Ropsten Test QSP Network Instructions

Thanks for coming! We’re very glad you’re going to try out our proof-of-concept, smart contract security auditing node, on the Ropsten test network.

We have the instructions in three parts: first, you’ll give permission allowing our auditing node to withrdraw QSP tokens from your wallet to pay for one or more audits. Second, we’ll walk you through requesting an automated audit and triggering the actual payment associated with the audit. Finally, we’ll tell you where you can find and view your audit report.

Note: Due to the nature of blockchain transactions, you’ll want to avoid long delays between taking the steps below. Waiting too long between starting and finishing a section of the instructions could cause the process to time out. If that happens, simply return to the start and begin again.

Part 0: Get Ready..

Begin by navigating to the Contracts section of MyEtherWallet.

  1. Set your network to the Ropsten Test Network by opening the Network dropdown menu in the top-right corner and choose Ropsten (infura.io)
  2. Check that your preferred method of accessing your wallet (e.g., MEW, MetaMask) is also set to Ropsten.
  3. Make sure your wallet holds enough of both Ropsten ETH and Ropsten QSP to cover your transactions. If needed, get Ropsten ETH from a Ropsten Faucet.
  4. Have a URI ready for each smart contract you wish to audit. This URI must not be a link to Etherscan, Etherchain, etc. It must be a web address which returns only plain Solidity source code, like this URI example. Do not enter a URL to a Github repo like this example. We need the URI to the raw code, directly. Note that our test network currently supports Solidity up to version 0.4.21, and that the version must be prefixed with the caret character (^).

Part 1: Authorize Quantstamp to collect your QSP as payment

  1. In the Contract Address field of MyEtherWallet, enter the Quantstamp Token Smart Contract Address: 0xc1220b0bA0760817A9E8166C114D3eb2741F5949
  2. In a different browser window, open the Quantstamp Token Contract ABI and copy all the text on the page.
  3. Paste the ABI into the ABI/JSON Interface field on the MyEtherWallet and then click the Access button.
  4. Below the Access button you will now see a field called Read/Write Contract and a dropdown that says Select a function.
  5. Select the approve function.
  6. Two new fields will appear: _spender and _value
  7. The _spender is the entity to which you are giving permission to withdraw Ropsten QSP from your wallet later. Add the Quantstamp Audit Smart Contract address 0x80c4Cc0C2290BaB5939D2C71184e415D9DCD2F9b as the _spender.
  8. The _value is the total amount of Ropsten QSP which you are giving permission to withdraw. If you want to do three audits and each audit costs 5000 QSP then you would set _value to 75 (as an example). You can keep running audits until the audit node has withdrawn the full amount of QSP you set here.
  9. Further down the page you’ll see a section labeled How would you like to access your wallet? Select your preferred method of accessing the wallet.
  10. Now a large blue button will appear labeled Write. Click it to open a modal labeled Warning! You are about to execute a function on contract.
  11. You will see a box within the modal labeled Amount to Send, In most cases you should leave this as 0. Leave it at zero!
  12. There is also a box labeled Gas Limit. Usually this number will be precalculated for you and in that case, you should leave the number in that box alone. If it’s not precalculated for you, however, put in a nice large number like 250,000.
  13. Click Generate the transaction and then Yes I am sure! Make transaction.

Complete this transaction using your preferred method of accessing the wallet. When your payment succeeds, you are ready to request a security audit.

Part 2: Request a security audit from Quantstamp

  1. Return to MyEtherWallet and reload the page. (MyEtherWallet requires a refresh before beginning a new transaction.)

  2. Enter the contract address for Quantstamp’s Audit Contract: 0x80c4Cc0C2290BaB5939D2C71184e415D9DCD2F9b

  3. In the field for ABI/JSON Interface, enter the contents of the Quantstamp Audit Contract Use the option to Copy in favor of select-all, if available.

  4. Enter Access and select the function requestAudit in the Read/Write Contract section.

  5. Enter the URI for the smart contract you wish to audit along with 25 for the price. (This is the amount of QSP which the audit node will withdraw from your wallet because you granted it permission to do so in Part 1).

  6. Re-connect MyEtherWallet to your preferred method for accessing your wallet by clicking Write. Once successful, click Write a second time to continue.

  7. In the modal, enter 0.003 into this field labeled Amount to Sent, In most cases you should leave this is as 0. Why? The audit node needs both Ropsten QSP to run the audit and a little bit of Ropsten ETH to pay miners to put the audit report onto the blockchain when it finishes.

  8. There is also a box labeled Gas Limit. Usually this number will be precalculated for you and in that case, you should leave the number in that box alone. If it’s not precalculated for you, however, put in a nice large number like 500,000.

  9. Generate and make the transaction as before.

Part 3: View your security report

  1. In Etherscan, open your successful transaction to request an audit which you just created in Part 2.

  2. On the Etherscan page, click the tab for Event Logs. You’ll see a section titled Transaction Receipt Event Logs, followed by one or more blocks of text that start with something like [x] Address 0xc1..... where [x] is some single-digit number. You need to find the block that starts with this address: [x] Address 0x80c4cc0c2290bab5939d2c71184e415d9dcd2f9b

  3. In that block, find the section labeled Data. That will be a column of several rows of numbers with a small dropdown at the start of each line. Find the first line in this section and change the dropdown to to Number. You should now see an integer in standard base-10 notation, like 72 or 91.

  4. Copy down the number. This is the requestID of your audit request, and you’ll use it to retrieve your audit report.

  5. Open the Quantstamp Audit Contract on Etherscan.

  6. Under Read Smart Contract, you can enter your requestID which you saved in Part 3, Step 4, into line 1: isAuditFinished, click Query, and Etherscan will return true.

  7. On line 5: audits, enter your requestID and click Query. It may take several minutes to see the result of the audit.

  8. Copy the reportURI into a browser address bar to view the report as JSON.