Ante
Ante v0.6
Ante v0.6
  • Introduction to Ante
  • Why use Ante?
  • What's new in Ante v0.6?
  • FAQ
  • Security & Trust
  • Getting Started
    • How Ante works
      • Staking
      • Challenging
      • The Decentralized Trust Score
      • Decentralized Trust Tiers
      • Supported assets
    • User Guides
      • Navigating the app
      • Stake an Ante Test
      • Challenge an Ante Test
      • Withdraw funds
      • Check an Ante Test
      • Claim rewards
      • Using Antegen
  • For Developers
    • Community test repo
    • Writing Ante Tests
      • What to test?
      • Interfaces
      • Ante Test Examples
      • Writing and Testing an Ante Test
    • Integrating Ante
      • Integrate Ante using React
      • Integrate Ante using HTML
    • Deploying an Ante Test
      • Deploy an Ante Test
      • Create an Ante Pool
    • Deployed contracts
Powered by GitBook
On this page
  • Trust assumptions
  • Development practices
  • Audits
  • Bug Bounty
  • Ante Tests
  • Responsible Disclosure
  • Known issues

Security & Trust

PreviousFAQNextHow Ante works

Last updated 2 years ago

Previously undiscovered bugs can be submitted to for a guaranteed response from the team. Ante will follow up within 48 hours to acknowledge the disclosure and discuss next steps. Eligibility for existing bug bounty programs (e.g. ) will not be voided by communicating with .

While significant steps have been taken to minimize the risk surface area of the Ante protocol, Ante v0.6 is intended as an alpha release. You should exercise appropriate caution and never deposit more than you can afford to lose into Ante or any other smart contract.

<Trust Summary coming soon!>

Trust assumptions

An admin role is involved in configuring the Ante Pool Factory settings, and has the power to whitelist supported tokens for staking/challenging pools. However, this only affects pools created in the future; existing pools are immutable once created and will operate predictably.

Ante v0.6 has no ability to recover funds sent to its smart contracts. All funds deposited into Ante Pools created by users that are settled by user-generated Ante Tests are non-custodial smart contracts.

Development practices

Ante v0.6's core smart contracts are fully and all is verified.

Ante v0.6 does use a lightweight proxy pattern to make deploying pools more accessible; however, the pools themselves are non-upgradeable once deployed so their behavior won't change.

The DTS is upgradable, but is a view-only contract that never touches user assets.

Audits

Ante v0.6 contracts have been audited (report coming soon).

Bug Bounty

Ante has an active , with up to $50,000 bounty for critical vulnerabilities.

Ante Tests

We stake Ante Tests for Ante!

Responsible Disclosure

Any vulnerabilities should not be disclosed publicly or to other parties until the Ante team has had a chance to triage and address the vulnerability. All testing or proof of concepts should be done on private testnets, and must not have already been exploited for damage.

Known issues

The following vulnerabilities are known and not eligible for a reward:

  • Challenger decay slightly overestimates decay paid by challengers (overall error is <1%/year even in worst case)

  • Staker and challenger balances are slightly underestimated due to rounding in arithmetic. Overall loss is extremely small and never results in pool insolvency

  • Test verification can be frontrun by challengers who challenge the minimum amount in every pool.

  • Because anyone can write Ante Tests, malicious Ante Tests could steal/lock user funds

  • Any exploits already covered in audit reports for Ante

While we have taken significant steps to minimize the risk surface area of the Ante protocol, undiscovered vulnerabilities may still exist. Ante encourages the community to audit the core and responsibly disclose any vulnerabilities discovered to the team so we can address it as quickly as possible.

Previously undiscovered vulnerabilities can be submitted (including conditions/steps to reproduce the vulnerability) through our and/or to for priority escalation. Ante will follow up within 48 hours to acknowledge the disclosure and discuss next steps.

We are happy to publicly credit you for your discovery (unless you prefer otherwise), and eligibility for existing bug bounty programs (e.g. Immunefi) will not (subject to our discretion) be voided by communicating with .

security@ante.xyz
Immunefi
security@ante.xyz
ERC-20
open source
deployed code
bug bounty program on Immunefi
contracts
Immunefi bug bounty program
security@ante.xyz
security@ante.xyz