An Ethereum smart contract is a computer program which directly controls the transfer of digital currencies or assets between parties according to certain conditions. Smart contract run on the Ethereum platform and are the working backbone of most of the services you interact with: wallets, ICOs, cryptocurrency exchanges, prediction markets, etc.
SolidStamp offers an easy and free way to check the contracts you are using and interacting with. Go to our account page. Copy/Paste the Ethereum address(es) you are using in the edit box and press the "Check it now for free" button. You will get a report showing all the unique smart contracts the provided address(es) have ever interacted with ranked by the amount of Ether transferred from your address(es) to the contract. For each contract, you can also see how many people have audited it.
Creating secure and useful smart contracts is difficult. Doing this well requires sophisticated skills, specialized experience and a close attention to detail. Smart contracts, once written, cannot be easily modified or edited. For this reason, high-quality service creators commission external audits by security experts. As a user, you should pay attention to whether a smart contract you are using has successfully passed an audit or not. The cost for not doing this can be high. Millions of Ether are lost or stolen because of poorly or maliciously written smart contracts.
If the smart contract you are using or are planning to use is not listed as audited, you should be careful. We recommend contacting the contract author or service creator directly and ask if their contract has been audited. If they have had their smart contract audited, refer them to SolidStamp and ask them to list their audit. Additionally, you can request an audit directly from one of the SolidStamp auditors.
You can request an audit directly from SolidStamp via the contract page. Here, you can choose a specific auditor and provide a reward for the audit. If there is an audit request already listed for your smart contract, you can join the request and raise the reward for the auditor. If you want a different auditor for a contract already under review, you can make your own new request. Your auditor receives the reward only after verifying the contract and publishing the audit’s outcome at SolidStamp.
Absolutely. Increasing your reward will make your request more attractive to the auditor. Just make another request to the same auditor and add an additional reward. Please keep in mind that if your new request expires after the original request, the entire offer (both original and new reward) will expire at the later date.
Increasing the reward helps. Auditors receive an email notification every time they are requested to make an audit or the reward increases. You can also nudge them by promoting the audit request on social media so others can join and increase the overall reward.
Your request and reward are valid only for the specific window of time you choose. After this time expires, you can withdraw your request at no cost. By including your email address when making a request, you’ll get a notification when your request is accepted or expires. Note: an auditor can still audit the contract and earn the reward after time expires if you don’t remove your reward.
After you upload your audit report, you can additionally approve or reject some or all the audited contracts. By approving the contract you ensure that all the critical issues listed in your report were fixed prior to mainnet deployment. If this is not the case, you can reject the contract. The approvals and rejections are stored on-chain and are displayed to SolidStamp users.
If you conduct audits as a company, you should register as a company. It's also possible to connect your company's Twitter account, but we currently don't support connecting a GitHub organization account.
A contract source code is compiled to its binary code. It's only the binary code that's deployed to the blockchain and stored by the Ethereum nodes. As contracts may share the same code (for example multi-sig wallets), internally, each node references a particular contract by its CodeHash, a keccak256 hash from the binary code. The CodeHash definition comes straight from the Yellow Paper (page #3).
No, we haven’t issued a SolidStamp whitepaper. It’s worth mentioning that the existence of a whitepaper does not necessarily equal a valuable or useful service. Whitepapers are often written with the sole purpose of generating investment by some end-user group. This is not the case with SolidStamp. For us, SolidStamp is a straightforward service, and our site and this FAQ should provide enough info to understand what we offer. If you disagree and want a more technical description take a look at our contract source code or send us an email.
We make a small commission (currently 1%) from the reward paid to each auditor. SolidStamp does not take money to post preferred smart contracts or auditors. If we ever decide to do this, we will make sure that you can clearly see any sponsored listings.
Deceptive ICO’s and smart contracts created solely to defraud end-users of their money should not exist. While traditional financial and contractual relationships may have the benefit of official forms of authentication and regulation, this is not the case with decentralized smart contracts and currencies. Fundamentally, the blockchain registry of Etherium provides transparency to every part of a transaction. We want to increase this transparency by providing additional validation of smart contracts for users that are not technologically savvy or proficient in smart contract coding. Our goal is to connect end-users with the people that are best placed to tell them if a smart contract they plan to interact with is safe.