Comment on page
Contact the Ante team if you still have more questions!
Ante is a decentralized protocol building the Schelling Point of Computational Trust.
Ante allows autonomous testing of guarantees for any smart contract system on any blockchain (verifiable by anyone real-time) to enable more advanced and secure composition of DeFi primitives and integrations with existing financial services.
The Ante (Autonomous Native Testing Environment) name comes from a few origins.
First, in poker, an ante is "table stakes" to participate in the next hand.
For protocol developers, we believe that getting an Ante Test written for their project and staking the corresponding
AntePoolcan become "table stakes" as a responsible development practice to show users they have confidence in their own code.
Second, the decentralized trust score generated by Ante is in some ways like an ex-ante decentralized guess of a project's smart contract invariants failing. The higher the trust score, the less likely the community thinks an invariant will break.
We believe for DeFi to reach its potential, information about critical risks should be made explicit. And the more tools to separate out well-intentioned teams from obvious scammers, the better.
Ante allows for DeFi developer teams and general users to write, stake, and challenge Ante Tests:
- 1.DeFi protocol teams can write Ante Tests that verify certain custom invariants (such as debt<collateral in a lending protocol) always holds true.
- 2.DeFi protocol teams and Ante users can stake capital behind Ante Tests if they believe that the Ante Tests are properly written and the underlying invariants will always hold.
- 3.Ante users can also lock capital to challenge Ante Tests that they believe are flawed or that verify DeFi protocols with vulnerable smart contract code.
- 4.Challenger capital is subject to continuous decay, claimable by the staking side.
- 5.A challenger can verify an Ante Test at any time, paying native out-of-pocket gas costs needed.
- If an Ante Test succeeds (i.e. the underlying invariant holds), the Ante Pool remains as is.
- If an Ante Test fails (i.e. the underlying invariant fails), the stakers' funds are claimable by the challenger and the challenger who verified.
Ante currently does not have a governance token. The team is developing a plan to foster robust community participation and achieve decentralization. Our long-term vision for Ante is for participants to write Ante tests, submit governance proposals, and take over running the protocol.
- 1.The protocol team may stake its own Ante Tests to demonstrate confidence in its code and alignment of incentives with its user community. Staking its own Ante tests is a strong signal that the team is serious about their project and willing to put skin in the game.
- 2.Protocol investors or supporters may stake Ante tests as a demonstration of their confidence and support in their investment or support.
- 3.DeFi users may stake Ante tests to earn yield from decay from the challenger pool. They may also want to signal their trust in a protocol to boost the project's reputation in the community.
- 1.A skilled developer or security expert may identify a flaw in the protocol smart contract or Ante test and challenge to receive a portion of the
- 2.General DeFi users may challenge
AnteTestswith large staked
AntePoolsbecause they believe the return profile is favorable, or they are skeptical of a sketchy project's invariants, or they have a lot of exposure to the underlying protocol and want automatic compensation if a catastrophic invariant failure occurs.
- 3.The DeFi community may learn of news relating to a protocol that undermines trust in the protocol's code. Ante allows rapidly developing information to be transparently reflected in real time.
- 1.For any challenger, it could make sense to verify an Ante Test if they believe the invariant is currently failing or they have discovered a combination of actions to make the invariant fail. (If they are correct in calling verify when the Ante Test is in a failure state, then all challengers receive a slice of staker funds.)
- 2.Furthermore, by verifying the Ante Test does or does not hold, the challenger is helping increase peace of mind around the entire ecosystem secured by Ante. The power of decentralized incentives is clear here: that any security expert in the world can hop over to Ante and keep an eye on Ante Tests and the invariants they guarantee means the DeFi ecosystem will be safer long-term.
- 3.Finally, Ante is researching the implications of an extra bounty (from staker funds) being allocated to the successful verifier, to further incentivize energy investment into monitoring and verifying Ante Tests. Collecting that bounty could be worth the effort for some!
Ante makes it easier for users of a decentralized project to trust its smart contracts.
From our conversations with developer teams, a major obstacle - especially among newly launched protocols - is establishing trustworthiness and credibility in the DeFi community. The space is incredibly frothy and it has become difficult to quickly tell which protocol teams are serious and which are looking for quick returns. Ante allows serious teams to back their own smart contracts and put skin in the game - something scammy teams may be unwilling to do. In this way, legitimate projects can use Ante as a marketing solution to stand out from the crowd.
Relatedly, investors might stake their AnteTests verifying their portfolio protocols as a way to bootstrap credibility and signal their confidence in the team.
Furthermore, protocols looking to launch quickly may not have time or resources to retain and wait for an auditor to review their code. Existing solutions (audits, insurance, bug bounties, etc.), are important ways to convey trustworthiness, but Ante provides a uniquely real-time and transparent way to gauge the level of community faith in a protocol (see our Medium on how Ante fits into the existing landscape).
