Security & Trust
Last updated
Last updated
While significant steps have been taken to minimize the risk surface area of the Ante protocol, Ante v0.6 is intended as an alpha release. You should exercise appropriate caution and never deposit more than you can afford to lose into Ante or any other smart contract.
<Trust Summary coming soon!>
An admin role is involved in configuring the Ante Pool Factory settings, and has the power to whitelist supported tokens for staking/challenging pools. However, this only affects pools created in the future; existing pools are immutable once created and will operate predictably.
Ante v0.6 has no ability to recover funds sent to its smart contracts. All funds deposited into Ante Pools created by users that are settled by user-generated Ante Tests are non-custodial smart contracts.
Ante v0.6's core smart contracts are fully and all is verified.
Ante v0.6 does use a lightweight proxy pattern to make deploying pools more accessible; however, the pools themselves are non-upgradeable once deployed so their behavior won't change.
The DTS is upgradable, but is a view-only contract that never touches user assets.
Ante v0.6 contracts have been audited (report coming soon).
Ante has an active , with up to $50,000 bounty for critical vulnerabilities.
We stake Ante Tests for Ante!
Any vulnerabilities should not be disclosed publicly or to other parties until the Ante team has had a chance to triage and address the vulnerability. All testing or proof of concepts should be done on private testnets, and must not have already been exploited for damage.
The following vulnerabilities are known and not eligible for a reward:
Challenger decay slightly overestimates decay paid by challengers (overall error is <1%/year even in worst case)
Staker and challenger balances are slightly underestimated due to rounding in arithmetic. Overall loss is extremely small and never results in pool insolvency
Test verification can be frontrun by challengers who challenge the minimum amount in every pool.
Because anyone can write Ante Tests, malicious Ante Tests could steal/lock user funds
Any exploits already covered in audit reports for Ante
While we have taken significant steps to minimize the risk surface area of the Ante protocol, undiscovered vulnerabilities may still exist. Ante encourages the community to audit the core and responsibly disclose any vulnerabilities discovered to the team so we can address it as quickly as possible.
Previously undiscovered vulnerabilities can be submitted (including conditions/steps to reproduce the vulnerability) through our and/or to for priority escalation. Ante will follow up within 48 hours to acknowledge the disclosure and discuss next steps.
We are happy to publicly credit you for your discovery (unless you prefer otherwise), and eligibility for existing bug bounty programs (e.g. Immunefi) will not (subject to our discretion) be voided by communicating with .