to our other security work, Quantstamp also audits and reviews smart contract languages. Quantstamp recently completed a security review of Cadence. This security engagement included:

Quantstamp intends to conduct a full security audit in the near future.

Flow’s Core Smart Contract

Quantstamp has audited the core smart contracts of the Flow blockchain. These contracts manage:

BloctoSwap

BloctoSwap is the first decentralized exchange (DEX) on Flow. BloctoSwap launched today on March 17th, 2021. BloctoSwap listed FLOW (the FLOW blockchain’s native token) and tUSDT (Tether), and listed the FLOW/tUSDT pair.

Quantstamp also recently audited Ethereum smart contracts that are responsible for teleporting USDT to and from Ethereum and BloctoSwap, a decentralized exchange (DEX) similar to Uniswap that operates on Flow. BloctoSwap will be the first place for users to purchase FUSD, with the USDT teleported to Flow from Ethereum, through contracts audited by Quantstamp.

BloctoSwap was created by portto, a company specializing in user friendly experiences for blockchain-enabled use cases. This was Quantstamp’s first audit of a DeFi application on Flow.

NBA Top Shot

According to CryptoSlam!, NBA Top Shot is leading in all-time sales for NFTs.

Successful applications are already running on Flow. NBA Top Shot, a marketplace for collectible NBA highlights that is officially licensed by the NBA, has already achieved over $300 million in sales and over 250K active users in less than 6 months. NBA Top Shots collectible moments are stored as NFTs on Flow. A similar marketplace is in the works for UFC digital collectibles.  

NFTs in the Mainstream Spotlight

Ranging from artwork to digital collectibles and in-game assets, NFTs are in the spotlight and are actively pushing blockchain technology mainstream. These collectibles are helping communities grow and flourish by creating value, enhancing authentic engagement, and unlocking unprecedented opportunities for creators.

Dapper Labs and portto are contributing to digital communities by focusing on user experience in the Flow blockchain ecosystem. Their commitment to user experience is reflected in the design choices they made for the Flow blockchain and applications. We look forward to hearing about future achievements from NBA Top Shot and the success of future projects from Dapper Labs.  

Quantstamp is pleased to secure the assets in your digital nation and work with projects that are pushing the industry forward while putting their users first.

Quantstamp Labs
March 17, 2021

Quantstamp recently conducted several security engagements with the Flow blockchain ecosystem. We have completed audits of Flow’s core smart contracts, as well as Ethereum smart contracts involved in teleporting USDT back and forth between Ethereum and BloctoSwap, a decentralized exchange running on Flow. In addition, Quantstamp is currently reviewing Cadence, Flow’s new smart contract language and intends to conduct a full audit in the near future.

The Flow blockchain was originally created by Dapper Labs, the creators of CryptoKitties and NBA Top Shot, and is designed to optimize the user experience for entertainment, social, and gaming applications. In order to optimize for these applications, Dapper Labs is taking a different approach to scaling compared to Ethereum. While Ethereum and Ethereum applications are seeking to scale via sharding and layer 2 solutions, the Flow blockchain separates the validator / miner role into 4 separate roles in an effort to scale directly on Layer 1 without sharding.  

Flow has a unique consensus process. image source

Cadence, Flow’s Resource-Oriented Programming Language

Dapper Labs is also the original creator of Cadence, the resource-oriented programming language for smart contract development on Flow. Cadence is designed to be intuitive for developers, optimizes for the protection of digital assets, and is similar in many ways to Move, Libra's programming language.  

“Resource-oriented programming, a new paradigm that pairs linear types with object capabilities to create a secure and declarative model for digital ownership by ensuring that resources (and their associated assets) can only exist in one location at a time, cannot be copied, and cannot be accidentally lost or deleted” - Cadence documentation

In addition to our other security work, Quantstamp also audits and reviews smart contract languages. Quantstamp recently completed a security review of Cadence. This security engagement included:

Quantstamp intends to conduct a full security audit in the near future.

Flow’s Core Smart Contract

Quantstamp has audited the core smart contracts of the Flow blockchain. These contracts manage:

BloctoSwap

BloctoSwap is the first decentralized exchange (DEX) on Flow. BloctoSwap launched today on March 17th, 2021. BloctoSwap listed FLOW (the FLOW blockchain’s native token) and tUSDT (Tether), and listed the FLOW/tUSDT pair.

Quantstamp also recently audited Ethereum smart contracts that are responsible for teleporting USDT to and from Ethereum and BloctoSwap, a decentralized exchange (DEX) similar to Uniswap that operates on Flow. BloctoSwap will be the first place for users to purchase FUSD, with the USDT teleported to Flow from Ethereum, through contracts audited by Quantstamp.

BloctoSwap was created by portto, a company specializing in user friendly experiences for blockchain-enabled use cases. This was Quantstamp’s first audit of a DeFi application on Flow.

NBA Top Shot

According to CryptoSlam!, NBA Top Shot is leading in all-time sales for NFTs.

Successful applications are already running on Flow. NBA Top Shot, a marketplace for collectible NBA highlights that is officially licensed by the NBA, has already achieved over $300 million in sales and over 250K active users in less than 6 months. NBA Top Shots collectible moments are stored as NFTs on Flow. A similar marketplace is in the works for UFC digital collectibles.  

NFTs in the Mainstream Spotlight

Ranging from artwork to digital collectibles and in-game assets, NFTs are in the spotlight and are actively pushing blockchain technology mainstream. These collectibles are helping communities grow and flourish by creating value, enhancing authentic engagement, and unlocking unprecedented opportunities for creators.

Dapper Labs and portto are contributing to digital communities by focusing on user experience in the Flow blockchain ecosystem. Their commitment to user experience is reflected in the design choices they made for the Flow blockchain and applications. We look forward to hearing about future achievements from NBA Top Shot and the success of future projects from Dapper Labs.  

Quantstamp is pleased to secure the assets in your digital nation and work with projects that are pushing the industry forward while putting their users first.

Keep up with Quantstamp and the latest industry trends 🛡
Sign up to our newsletter 📬
November 11, 2020

Quantstamp Community Update - October 2020

‍Audit of Ethereum 2.0 client Teku, blockchain insurance, Open DeFi, virtual events, and more media coverage... here’s what happened at Quantstamp in October.‍

November 5, 2020

Why Bitcoin is Capturing Enterprise Attention

MicroStrategy made headlines this summer as the first publicly-traded company to buy Bitcoin as part of its capital allocation strategy. Since then, other companies have followed suit. Learn how current economic conditions and the unique properties of Bitcoin have driven these decisions.

October 28, 2020

Formally Verifying Hedera Hashgraph's Stablecoin Framework

Quantstamp created and formally verified a specification for Hedera Hashgraph stablecoins. This simplifies the process of creating safe stablecoins and also makes easier for partners to safely integrate them.

October 27, 2020

Quantstamp Completes Audit of 2nd ETH 2.0 Implementation

Quantstamp has now completed its audit of Teku, the Ethereum 2.0 client developed by ConsenSys. Quantstamp also audited Prysm by Prysmatic Labs.