Securing the Flow Ecosystem

March 1, 2024
Quantstamp Labs

Quantstamp recently conducted several security engagements with the Flow blockchain ecosystem. We have completed audits of Flow’s core smart contracts, as well as Ethereum smart contracts involved in teleporting USDT back and forth between Ethereum and BloctoSwap, a decentralized exchange running on Flow. In addition, Quantstamp is currently reviewing Cadence, Flow’s new smart contract language and intends to conduct a full audit in the near future.

The Flow blockchain was originally created by Dapper Labs, the creators of CryptoKitties and NBA Top Shot, and is designed to optimize the user experience for entertainment, social, and gaming applications. In order to optimize for these applications, Dapper Labs is taking a different approach to scaling compared to Ethereum. While Ethereum and Ethereum applications are seeking to scale via sharding and layer 2 solutions, the Flow blockchain separates the validator / miner role into 4 separate roles in an effort to scale directly on Layer 1 without sharding.  

Flow has a unique consensus process. image source

Cadence, Flow’s Resource-Oriented Programming Language

Dapper Labs is also the original creator of Cadence, the resource-oriented programming language for smart contract development on Flow. Cadence is designed to be intuitive for developers, optimizes for the protection of digital assets, and is similar in many ways to Move, Libra's programming language.  

“Resource-oriented programming, a new paradigm that pairs linear types with object capabilities to create a secure and declarative model for digital ownership by ensuring that resources (and their associated assets) can only exist in one location at a time, cannot be copied, and cannot be accidentally lost or deleted” - Cadence documentation

In addition to our other security work, Quantstamp also audits and reviews smart contract languages. Quantstamp recently completed a security review of Cadence. This security engagement included:

Quantstamp intends to conduct a full security audit in the near future.

Flow’s Core Smart Contract

Quantstamp has audited the core smart contracts of the Flow blockchain. These contracts manage:

BloctoSwap

BloctoSwap is the first decentralized exchange (DEX) on Flow. BloctoSwap launched today on March 17th, 2021. BloctoSwap listed FLOW (the FLOW blockchain’s native token) and tUSDT (Tether), and listed the FLOW/tUSDT pair.

Quantstamp also recently audited Ethereum smart contracts that are responsible for teleporting USDT to and from Ethereum and BloctoSwap, a decentralized exchange (DEX) similar to Uniswap that operates on Flow. BloctoSwap will be the first place for users to purchase FUSD, with the USDT teleported to Flow from Ethereum, through contracts audited by Quantstamp.

BloctoSwap was created by portto, a company specializing in user friendly experiences for blockchain-enabled use cases. This was Quantstamp’s first audit of a DeFi application on Flow.

NBA Top Shot

According to CryptoSlam!, NBA Top Shot is leading in all-time sales for NFTs.

Successful applications are already running on Flow. NBA Top Shot, a marketplace for collectible NBA highlights that is officially licensed by the NBA, has already achieved over $300 million in sales and over 250K active users in less than 6 months. NBA Top Shots collectible moments are stored as NFTs on Flow. A similar marketplace is in the works for UFC digital collectibles.  

NFTs in the Mainstream Spotlight

Ranging from artwork to digital collectibles and in-game assets, NFTs are in the spotlight and are actively pushing blockchain technology mainstream. These collectibles are helping communities grow and flourish by creating value, enhancing authentic engagement, and unlocking unprecedented opportunities for creators.

Dapper Labs and portto are contributing to digital communities by focusing on user experience in the Flow blockchain ecosystem. Their commitment to user experience is reflected in the design choices they made for the Flow blockchain and applications. We look forward to hearing about future achievements from NBA Top Shot and the success of future projects from Dapper Labs.  

Quantstamp is pleased to secure the assets in your digital nation and work with projects that are pushing the industry forward while putting their users first.

Quantstamp Labs
March 17, 2021

Quantstamp recently conducted several security engagements with the Flow blockchain ecosystem. We have completed audits of Flow’s core smart contracts, as well as Ethereum smart contracts involved in teleporting USDT back and forth between Ethereum and BloctoSwap, a decentralized exchange running on Flow. In addition, Quantstamp is currently reviewing Cadence, Flow’s new smart contract language and intends to conduct a full audit in the near future.