We also believe that Ante can contribute substantially to the long-term potential of DeFi, and also help bridge legacy financial services and integrations securely. More specifically:
- 1.As the "stacking" of DeFi primitives (e.g. assets farmed in one protocol, locked in another, levered up in a third protocol to use as collateral in a fourth) grows more complex, the composite risk profile of those "stacked" DeFi assets also grows. Knowing exactly what the "combined catastrophic invariant failure" risk profile - deducible indirectly through Ante - helps cap or limit that risk.
- 1.Imprecisely, at scale, Ante can be viewed as a "risk layer" that can cast certain types of DeFi Smart Contract idiosyncratic risk into risks that legacy financial institutions may more readily get.
- 2.This in turn broadens the playing field for DeFi and potential energy for innovation.
- 2.Furthermore, innovative DeFi developers (and perhaps the Ante team) can build upon Ante to create more advanced composite assets (see our brief mention of Smart Assets) that are built upon programmatically managed "challenger" positions in a corresponding
AntePoolto automatically limit the financial downside in the case of a constituent component's invariant failure.
- 3.Finally, almost as a second-order effect, Ante can become a reasonable place for security experts or security-minded developers to devote marginal energy to reading and analyzing Ante Tests and the underlying protocols' code. A protocol that self-selects for using Ante is more likely to take security seriously, which in turn boosts the attractiveness of Ante as a destination for said marginal energy. This potential "virtuous loop" comes bundled with decentralized, non-custodial bounties to be claimed, and thus may even help persuade, at scale, marginal grey-hat talent to leverage their skills to increase overall DeFi ecosystem safety.
We have prepared some fun mockup AnteTests as an example of what simple tests might look like:
- The total supply of WBTC is always less than or equal to 21 million.
- The Ethereum Foundation "EthDev" digital wallet does suddenly move or sell 99% of its ETH.
- The balance of ETH in the WETH9 contract actually matches the circulating WETH.
More serious examples of Ante Tests one may want to write include:
- For lending protocols: debt < collateral (for overcollateralized protocols) by the required amount;
- For automated market-makers, that their AMM invariant holds (e.g. x*y=k);
- For protocols that mint token X after receiving Y and Z, that the balances of X correspond to Y and Z;
- Checking a particular entry&exit into a L2 solution holds;
- Checking a deposit & withdraw combination of function calls still work;
- Monitoring the balance of a multisig wallet for an anon team for rugging (dumping their own token);
- ...And many more!
This isn't all bad!
First, it means that if any of the invariants tested by Protocol A fails in Protocol B, then the Ante Test should capture that. However, it's certainly possible a dishonest team might try to use a known-to-fail Ante Test to capture well-intentioned staker funds. We feel this is like scammers creating token listings on a decentralized exchange that don't allow selling, or knowingly burn tokens when a user tries to send them.
Second, the forking team is behind and they now need to play catch-up. Protocol B's capital may be facing potential loss if its invariants aren't properly protected or if the code in Protocol B hasn't been updated as with Protocol A.
Finally, this means that at the very least -- even if we get a proliferation of endless forks -- if their corresponding Ante Tests get forked, too, we have improved baseline safety for checking protocol invariants in the DeFi ecosystem. And that's a good thing.
Ante v0.5 has no admin keys and no ability to recover funds sent to its smart contracts. All of the funds deposited into
AntePoolscreated by users that are settled by user-generated Ante Tests are non-custodial smart contracts.
Ante v0.5 also has no proxy contracts and no upgradeable contracts. There are no owned contracts, either.
We believe it is critical that the Ante codebase be easy to understand, transparently written, and optimized for clarity, security, and safety, over e.g. gas optimization.
Absolutely, yes, if you put crypto into any Ante smart contract.
- 1.For stakers: By staking in an Ante Pool, one is showing skin in the game that a particular protocol's invariant - checked by the corresponding Ante Test that's paired with the AntePool - will hold. If that invariant fails, then all staker funds staked in that Ante Pool are locked and claimable by challengers. There is no dispute mechanism or dispute procedure. The transaction is finalized in a non-custodial smart contract.
- 2.For challengers: the first block any challenger funds are used to challenge in an
AntePoolsmart contract immediately begins calculating and charging a decay fee that is claimable by stakers. This fee is irrecoverable and not disputable. The transaction is finalized in a non-custodial smart contract.
Note: do not under any circumstances send tokens or ETH directly to any Ante smart contracts. They are not designed to handle incoming funds that way. Only interact with Ante smart contracts using their intended functions.
The honest answer is we don't.
No smart contract system at launch can claim they know they are secure. In particular:
- 1.Formal verification can prove that software matches a given spec.
- 1.Formal verification can't guarantee a zero-day exploit doesn't exist.
- 2.We hope that Ante becomes a sort of "Financial Verification" for the ecosystem that is faster, cheaper, and more accessible to anyone in the world who wants to build Smart Contract Systems.
