# Security & Trust

{% hint style="warning" %}
**Disclaimer:** Ante.xyz is in BETA. Do not stake more than you are willing to lose.
{% endhint %}

### Trust assumptions

Trust assumptions for staking claims via Ante.xyz fall into two main categories:

**Judge risk**

* Judges can be subjective and make a “wrong” decision that Ante participants don’t agree with
* Judges can also participate in an Ante — this could result in scenarios where a Judge defects due to economic reasons (coming soon: gated Antes)

**Smart contract risk**

Compared to manual escrow, using Ante.xyz substitutes 3rd-party escrow risk for smart contract risk. 

The smart contract is:

* Is immutable (non-upgradeable)
* Has no owner or admin functions
* Holds funds noncustodially
* A previous version of the smart contract was audited; current version is pending audit (soon!)

However, as always, you should exercise appropriate caution when interacting with smart contracts and never deposit more than you are willing to lose.

### Responsible disclosure

Previously undiscovered bugs can be submitted to [security@ante.org](mailto:security@ante.org?subject=Responsible%20Bug%20Disclosure) for a guaranteed response from the team. Ante will follow up within 48 hours to acknowledge the disclosure and discuss next steps. Eligibility for existing bug bounty programs (e.g. [Immunefi](https://www.immunefi.com/bounty/antefinance)) will not be voided by communicating with [security@ante.org](mailto:security@ante.org?subject=Responsible%20Bug%20Disclosure).

Any vulnerabilities should not be disclosed publicly or to other parties until the Ante team has had a chance to triage and address the vulnerability. All testing or proof of concepts should be done on private testnets, and must not have already been exploited for damage.