Ante
Ante v0.5
Ante v0.5
  • Welcome to Ante v0.5
  • How Ante works
  • Why use Ante?
    • How is Ante different?
    • What does Ante cost to use?
  • What's in Ante v0.5?
  • Using the Ante App
    • Navigating Ante
    • How to Stake
    • How to Challenge & Check Tests
    • The Decentralized Trust Score
      • Decentralized Trust Tiers
    • Deposit Limits
  • For Developers
    • Writing an Ante Test
      • Coming up with an invariant
      • Explaining IAnteTest.sol and AnteTest.sol
      • Ante Test Examples
      • Writing and Testing an Ante Test
      • Test an Ante Test Offline
      • Adding an Ante Test to Ante Github
      • Development FAQs
    • Integrating Ante
      • Integrate Ante using React
      • Integrate Ante using HTML
    • Deploying an Ante Test
      • Deploy an Ante Test
      • Create an Ante Pool
      • Verifying an Ante Pool
    • Contracts
  • About Ante
    • FAQs
    • Glossary
    • Security
    • Possible Future Work
    • Changelog
    • Terms of Service
Powered by GitBook
On this page
  • Introduction
  • Audits
  • Bug Bounty
  • Future steps
  1. About Ante

Security

PreviousGlossaryNextPossible Future Work

Last updated 2 years ago

Previously undiscovered bugs can be submitted to for a guaranteed response from the team. Ante will follow up within 48 hours to acknowledge the disclosure and discuss next steps. Eligibility for existing bug bounty programs (e.g. ) will not be voided by communicating with .

Introduction

We believe it is really important for the world to accelerate the development of safer DeFi — that's why we built Ante, and that's why the security of the Ante protocol is our top priority by far. Our is publicly verifiable, has undergone multiple audits, and we have a bug bounty for undiscovered vulnerabilities.

We believe it is critical that the Ante codebase be easy to understand, transparently written, and optimized for clarity, security, and safetyover e.g. gas optimization. In Ante v0.5, we implement a few tactics to maximize security:

  1. Ante v0.5 has no proxy contracts and no upgradeable contracts. There are no owned contracts, either. Every piece of Ante v0.5 is immutable.

  2. Limit the code base complexity to only support the exact minimal features required.

  3. Implement common best practices around overflow, underflow, reentrancy, and more.

  4. Cap the total deposits allowed per user in each Ante Pool (subject to a schedule for flexibility).

  5. Audits and peer review of code.

Ante v0.5 is intended as an alpha release. Please do not use Ante without first reviewing all of the code yourself. And never deposit more than you can afford to lose in Ante or any smart contract.

Audits

Ante v0.5 contracts have been audited. Minor smart contract updates were made as a result of the audits and are incorporated into the core Ante contracts on all non-Ethereum networks Ante is deployed on.

May 2022 - Zellic (; )

Bug Bounty

While we have taken significant steps to minimize the risk surface area of the Ante protocol, undiscovered vulnerabilities may still exist. Ante encourages the community to audit our and responsibly disclose any discovered vulnerabilities to the team so we can address it as quickly as possible.

Responsible Disclosure

Any vulnerabilities should not be disclosed publicly or to other parties until the Ante team has had a chance to triage and address the vulnerability. All testing or proof of concepts should be done on private testnets, and must not have already been exploited for damage.

Known Issues

The following vulnerabilities are known and not eligible for a reward:

  • Challenger decay calculation is inaccurate and slightly overestimates the decay paid by challengers (overall error is < 1%/year even in the worst case scenario). Calculation is more accurate the more often updateDecay() is called

  • Staker and challenger balances are slightly underestimated due to rounding issues in intermediate calculations, overall loss is small relative to total pool balance flux (< 0.1%)

  • Test verification can be frontrun by challengers who stake small amounts of ether in every pool

  • checkTest gas usage can be unbounded as it scales linearly with number of unique challengers

  • Any exploits related to malicious actors cloning and redeploying our contracts (i.e., deploying their own version of AntePoolFactory or deploying AntePools without the use of our AntePoolFactory contract)

  • Any exploits related to using malicious AnteTests to steal/lock user funds

  • Any exploits already covered in audit reports for Ante

Future steps

In the future, we hope to also get a software audit and formal verification for critical pieces of v1, and maintain a non-upgradeable and minimal-governance approach to developing the Ante protocol.

Previously undiscovered vulnerabilities can be submitted (including conditions/steps to reproduce the vulnerability) through our and/or to for priority escalation. Ante will follow up within 48 hours to acknowledge the disclosure and discuss next steps.

We are happy to publicly credit you for your discovery (unless you prefer otherwise), and eligibility for existing bug bounty programs (e.g. Immunefi) will not (subject to our discretion) be voided by communicating with .

security@ante.finance
Immunefi
security@ante.finance
core smart contract code
walkthrough
report
contracts
Immunefi bug bounty program
security@ante.finance
security@ante.finance