- 2.Audits can secure a version of a smart contract codebase, but many exploited projects have had audits.
- 3.Bug bounties can help discover vulnerabilities, but they can take time to play out.
In our first release, Ante v0.5, we implement a few tactics to maximize security:
- 1.Eliminate any upgrade-ability in the code base. Every piece of Ante v0.5 is immutable.
- 2.Limit the code base complexity to only support the exact minimal features required.
- 3.Implement common best practices around overflow, underflow, re-entrancy, and more.
- 4.Cap the total capital deposits allowed (subject to a schedule for flexibility).
- 5.Audits and peer review of code.
In the future, we hope to also ideally get formal verification for critical pieces of v1, and maintain a non-upgradeable and minimal-governance approach, but we know that isn't sufficient to guarantee no flaws.
Please do not use Ante without first reviewing all of the code yourself. Ante is open-source software offered as-is on a best-efforts basis. And never, ever, ever deposit in Ante, or any smart contract, more than you can afford to lose. No part of this documentation or any Ante communication is intended as financial advice.
We believe it is really important for the world to accelerate the development of safer DeFi. We simply want to build infrastructure that can help make DeFi safer.
We cannot offer any guarantee this won't happen. We hope it never happens.
Please think of Ante v0.5 as an alpha release of software at best, or a "MVP" approach to building a DeFi project. We know that isn't a satisfying answer, but please do not use Ante without reading the code.
As with any open DeFi project: anyone with any intention can use DeFi. That's part of the power, but part of the danger, just like with the Internet.
Please do not use any AntePool you haven't read carefully, and try to verify the address of the deployer.
We can imagine it's possible for scammers to:
- 1.Create "fake"
AnteTeststhat seem to check an invariant, but can be triggered to fail at any time.
- 1.We recommend carefully reading the source code of any Ante Test you use the corresponding Ante Pool for, and checking the address of the author.
- 2.Create "honeypot"
AnteTeststhat seem to perpetually be failing, but drain honest challengers of funds.
- 3.Create fake
AntePools that actually lock or steal your funds.
- 1.To avoid this, only use
AntePoolsthat have been generated by our
AntePoolFactory-- checking a generation event should verify an
We hope that the benefits to the DeFi ecosystem end up grossly outweighing the ways Ante can be abused.
As with any protocol, using Ante comes with inherent risks. This is not an exhaustive list, and you should never interact with DeFi smart contracts you don't fully understand!
Some risks of using Ante include, but are not limited to:
- 1.User Risks
- 1.You may write an incorrect or flawed Ante Test, which fails after you deploy it, resulting in a loss of your staked capital (and other stakers' capital too).
- 2.You may make mistakes or omissions when reviewing Ante Tests and deciding how to stake. You might think that a flawed Ante Test is secure, or that a secure Ante Test is flawed, and stake on the wrong side versus if you had perfect information.
- 2.Operational Security Risks
- 1.Using a personal address to write an
AnteTestor deploy an
AntePoolmay bring unwanted attention to your past on-chain activity or possibly reveal your identity.
- 2.Participating in an Ante Tests as a staker or challenger may alert others of your address and may allow malicious third parties to identify you in the real world.
- 3.Being the one to successfully verify an Ante Test as having an invariant failure may draw the ire of bad actors, and they may attempt to harass or doxx you if your address is linked to an off-chain identity or handle.
- 3.Ante Smart Contract Risks
- 1.While Ante v0.5 is audited, it may still have software bugs. Although we *have* written many off-line tests ourselves around the logic and output of Ante, we make NO GUARANTEES about the codebase.
- 2.A bug in our
AntePoolcontract could mean that all
AntePoolsare subject to unintended loss or locked funds.
- 3.A bug in our
AntePoolFactorycould mean that malicious actors could trick people into using bad contracts as part of Ante.
- 4.An exploit of our website could cause transaction requests to pop up that do not *actually* route your transactions to the Ante v0.5 Smart Contracts. Make sure to check the addresses and function signatures of any transactions with what shows up on your wallet!
- 4.General Ethereum and DeFi Risks
- 1.Malicious actors could pretend to be Ante team members to steal your assets.
- 2.Your computer or wallet may been compromised independently and only during a transaction broadcast to Ante is the exploit taken advantage of.
- 3.The ability to claim rewards (as a challenger) or withdraw (as a staker or challenger) depends on having control of your Ethereum address at the time of claiming or withdrawing. If you don't have control of your address, you will not be able to take those actions.
We need your help!
We have been talking to many established and pre-launch teams to learn how to best serve their needs. Ante's design is based heavily on feedback from the community and we will continue to modify the protocol so it is as helpful to users as possible. The information we've received has been invaluable and we are grateful to those who have helped us so far!
We are also exploring interactive community engagement initiatives that will give interested users a sneak peek into what Ante is all about. There may be games and contests that are both fun and educational.
Come find us on