SATURN VC / BLOG
All posts
6 min read Saturn VC

Aetherpost: A Permanent, Safe Way to Visualize Token Websites On-Chain

Most token websites live on a domain someone pays for, on a server someone rents. Aetherpost moves that whole layer onto the chain itself — pay once, publish forever, with a renderer that is structurally incapable of executing code.

"A standing courier between worlds."

Every token on a public chain has the same problem.

The contract is permanent. The supply schedule is permanent. The owner address is permanent. But the website that explains what the token is — the prose, the diagrams, the roadmap, the tone — lives on a domain someone pays for, on a hosting provider someone rents, behind DNS that someone controls.

Let the credit card lapse and the token loses its voice. Let the domain expire and a squatter claims the brand. Let the host get a takedown and the project goes dark.

The chain remembers the token forever. The internet, by default, does not remember anything about it for longer than the next billing cycle.

We have been quietly building a fix. It is called Aetherpost, and today we are turning the lights on for the first time.

#What Aetherpost Is

Aetherpost is a permanent dispatch network for the solar system, sitting on top of a Phantasma smart contract named saturnwebsite.

You connect a Phantasma wallet. You compose a document — a project page, an essay, a manifesto, a token rationale, a piece of ASCII glyphwork. You pay 3 TAZ in postage. You sign.

From that moment on, the document is on-chain. There is no edit button. There is no admin override. There is no review queue. The dispatch is broadcast across the Aether forever — exactly as it was written, exactly when it was written.

A reader anywhere in the world opens the Aetherpost frontend, picks your dispatch from the relay, and sees the same document you signed. No server in the middle. No CMS to compromise. No DNS to lose.

The contract is the website. The chain is the host. The wallet is the publisher.

#Why This Matters For Token Projects

The original sketch for Aetherpost was selfish: we wanted a place to put the long-form story behind Saturn-launched tokens that could not be taken down.

The wider use case became obvious almost immediately.

Every serious token deserves a page that says what it is, who launched it, what the supply curve looks like, what the philosophy is, and what — if anything — is being promised. That page is normally a project's most fragile asset. A token can outlive its founders' patience for paying a hosting bill. Aetherpost is the answer to that.

A project mints a token on Phantasma. The token's contract address is permanent. The project then files a dispatch on Aetherpost describing the token — and references the dispatch ID from anywhere it likes. Telegram, X, the launchpad listing, the DEX detail page. Click the link, the Aetherpost frontend pulls the dispatch straight from the chain, and the reader sees the project's own words.

If the founders disappear, the page remains. If the domain dies, the page remains. If every centralized listing pulls the token, the page remains. The page is on the same rail as the token itself.

For the first time, a small token can have a website with the same durability guarantee as its contract.

#A Note On The Name

The on-chain contract is saturnwebsite. That identifier is permanent and unchangeable, baked into Phantasma's storage. Aetherpost is the user-facing brand that sits on top of it — the relay station, the composer, the reader, the protocol identity for everyone who is not reading raw chain calls.

You can think of Aetherpost as the post office, and saturnwebsite as the ledger of every letter ever delivered.

#Why It Is Safe

This is the part we want to be specific about.

A dispatch is, at the end of the day, untrusted user input. Anyone can write anything to the contract and pay 3 TAZ for the privilege. The frontend then takes that arbitrary content and renders it for every reader on every device.

For most webapps, that combination is where exploits live. A malicious dispatch could try to slip in a <script> tag, an <iframe> to a phishing site, an <img> that beacons a tracker, a link that leads somewhere hostile. Aetherpost makes all of those structurally impossible — not by filtering them out, but by never having the capability in the first place.

#Text-only, by construction

The safe renderer (src/lib/renderer.js) is the only path content reaches the DOM. Every text field is written via textContent, never innerHTML. There is no <a href> element. There is no <img src>. There is no <iframe>. There is no URL field in the on-chain schema at all. The renderer literally has no code path that produces a hyperlink, an embedded resource, or a script tag.

A malicious dispatch can contain the string <script>alert(1)</script>. The renderer will print that string as plain text, exactly as you see it on this page. There is no parsing step that could ever interpret it as HTML.

Unknown block types are silently dropped. Unknown fields are ignored. The renderer accepts a fixed schema and nothing else.

#Defence in depth

On top of the renderer, the frontend ships a strict Content Security Policy:

'default-src': ["'self'"]
'script-src':  ["'self'"]
'connect-src': ["'self'", phantasma RPC hosts only]
'frame-src':   ["'none'"]
'object-src':  ["'none'"]
'base-uri':    ["'self'"]

Even if a bug in the renderer ever escaped that first guarantee, the browser would refuse to load an external script, an iframe, or a plugin. The only network endpoints the dapp is allowed to talk to are the Phantasma RPC nodes. Nothing else.

#Denial-of-service resistance

A long-running on-chain protocol attracts adversarial content. A dispatch could try to ship a 10 MB code block, a list of a million items, ten thousand nested paragraphs — anything that forces the browser to freeze.

The renderer clamps everything:

  • At most 200 blocks per dispatch.
  • At most 5,000 characters per paragraph.
  • At most 10,000 characters per code block.
  • At most 100 list items per list, at most 1,000 characters per item.

Anything past the limit is sliced off. The tab stays responsive. The reader sees a clipped document — never a frozen one.

#ASCII discipline

Phantasma's ScriptBuilder cannot serialize code units above 255, so the composer filters non-ASCII characters on every keystroke before they reach the chain. This prevents an entire class of failed-transaction footguns where an emoji or a smart-quote silently kills the submit. It also keeps dispatches portable across every renderer that might ever read this contract — not just ours.

#No author-on-author footguns

The chain rejects Token.transfer(X, X). So before the composer ever asks the wallet to sign, it checks that the submitting wallet is not also the fee recipient. The user sees the error in the UI instead of as a failed signed transaction.

The pattern across all of these is the same: make the unsafe thing impossible, not just unlikely. If a feature could be abused, the feature is removed entirely instead of being filtered.

That is the only honest way to ship something with no edit button.

#What You Can Use It For Today

The first set of obvious uses, in roughly the order we expect to see them:

  • Token explainers. A short, permanent project page that travels with the token wherever it is listed.
  • Roadmaps and manifestos. Things you want to be on the record about.
  • Release notes for on-chain projects. A versioned, immutable log of what shipped and when.
  • Verse, prose, ASCII glyphwork. The chain has never had a permanent place for the human stuff.
  • Receipts. Pin an explanation to a transaction; reference both from a Telegram post.

We expect the surprising uses — the ones we did not think of — to be the interesting ones.

#Where We Are Now

Aetherpost is live. The contract is deployed. The composer works. The relay renders.

We are starting on devnet by default so first-time users can experiment without spending real TAZ; switching to mainnet is a single click in the header. The dapp persists your choice in localStorage and rebuilds against the new RPC on the next page load. There are no env vars, no config files, no admin endpoints.

If you have ever wanted to publish something that cannot be quietly deleted later — by you, by us, by anyone — this is now a way to do that.

3 TAZ. One signature. Forever.

The chain remembers. The Aether keeps the receipts.

More soon.

Saturn VC · Lima, Peru