Equilibrium is partnering with Quantstamp, a leading international auditor whose mission is to secure the decentralized internet. Equilibrium is the first Polkadot-based project that will be professionally audited. While Quantstamp has wide experience, this is a completely new kind of audit.
The key is that Polkadot does not natively support smart contracts running in an isolated environment, at which code security audits are usually directed. Instead, Polkadot works based on a Substrate (a modular framework for building blockchains) with its Pallets and off-chain workers. Pallets are Substrate runtime modules which supply business logic on top of the Substrate. Off-chain workers are making Substrate more efficient by offloading computation from the blockchain to validators in a trustworthy manner.
We are using the Polkadot Substrate to design our own customized blockchain, which will later be connected to Polkadot as a Parachain. For instance, we have customized the use of electronic signatures for off-chain brokers and claims. This innovation does not yet exist on the general Substrate and needs to be audited to ensure functionality. Furthermore, every pallet has a lot of custom settings and not only the particular preset for the current runtime should be audited but all their possible variations.
Quantstamp will audit Equilibrium’s core components, including the code which governs its underlying business-logic on balances, its risk and price modules, and its “bailout” mechanics. Quantstamp’s audit is of key importance to ensure the quality of Equilibrium’s performance. The main reason is that you are customizing a blockchain runtime when you are building on Substrate. If a bug affects a part of the logic on the Substrate, the blockchain as a whole can come to a standstill.
Quantstamp is particularly well suited to the task since it has a focus on DeFi. Notably, it has helped Maker respond to the Black Thursday incident this year and audited numerous Maker Foundation Community Grant recipients. One of Quantstamp’s specialties is protecting digital assets from hackers, and it has already helped 140 innovation enterprises to safeguard over $5 billion via security audits based on blockchain technology. Among its clients are Maker, Cardano, OMG Network, yearn.finance, Siemens, Conflux, Zillica, Binance, Prysm by Prysmatic Labs and Teku by ConsenSys on Ethereum 2.0, Chainlink, WEF, and eToro.