Summary

KLAY Funding

• Proposed: 260,000 USD
• Accepted: KLAY 260,000 USD worth
• Total Received Amount to Date: 140,000 USD worth
  • Reference : Klaytn price today, KLAY to USD live, marketcap and chart | CoinMarketCap
  • 20.11.04.(Tx) : 117,341 KLAY - $52K (1KLAY = $0.443154)
  • 21.1.27.(Tx) : 155,360 KLAY - $88K (1KLAY = $0.566429)
  • 21.4.14.(Tx) : 9,682 KLAY - $30K (1KLAY = $ 3.098571)

Proposal & Progress Reports

• Proposal : [Quantstamp] RT-Monitor

• Progress Report(1) : The 4th KIR : Quantstamp_RT-Monitor _Progress Report(1)

• Progress Report(2) : The 4th KIR : Quantstamp_RT-Monitor _Progress Report(2)

• Progress Report(3) : (upload) TBD

Status

• Accepted. developing RT-Monitor
• Period : 2020.10. ~ 2021.03

Brief Introduction of the Project

This document contains a proposal for the development of a Real Time Security
Monitoring Solution (RT-Monitor) to detect any abnormal transactions for the Klaytn
blockchain. The decision criteria of the abnormal transactions is dependent upon the
contract or system of contracts that is being monitored. We can customize the types of
analyses based on the needs of the Klaytn. In the case of typical ERC20 contracts, we
currently monitor for overflow issues (that may occur due to malicious minting or the
batch-overflow bug), mint/burn events, and contract owner changes. We also have
capabilities to filter for bad actors. For security monitoring, as an example non-ERC20
analysis, we monitor contracts that depend upon off-chain data oracles to ensure that
the oracles remain online and behave as expected.

The goal of this proposal is to further strengthen the security of the Klaytn ecosystem.
Clients who engage with Quantstamp’s Realtime Monitoring Solution benefit from our
experience as researchers, software engineers, and security auditors. Quantstamp has
observed the best processes and models for realtime monitoring solutions and other
security measures, which will be reflected in the solution provided by the RT-Monitor.

Key Deliverables

RT-Monitor

Deployed port of the RT monitor frontend

Fully functional deployed monitoring application with the same feature set as
Quantstamp’s RT monitor. Monitored alert types include:
a) Overflow detection
b) Token mints and burns
c) Token Ownership changes

Alert system

Token event alerts sent to SMS, and email address specified by user.

Registered tokens

Tokens will be registered in the system and will actively be monitored for supported
events

@Prop_Quantstamp_KH Hello this is Benson

I have some questions.

1. "$20,000 per security engineer " is it right? Is the price inclusive of other charges?
2. Is there any additional cost after initial development? Or is it paying every year? If it needs some cost, how much is it?
3. Does it include a AML Solution?
4. RT-Monitoring was originally for Ethereum, but is it changing to Klaytn?

cc @GC_Members

1. The weekly estimate of $20,000 per security engineer is purely for an engineer’s service and it does not include other charges.

2. The total budget shown on page 12 consists of two parts: a) Licensing Fee (payable annually), and b) Integration Services (one time payment). For the proposed Key Deliverables in phase 1, there will be no additional cost for the integration services.

3. The Key Deliverables in phase 1 do not include an AML solution. It can be discussed for phase 2. We have a solution that can be integrated.

4. Yes, Quantstamp originally developed the RT-Monitor for Ethereum, and now we will port it to Klaytn.

@Prop_Quantstamp_KH

Hello, Quantstamp Team.

Could I know when the 1st Progress Report is uploaded? (It may be the time that RT-Monitoring is being done.) If there is a change in Milestone/Timeline, it would be nice to leave a comment(reply)

@Prop_Quantstamp_KH

hello, 1st KLAY funding is done. If you have any question, feel free to ask me.

Hello, this is Don Ho from Quantstamp. We’d like to provide a progress report update on our project that will complete 30 Nov 2020.

Summary

The Quatnstamp team has been meeting with the Klaytn team on a weekly basis to align on the schedule and timeline of the project. Two weeks ago, we were introduced to the API and infrastructure engineers Colin and Andy. We have been reviewing the KAS documentation and testing the free version of the service. We also have our front end team currently integrating the website with Klaytn colorway and branding.

Project Milestones and Schedule

Since meeting with Colin and Andy two weeks ago, we are now doing the testing and integration of the front-end and back-end of the monitoring system. We have attached the design and implementation.

Key Deliverables

Week of October 19 - Introduced to Colin and Andy from Klaytn technical team. Scope out the technical capabilities of the KAS system.

Week of October 26 - Provide Colin and Andy access to Quanstamp Ethereum real-time monitoring system. Klaytn team assessed the feature set.

Week of November 2nd - Quantstamp provides Klaytn team with design and layout of the intended real-time monitoring system for Klaytn blockchain. Klaytn team has requested additional features that Quantstamp team is evaluating

Week of November 9th - Quantstamp provides to Klaytn an interactive frontend including the rebranding and restyling to test.

Weeks November 16 and November 23 - Quanstamp merges front-end and back-end of Klaytn real-time monitoring service. Monitoring system undergoes testing and QA

Week of November 30 - delivery of final production environment.

Budget

No changes in budget.

@donho

oh… I think there seems to be miscommunication.