The Flow blockchain was originally created by Dapper Labs, the creators of CryptoKitties and NBA Top Shot, and is designed to optimize the user experience for entertainment, social, and gaming applications. In order to optimize for these applications, Dapper Labs is taking a different approach to scaling compared to Ethereum. While Ethereum and Ethereum applications are seeking to scale via sharding and layer 2 solutions, the Flow blockchain separates the validator / miner role into 4 separate roles in an effort to scale directly on Layer 1 without sharding.  

Flow has a unique consensus process. image source

Cadence, Flow’s Resource-Oriented Programming Language

Dapper Labs is also the original creator of Cadence, the resource-oriented programming language for smart contract development on Flow. Cadence is designed to be intuitive for developers, optimizes for the protection of digital assets, and is similar in many ways to Move, Libra's programming language.  

“Resource-oriented programming, a new paradigm that pairs linear types with object capabilities to create a secure and declarative model for digital ownership by ensuring that resources (and their associated assets) can only exist in one location at a time, cannot be copied, and cannot be accidentally lost or deleted” - Cadence documentation

In addition to our other security work, Quantstamp also audits and reviews smart contract languages. Quantstamp recently completed a security review of Cadence. This security engagement included:

Quantstamp intends to conduct a full security audit in the near future.

Flow’s Core Smart Contract

Quantstamp has audited the core smart contracts of the Flow blockchain. These contracts manage:

BloctoSwap

BloctoSwap is the first decentralized exchange (DEX) on Flow. BloctoSwap launched today on March 17th, 2021. BloctoSwap listed FLOW (the FLOW blockchain’s native token) and tUSDT (Tether), and listed the FLOW/tUSDT pair.

Quantstamp also recently audited Ethereum smart contracts that are responsible for teleporting USDT to and from Ethereum and BloctoSwap, a decentralized exchange (DEX) similar to Uniswap that operates on Flow. BloctoSwap will be the first place for users to purchase FUSD, with the USDT teleported to Flow from Ethereum, through contracts audited by Quantstamp.

BloctoSwap was created by portto, a company specializing in user friendly experiences for blockchain-enabled use cases. This was Quantstamp’s first audit of a DeFi application on Flow.

NBA Top Shot

According to CryptoSlam!, NBA Top Shot is leading in all-time sales for NFTs.

Successful applications are already running on Flow. NBA Top Shot, a marketplace for collectible NBA highlights that is officially licensed by the NBA, has already achieved over $300 million in sales and over 250K active users in less than 6 months. NBA Top Shots collectible moments are stored as NFTs on Flow. A similar marketplace is in the works for UFC digital collectibles.  

NFTs in the Mainstream Spotlight

Ranging from artwork to digital collectibles and in-game assets, NFTs are in the spotlight and are actively pushing blockchain technology mainstream. These collectibles are helping communities grow and flourish by creating value, enhancing authentic engagement, and unlocking unprecedented opportunities for creators.

Dapper Labs and portto are contributing to digital communities by focusing on user experience in the Flow blockchain ecosystem. Their commitment to user experience is reflected in the design choices they made for the Flow blockchain and applications. We look forward to hearing about future achievements from NBA Top Shot and the success of future projects from Dapper Labs.  

Quantstamp is pleased to secure the assets in your digital nation and work with projects that are pushing the industry forward while putting their users first.

Keep up with Quantstamp and the latest industry trends 🛡
Sign up to our newsletter 📬
Keep up with Quantstamp and the latest industry trends 🛡
Sign up to our newsletter 📬
Quantstamp Announcements

Modular Account: How Audits Can Help Shape Standards And Catalyze Mass Adoption

Quantstamp recently conducted a smart contract audit for Alchemy’s Modular Account, a wallet implementation designed from the ground up for ERC-4337 and ERC-6900 compatibility including two plugins

Read more
Quantstamp Announcements

Quantstamp 2023 Web3 Security Year In Review

As the year comes to a close, we wanted to take a moment to reflect on this year’s biggest hacks, root causes, and noteworthy trends.

Read more