Quantstamp Labs
March 17, 2021

Quantstamp recently conducted several security engagements with the Flow blockchain ecosystem. We have completed audits of Flow’s core smart contracts, as well as Ethereum smart contracts involved in teleporting USDT back and forth between Ethereum and BloctoSwap, a decentralized exchange running on Flow. In addition, Quantstamp is currently reviewing Cadence, Flow’s new smart contract language and intends to conduct a full audit in the near future.

The Flow blockchain was originally created by Dapper Labs, the creators of CryptoKitties and NBA Top Shot, and is designed to optimize the user experience for entertainment, social, and gaming applications. In order to optimize for these applications, Dapper Labs is taking a different approach to scaling compared to Ethereum. While Ethereum and Ethereum applications are seeking to scale via sharding and layer 2 solutions, the Flow blockchain separates the validator / miner role into 4 separate roles in an effort to scale directly on Layer 1 without sharding.  

Flow has a unique consensus process. image source

Cadence, Flow’s Resource-Oriented Programming Language

Dapper Labs is also the original creator of Cadence, the resource-oriented programming language for smart contract development on Flow. Cadence is designed to be intuitive for developers, optimizes for the protection of digital assets, and is similar in many ways to Move, Libra's programming language.  

“Resource-oriented programming, a new paradigm that pairs linear types with object capabilities to create a secure and declarative model for digital ownership by ensuring that resources (and their associated assets) can only exist in one location at a time, cannot be copied, and cannot be accidentally lost or deleted” - Cadence documentation

In addition to our other security work, Quantstamp also audits and reviews smart contract languages. Quantstamp recently completed a security review of Cadence. This security engagement included:

Quantstamp intends to conduct a full security audit in the near future.

Flow’s Core Smart Contract

Quantstamp has audited the core smart contracts of the Flow blockchain. These contracts manage:


BloctoSwap is the first decentralized exchange (DEX) on Flow. BloctoSwap launched today on March 17th, 2021. BloctoSwap listed FLOW (the FLOW blockchain’s native token) and tUSDT (Tether), and listed the FLOW/tUSDT pair.

Quantstamp also recently audited Ethereum smart contracts that are responsible for teleporting USDT to and from Ethereum and BloctoSwap, a decentralized exchange (DEX) similar to Uniswap that operates on Flow. BloctoSwap will be the first place for users to purchase FUSD, with the USDT teleported to Flow from Ethereum, through contracts audited by Quantstamp.

BloctoSwap was created by portto, a company specializing in user friendly experiences for blockchain-enabled use cases. This was Quantstamp’s first audit of a DeFi application on Flow.

NBA Top Shot

According to CryptoSlam!, NBA Top Shot is leading in all-time sales for NFTs.

Successful applications are already running on Flow. NBA Top Shot, a marketplace for collectible NBA highlights that is officially licensed by the NBA, has already achieved over $300 million in sales and over 250K active users in less than 6 months. NBA Top Shots collectible moments are stored as NFTs on Flow. A similar marketplace is in the works for UFC digital collectibles.  

NFTs in the Mainstream Spotlight

Ranging from artwork to digital collectibles and in-game assets, NFTs are in the spotlight and are actively pushing blockchain technology mainstream. These collectibles are helping communities grow and flourish by creating value, enhancing authentic engagement, and unlocking unprecedented opportunities for creators.

Dapper Labs and portto are contributing to digital communities by focusing on user experience in the Flow blockchain ecosystem. Their commitment to user experience is reflected in the design choices they made for the Flow blockchain and applications. We look forward to hearing about future achievements from NBA Top Shot and the success of future projects from Dapper Labs.  

Quantstamp is pleased to secure the assets in your digital nation and work with projects that are pushing the industry forward while putting their users first.

