确保流动生态系统的安全

Quantstamp Labs
March 17, 2021

Quantstamp recently conducted several security engagements with the Flow blockchain ecosystem. We have completed audits of Flow’s core smart contracts, as well as Ethereum smart contracts involved in teleporting USDT back and forth between Ethereum and BloctoSwap, a decentralized exchange running on Flow. In addition, Quantstamp is currently reviewing Cadence, Flow’s new smart contract language and intends to conduct a full audit in the near future.

The Flow blockchain was originally created by Dapper Labs, the creators of CryptoKitties and NBA Top Shot, and is designed to optimize the user experience for entertainment, social, and gaming applications. In order to optimize for these applications, Dapper Labs is taking a different approach to scaling compared to Ethereum. While Ethereum and Ethereum applications are seeking to scale via sharding and layer 2 solutions, the Flow blockchain separates the validator / miner role into 4 separate roles in an effort to scale directly on Layer 1 without sharding.  

Flow has a unique consensus process. image source

Cadence, Flow’s Resource-Oriented Programming Language

Dapper Labs is also the original creator of Cadence, the resource-oriented programming language for smart contract development on Flow. Cadence is designed to be intuitive for developers, optimizes for the protection of digital assets, and is similar in many ways to Move, Libra's programming language.  

“Resource-oriented programming, a new paradigm that pairs linear types with object capabilities to create a secure and declarative model for digital ownership by ensuring that resources (and their associated assets) can only exist in one location at a time, cannot be copied, and cannot be accidentally lost or deleted” - Cadence documentation

In addition to our other security work, Quantstamp also audits and reviews smart contract languages. Quantstamp recently completed a security review of Cadence. This security engagement included:

Quantstamp intends to conduct a full security audit in the near future.

Flow’s Core Smart Contract

Quantstamp has audited the core smart contracts of the Flow blockchain. These contracts manage:

BloctoSwap

BloctoSwap is the first decentralized exchange (DEX) on Flow. BloctoSwap launched today on March 17th, 2021. BloctoSwap listed FLOW (the FLOW blockchain’s native token) and tUSDT (Tether), and listed the FLOW/tUSDT pair.

Quantstamp also recently audited Ethereum smart contracts that are responsible for teleporting USDT to and from Ethereum and BloctoSwap, a decentralized exchange (DEX) similar to Uniswap that operates on Flow. BloctoSwap will be the first place for users to purchase FUSD, with the USDT teleported to Flow from Ethereum, through contracts audited by Quantstamp.

BloctoSwap was created by portto, a company specializing in user friendly experiences for blockchain-enabled use cases. This was Quantstamp’s first audit of a DeFi application on Flow.

NBA Top Shot

According to CryptoSlam!, NBA Top Shot is leading in all-time sales for NFTs.

Successful applications are already running on Flow. NBA Top Shot, a marketplace for collectible NBA highlights that is officially licensed by the NBA, has already achieved over $300 million in sales and over 250K active users in less than 6 months. NBA Top Shots collectible moments are stored as NFTs on Flow. A similar marketplace is in the works for UFC digital collectibles.  

NFTs in the Mainstream Spotlight

Ranging from artwork to digital collectibles and in-game assets, NFTs are in the spotlight and are actively pushing blockchain technology mainstream. These collectibles are helping communities grow and flourish by creating value, enhancing authentic engagement, and unlocking unprecedented opportunities for creators.

Dapper Labs and portto are contributing to digital communities by focusing on user experience in the Flow blockchain ecosystem. Their commitment to user experience is reflected in the design choices they made for the Flow blockchain and applications. We look forward to hearing about future achievements from NBA Top Shot and the success of future projects from Dapper Labs.  

Quantstamp is pleased to secure the assets in your digital nation and work with projects that are pushing the industry forward while putting their users first.

