FYEO performed a secure code assessment of the ANT Process for PDS

About the audit

The Arweave Name Token (ANT) contract implements a single-unit token whose entire supply is initially assigned to a designated Owner. It exposes the standard token-spec actions Transfer, Balance, Balances, Total-Supply, and Info via an action handler framework. Only the Owner may transfer the token, and doing so both reassigns the Owner and resets the balance map to a single-entry table. Clients can query the balance or all balances, retrieve token metadata (name, ticker, total supply, logo, description, keywords, and denomination), and the contract emits debit/credit notices on successful transfers. On boot, the contract can initialize or restore its state using supplied data, credits the Owner for the boot event, and notifies its ANT Registry or itself to enable off-chain state caching.

Beyond pure token functionality, the contract implements the ANT specification, which includes a permissioned controller list and a simple record registry. Controllers can be added or removed, and can set, remove, or retrieve named records (each of which carries a transaction ID, TTL, and priority). The contract also integrates with the ar.io Network: it can release a primary name back to an external IO process, reassign a name to another process, approve name-claim requests, and remove primary names, sending structured messages to designated IO processes. Throughout, state-change handlers automatically propagate updated Owner or controller lists to the ANT Registry.

The FYEO Process

When FYEO performs an assessment, we focus on the code committed at a specific time when the code base is feature complete. 

Our goal is to give our clients the following:

• A better understanding of its security posture and help them identify current and future risks in its deployed chain & contract infrastructure.

• An opinion on what security measures are in place regarding maturity, adequacy, and efficiency.

• Identify potential issues, including loss of funds scenarios, and include improvement recommendations based on the result of our assessment.

• Give the development team a better understanding of writing and maintaining more secure code. The incremental increase of security is part of the overall increased quality of the project.

Findings and Report

During the Security Code Review of the ANT process, we discovered:

• 3 findings with INFORMATIONAL severity rating.

Once the findings were identified, the PDS team was quick to address and remediate all issues. FYEO looks forward to our continued security work with PDS.