I just asked the date that you can upload the progress report after developing RT-Monitor…

In addition, items in progress reports must be written about the results performed during the period. For example, in the case of budget, you can write down the incurred expenses during the period.

cc. @Prop_Quantstamp_KH

KIR Quantstamp RT Monitoring: Final Progress Report

Summary
Quantstamp created a RT monitoring system for Klaytn. This status update is the final update in the first phase of the Quantstamp RT Monitoring Project for the Klaytn blockchain.

This document is an update to the engagement and creation of a real-time Security Monitoring Solution (RT-Monitor) to detect any abnormal transactions for the Klaytn blockchain. We customized the different types of analyses based on the needs of Klaytn and on the advice of its team. We were able to build a novel and new way to analyze Klaytn tokens and smart contracts. During this process, we created a product that monitors for overflow issues (that may occur due to malicious minting or the batch-overflow bug), mint/burn events, and contract owner changes. With the integration and use of the monitoring software, Klaytn now has enhanced security monitoring abilities. Klaytn ecosystem and users will now benefit from our experience as researchers, software engineers, and security auditors.

Quantstamp has observed the best processes and models for real-time monitoring solutions and other security measures, these methods have been implemented into the Klaytn real-time security monitoring solution.

Project Milestones and Schedule Update

Milestones:

Ramp Up: Start: October 1st. End: October 9th (Complete)

1. Ramp-up on Klaytn Infrastructure (2 days) – The RT Monitor requires a provider node, preferably supporting the standard web3 API, in order to interact with the blockchain. Documentation will be reviewed. This may require discussions with the Klaytn team. The RT monitor system relies on the KAS provided by Klaytn.
2. Investigate Klaytn Web3 compatibility (1 day) – The RT Monitor utilizes the standard web3 API to query the blockchain data provider. In order to ensure that our service will behave appropriately with the Klaytn provider (i.e., all used web3 functionality is supported), we must perform testing.

Deliverables: Technical specifications

Port: October 9th. End: October 30th_(Complete)

1. Create app infrastructure and pipeline (2 days) Create new app instance for port, configure deployment
2. Add tokens to RT Monitor port (2 days) - Quantstamp will configure the RT Monitor to monitor a set of token contracts as provided by the Klaytn team. Testing will be performed to ensure that the monitoring service behaves as expected.
3. Rebrand UI (1 week) - Customize RT Monitor branding and style/color scheme, updating links

Testing and QA: Start: November 2nd. End November 27th (Complete)

1. Test various systems of the RT monitor - alerts, notifications, detectors
   Optional extensions: Can be complete in a follow-up engagement (it will require more time / milestone adjustments)
2. Monitoring of non-token smart contracts (1 week+) – If there are Klaytn smart contracts that we wish to monitor that have functionality beyond typical token contracts, the RT Monitor can be extended to support them. For example, we have previously extended the RT Monitor to monitor oracle-based contracts, ensuring that trusted oracles behave as expected. These extensions would be smart contract specific, and would require some additional development and testing. The time-frame of these extensions would scale with the complexity of the desired extensions.

Key Deliverables Update

Week of October 19 – Complete
Introduced to Colin and Andy from Klaytn technical team. Scoped out the technical capabilities of the KAS system.

Week of October 26 – Complete
Provided Colin and Andy access to Quanstamp Ethereum real-time monitoring system. Klaytn team assessed the feature set.

Week of November 2nd – Complete
Quantstamp provided Klaytn team with design and layout of the intended real-time monitoring system for Klaytn blockchain. Klaytn team requested additional features that Quantstamp team implemented.

Week of November 9th – Complete
Quantstamp provided to Klaytn an interactive frontend including the rebranding and restyling to test the interface.

Weeks November 16 and November 23 – Complete
Quantstamp merged front-end and back-end of Klaytn real-time monitoring service. Monitoring system has undergone exhaustive testing and QA.

Week of November 30 – Complete
Delivered final production environment. The final dashboard can be found here:

Budget
List all activities where operating expenses incurred.A detailed summary can be found here.

1. a) Budget: 320,614.84 KLAY
2. b) List of Activities incurring operating expenses
   Klaytn has agreed to make payment to Quanstamp for $20,000 per engineer-week (an equivalent of $500 per hour at 40 hours per engineer week). The effort estimated in this engagement was accurate. The services rendered were delivered in a timely manner. The Quantstamp team met with Klaytn team weekly to keep updated and on time.

Quantstamp delivered the final product to the KIR team. At the completion of the project both teams discussed the final product and the additional features that were completed for Klaytn.

The table below summarized the final expenses for this engagement. You can find access to our budget here:

a. RT-Monitor Licensing Fee

of Tokens Monitored 5 10 11-25

Monthly Fee $5,000 $7,500 $10,000

Notes

1. The monthly fee is for a one-year contract. If service would like to be continued after the first year, additional volume-based pricing is available up to three years. (ex. Year 1: 0%, Year 2: 15%, Year 3 and beyond 30%)
2. The monthly fee includes near-real time support and troubleshooting for 10 hours each month.

c) Total Budget: NA

Budget	Remarks

Licensing Fee $120,000 1 Year Contract, 11 tokens monitored
Integration Service $140,000
Total $260,000 KLAY: 320,614 as 25/8/20

@Prop_Quantstamp_KH Addition KLAY funding is done (21.01.27)
Please check the funding and reply this.

Yes, we have received the fund. Thank you very much for the payment.