Quantstamp 实验室
2021年3月17日

Quantstamp 最近,我们对Flow区块链生态系统进行了几次安全约定。我们已经完成了对Flow核心智能合约的审计,以及涉及在Ethereum和BloctoSwap(在Flow上运行的去中心化交易所)之间来回传送USDT的Ethereum智能合约。此外,Quantstamp ,目前正在审查Flow的新智能合约语言Cadence,并打算在近期进行全面审计。

Flow区块链最初是由CryptoKitties和NBA Top Shot的创建者Dapper Labs创建的,旨在优化娱乐、社交和游戏应用的用户体验。为了优化这些应用,与Ethereum相比,Dapper Labs采取了不同的扩展方式。虽然Ethereum和Ethereum应用都在寻求通过sharding和第2层解决方案进行扩展,但Flow区块链将验证者/矿工角色分离为4个独立的角色,以努力在第1层直接进行扩展,而无需sharding。

流量有独特的共识过程。 图片来源

Cadence,Flow的面向资源的编程语言。

Dapper Labs也是Cadence的原创者,Cadence是面向资源的编程语言,用于Flow上的智能合约开发。Cadence的设计对开发者来说是直观的,对数字资产的保护进行了优化,在很多方面与Libra的编程语言Move相似。

"面向资源的编程,是一种新的范式,它将线性类型与对象能力配对,通过确保资源(及其相关资产)一次只能存在于一个位置,不能被复制,也不能意外丢失或删除,从而为数字所有权创建一个安全的声明式模型"--Cadence文档

除了我们的其他安全工作外,Quantstamp 还审核和审查智能合约语言。Quantstamp 最近完成了对 Cadence 的安全审查。这项安全工作包括:

Quantstamp 打算在近期进行一次全面的安全审计。

福禄的核心智能合约

Quantstamp 对Flow区块链的核心智能合约进行了审核。这些合约管理。

BloctoSwap

BloctoSwap是Flow上第一个去中心化交易所(DEX)。BloctoSwap于今天2021年3月17日推出。BloctoSwap上市了FLOW(FLOW区块链的原生代币)和tUSDT(Tether),并上市了FLOW/tUSDT对。

Quantstamp 最近还对Ethereum智能合约进行了审计,这些合约负责将USDT从Ethereum和BloctoSwap(类似于Uniswap的去中心化交易所(DEX),在Flow上运行)之间进行远程传输。BloctoSwap将是用户购买FUSD的第一个地方,USDT从Ethereum远距离传送到Flow,通过Quantstamp 审核的合约。

BloctoSwap 是由portto 创建的,这是一家专门为区块链启用的用例提供用户友好体验的公司。这是Quantstamp'第一次对Flow上的DeFi应用进行审核。

NBA顶级投篮

根据 CryptoSlam!,NBA巅峰对决在NFTs的销量中处于领先地位。

成功的应用已经在Flow上运行。NBA Top Shot是NBA官方授权的NBA精彩瞬间收藏市场,在不到6个月的时间里,已经实现了超过3亿美元的销售额,活跃用户超过25万。NBA Top Shots的收藏时刻以NFT的形式存储在Flow上。类似的UFC数字收藏品市场也在筹备中。  

非保税区成为主流焦点

从艺术品到数字收藏品和游戏内资产,NFTs备受关注,并积极推动区块链技术成为主流。这些收藏品通过创造价值、提升真实参与度、为创作者释放前所未有的机会,帮助社区成长和繁荣。

Dapper Labs和portto通过关注Flow区块链生态系统的用户体验,为数字社区做出贡献。他们对用户体验的承诺体现在他们对Flow区块链和应用的设计选择上。我们期待着听到NBA巅峰对决未来的成就以及Dapper Labs未来项目的成功。  

Quantstamp ,很高兴能保障贵国数字国家的资产安全,并与推动行业发展的项目合作,同时将用户放在第一位。

紧跟Quantstamp ,了解最新的行业趋势↪So_1F6E1↩。
注册我们的时事通讯 ↪So_1F4EC↩。
November 11, 2020

Quantstamp Community Update - October 2020

‍Audit of Ethereum 2.0 client Teku, blockchain insurance, Open DeFi, virtual events, and more media coverage... here’s what happened at Quantstamp in October.‍

November 5, 2020

Why Bitcoin is Capturing Enterprise Attention

MicroStrategy made headlines this summer as the first publicly-traded company to buy Bitcoin as part of its capital allocation strategy. Since then, other companies have followed suit. Learn how current economic conditions and the unique properties of Bitcoin have driven these decisions.

October 28, 2020

Formally Verifying Hedera Hashgraph's Stablecoin Framework

Quantstamp created and formally verified a specification for Hedera Hashgraph stablecoins. This simplifies the process of creating safe stablecoins and also makes easier for partners to safely integrate them.

October 27, 2020

Quantstamp Completes Audit of 2nd ETH 2.0 Implementation

Quantstamp has now completed its audit of Teku, the Ethereum 2.0 client developed by ConsenSys. Quantstamp also audited Prysm by Prysmatic Labs.