Introduction

We believe it is really important for the world to accelerate the development of safer DeFi — that's why we built Ante, and that's why the security of the Ante protocol is our top priority by far. Our core smart contract code is publicly verifiable, has undergone multiple audits, and we have a bug bounty for undiscovered vulnerabilities.

We believe it is critical that the Ante codebase be easy to understand, transparently written, and optimized for clarity, security, and safetyover e.g. gas optimization. In Ante v0.5, we implement a few tactics to maximize security:

1. Ante v0.5 has no proxy contracts and no upgradeable contracts. There are no owned contracts, either. Every piece of Ante v0.5 is immutable.

2. Limit the code base complexity to only support the exact minimal features required.

3. Implement common best practices around overflow, underflow, reentrancy, and more.

4. Cap the total deposits allowed per user in each Ante Pool (subject to a schedule for flexibility).

5. Audits and peer review of code.

Ante v0.5 is intended as an alpha release. Please do not use Ante without first reviewing all of the code yourself. And never deposit more than you can afford to lose in Ante or any smart contract.

Audits

Ante v0.5 contracts have been audited. Minor smart contract updates were made as a result of the audits and are incorporated into the core Ante contracts on all non-Ethereum networks Ante is deployed on.

May 2022 - Zellic (walkthrough; report)

Bug Bounty

While we have taken significant steps to minimize the risk surface area of the Ante protocol, undiscovered vulnerabilities may still exist. Ante encourages the community to audit our contracts and responsibly disclose any discovered vulnerabilities to the team so we can address it as quickly as possible.

Responsible Disclosure

Previously undiscovered vulnerabilities can be submitted (including conditions/steps to reproduce the vulnerability) through our Immunefi bug bounty program and/or to security@ante.finance for priority escalation. Ante will follow up within 48 hours to acknowledge the disclosure and discuss next steps.

Any vulnerabilities should not be disclosed publicly or to other parties until the Ante team has had a chance to triage and address the vulnerability. All testing or proof of concepts should be done on private testnets, and must not have already been exploited for damage.

We are happy to publicly credit you for your discovery (unless you prefer otherwise), and eligibility for existing bug bounty programs (e.g. Immunefi) will not (subject to our discretion) be voided by communicating with security@ante.finance.

Known Issues

The following vulnerabilities are known and not eligible for a reward:

• Challenger decay calculation is inaccurate and slightly overestimates the decay paid by challengers (overall error is < 1%/year even in the worst case scenario). Calculation is more accurate the more often updateDecay() is called

• Staker and challenger balances are slightly underestimated due to rounding issues in intermediate calculations, overall loss is small relative to total pool balance flux (< 0.1%)

• Test verification can be frontrun by challengers who stake small amounts of ether in every pool

• checkTest gas usage can be unbounded as it scales linearly with number of unique challengers

• Any exploits related to malicious actors cloning and redeploying our contracts (i.e., deploying their own version of AntePoolFactory or deploying AntePools without the use of our AntePoolFactory contract)

• Any exploits related to using malicious AnteTests to steal/lock user funds

• Any exploits already covered in audit reports for Ante

Future steps

In the future, we hope to also get a software audit and formal verification for critical pieces of v1, and maintain a non-upgradeable and minimal-governance approach to developing the Ante protocol.