logoETHGlobal Waterloo




Quantstamp is a global leader in blockchain security, on a mission to secure the future of web3. We have performed hundreds of audits and protected billions in digital asset risk from hackers. Quantstamp is honored to have worked with some of the top projects in the industry, including Maker, Compound, Polygon, Arbitrum, Sandbox, and many more. come!


Smart Contract Security Tooling

We will be awarding the following prizes based on the following categories:

🛠 $2,500 for the Best Use Case 🎨 $2,500 for the Most Creative Solution


This bounty is for highly motivated and technically skilled individuals who are willing to take the challenge to innovate and create tooling that can be beneficial for smart contract audits. The goal of this bounty is to create functioning prototypes of tools that can be used during the audit process, that foster security in smart contract development, or that can be used to build more tools.

Your project can be an extension to an existing tool, a new application, an AI-enhanced system, or it can have any other format as long as it aligns with the requirements and objectives of this assignment. If your tool is strong and innovative, there are opportunities for further incubation, and even the chance to join our team.

In addition to the source code, each tool needs to be submitted with a high-level description of its intention, a writeup of how it accomplishes the goal, instructions for executing the tool, and a demonstration of its capabilities. This can include sample smart contracts where it performs well and poorly, or some benchmarks (possibly against the contracts on-chain).

Some Examples and Ideas:

  • Develop a Slither extension: Create an extension that enhances the current Slither capabilities. This could include new analyses, or be an improvement to the current ones.

  • Use AI in smart contract audit or development: Sensibly apply AI to aid smart contract development or an audit. Do not have it do all the work (we know that this is problematic), but use it for something where it can perform well. This can include generating tests, inferring requirements, visualizing smart contract structure, comparing code to documentation, writing documentation, or assessing the quality of documentation and tests.

  • Produce ABIs for smart contracts based on bytecode: Construct a tool that, given a byte code, can retrieve an Application Binary Interface (ABI).

  • Attribution of newly deployed smart contracts: Develop a tool capable of attributing newly deployed smart contracts to projects. Code similarity detection: Create a tool capable of detecting code similarities.

  • Hack detector: Develop a tool that can detect potential hacks, either at the level of a transaction (in the mempool or after execution), or at the protocol level (recognizing that a protocol was hacked by some transaction).

  • Security tool for another chain or language: Build a tool that enhances the security of another blockchain or language. You can port some existing tooling, or develop new tools.

Evaluation Criteria:

  • Innovation and Uniqueness: We are looking for original ideas that can add value to the blockchain community.
  • Functionality: The tool should be functional, with clear evidence of its effectiveness.
  • Scalability and Usability: Consideration will be given to projects that demonstrate scalability and usability in practice.
  • Accuracy: Sometimes less is more. Tools that do just one thing really well can be better than tools that are very versatile, but fail often.
  • Impact: The tool should be able to improve smart contract audits or have a positive impact on the blockchain ecosystem.

Getting Started