Quantstamp operates as a blockchain security company specializing in auditing and securing smart contracts and decentralized applications (DApps) on blockchain platforms such as Ethereum. Their objective is to guarantee the security and dependability of blockchain applications by identifying vulnerabilities and potential risks within smart contracts.
This is an older audit review. Back in January of 2019, I decided to use Quantstamp tokens to buy an audit report for the iEthereum token contract.
It seems the audits have become more intense, intricate, detailed than the audit I received. We will make it a point to get a new audit on iEthereum in the coming months or years. But for now, we will highlight the original. The contract has not changed, only the industry has evolved.
As I have stated numerous times in conversation and I believe in past articles; my biggest concern with iEthereum is the pace in which technology moves. Has iEthereum been left behind with new advanced smart contract code?
In this audit you will see zero errors or critical issues at the time the audit was performed. However, you will find interesting that there are 45 compilation warnings. What does this mean?
“In a Quantstamp audit, a "warning" is a classification used to indicate potential issues or areas of concern in a smart contract. Unlike an "error" which typically signifies a critical issue that could lead to security vulnerabilities or malfunctions, a "warning" is a lower level of concern. It suggests that there might be code patterns or practices that could be improved for better security or efficiency, but they may not necessarily lead to immediate vulnerabilities.
Warnings in a Quantstamp audit serve as recommendations or suggestions for developers to enhance the quality of their code, even though they are not critical issues. Developers can use these warnings to refine their smart contracts and improve their overall security and performance.”
Do these warnings support my concern that although these warnings were not critical back in 2019 and only possible suggestions, and yet now, 5 years later, they have become more critical? Good questions.
There were 16 out of 45 compilation warnings of the iEthereum smart contract contained in the Quantstamp audit that were what I would describe as positive. They highlight the potential and possibilities of the contract. Warnings: #11, 13, 14, 16, 17, 18, 20, 21, 22, 23, 25, 26, 27, 29, 30, & 31.
Unused function parameter. Remove or comment out the variable name to silence this warning
Another 14 out of the 45 compilation warnings of the iEthereum contract audit were what I would describe as benefits to other value propositions iEthereum brings to the table. iEthereum is fully transparent and open source with no external admin or access control functions. If I were to develop on top of the iEthereum smart contract, I would be aware and potentially address the suggestions for the dapps intended use. But as it is, with the people looking for honesty in true open source and decentralization, I personally don’t see this warning as being critical. Especially if you are aware of it.
No visibility specified. Defaulting to "public".
6 out of the 45 compilation warnings below are what I have described above as my concern for the technology moving faster than the smart contract itself.
Subscribe to Premium to read the rest.
Become a paying subscriber of Premium to get access to this post and other subscriber-only content.
UpgradeA subscription gets you:
- Weekly Newsletters (6) per month
- Free iEthereum (see distribution schedule) with annual subscription
- Free iEthereum matched 1:1 into Scholarship /Grants with annual subscription
- Exclusive iEthereum Telegram Group invite