Quantstamp 实验室

Quantstamp 最近,我们对Flow区块链生态系统进行了几次安全约定。我们已经完成了对Flow核心智能合约的审计,以及涉及在Ethereum和BloctoSwap(在Flow上运行的去中心化交易所)之间来回传送USDT的Ethereum智能合约。此外,Quantstamp ,目前正在审查Flow的新智能合约语言Cadence,并打算在近期进行全面审计。

Flow区块链最初是由CryptoKitties和NBA Top Shot的创建者Dapper Labs创建的,旨在优化娱乐、社交和游戏应用的用户体验。为了优化这些应用,与Ethereum相比,Dapper Labs采取了不同的扩展方式。虽然Ethereum和Ethereum应用都在寻求通过sharding和第2层解决方案进行扩展,但Flow区块链将验证者/矿工角色分离为4个独立的角色,以努力在第1层直接进行扩展,而无需sharding。

流量有独特的共识过程。 图片来源


Dapper Labs也是Cadence的原创者,Cadence是面向资源的编程语言,用于Flow上的智能合约开发。Cadence的设计对开发者来说是直观的,对数字资产的保护进行了优化,在很多方面与Libra的编程语言Move相似。


除了我们的其他安全工作外,Quantstamp 还审核和审查智能合约语言。Quantstamp 最近完成了对 Cadence 的安全审查。这项安全工作包括:

Quantstamp 打算在近期进行一次全面的安全审计。


Quantstamp 对Flow区块链的核心智能合约进行了审核。这些合约管理。



Quantstamp 最近还对Ethereum智能合约进行了审计,这些合约负责将USDT从Ethereum和BloctoSwap(类似于Uniswap的去中心化交易所(DEX),在Flow上运行)之间进行远程传输。BloctoSwap将是用户购买FUSD的第一个地方,USDT从Ethereum远距离传送到Flow,通过Quantstamp 审核的合约。

BloctoSwap 是由portto 创建的,这是一家专门为区块链启用的用例提供用户友好体验的公司。这是Quantstamp'第一次对Flow上的DeFi应用进行审核。


根据 CryptoSlam!,NBA巅峰对决在NFTs的销量中处于领先地位。

成功的应用已经在Flow上运行。NBA Top Shot是NBA官方授权的NBA精彩瞬间收藏市场,在不到6个月的时间里,已经实现了超过3亿美元的销售额,活跃用户超过25万。NBA Top Shots的收藏时刻以NFT的形式存储在Flow上。类似的UFC数字收藏品市场也在筹备中。  



Dapper Labs和portto通过关注Flow区块链生态系统的用户体验,为数字社区做出贡献。他们对用户体验的承诺体现在他们对Flow区块链和应用的设计选择上。我们期待着听到NBA巅峰对决未来的成就以及Dapper Labs未来项目的成功。  

Quantstamp ,很高兴能保障贵国数字国家的资产安全,并与推动行业发展的项目合作,同时将用户放在第一位。

紧跟Quantstamp ,了解最新的行业趋势↪So_1F6E1↩。
注册我们的时事通讯 ↪So_1F4EC↩。
November 11, 2020

Quantstamp Community Update - October 2020

‍Audit of Ethereum 2.0 client Teku, blockchain insurance, Open DeFi, virtual events, and more media coverage... here’s what happened at Quantstamp in October.‍

November 5, 2020

Why Bitcoin is Capturing Enterprise Attention

MicroStrategy made headlines this summer as the first publicly-traded company to buy Bitcoin as part of its capital allocation strategy. Since then, other companies have followed suit. Learn how current economic conditions and the unique properties of Bitcoin have driven these decisions.

October 28, 2020

Formally Verifying Hedera Hashgraph's Stablecoin Framework

Quantstamp created and formally verified a specification for Hedera Hashgraph stablecoins. This simplifies the process of creating safe stablecoins and also makes easier for partners to safely integrate them.

October 27, 2020

Quantstamp Completes Audit of 2nd ETH 2.0 Implementation

Quantstamp has now completed its audit of Teku, the Ethereum 2.0 client developed by ConsenSys. Quantstamp also audited Prysm by Prysmatic Labs.