Security

The audit trail

The .ether registry and registrar are a minimal adaptation of the "wei names" codebase. That base was reviewed by three independent security teams, and every line that changed on the way to .ether is public. The third contract, NameCard, is new: a stateless certificate renderer that holds no funds and controls no names. Nothing is taken on trust: read the reports, then read the diff.

AUDIT REPORT

Cantina

NameNFT + wei.domains dapp

READ REPORT ↗

AUDIT REPORT

Plainshift

NameNFT + SubdomainRegistrar

READ REPORT ↗

AUDIT REPORT

Zellic

NameNFT + SubdomainRegistrar

READ REPORT ↗

What changed from the audited base

A complete, line-by-line comparison between the audited wei-names contracts and the deployed registry and registrar. NameCard, the certificate renderer, is new code with no audited counterpart.

Audits reduce risk; they do not eliminate it. The contracts are immutable and ownerless, which means no one can patch them, for better and for worse. Never commit funds you cannot afford to lose.